自定义镜像仓库
根据已有镜像你逆推镜像
[root@docker01 ~]# docker history --no-trunc --format "{{.CreatedBy }}" web:bird_v4 | tac
可道云-包含数据库kodbox案例
| 主机名 | IP | 服务 |
|---|---|---|
| docker-kodbox | 10.0.0.81/172.16.1.81 | 可道云网盘服务 |
环境准备
#可道云安装包
wget https://static.kodcloud.com/update/download/kodbox.1.60.zip
#创建存放kodbox目录
mkdik -p /server/docker-compose/01.kodbox/
#解压kodbox压缩包到/server/docker-compose/kodbox/
#compose需求是tar包,且kodbox解压出来没有目录,所以需要创建一个kodbox的目录存放代码文件
#创建kodbox目录 kodbox解压到指定目录kodbox 打包压缩kodbox为tar包
unzip kodbox.1.60.zip -d kodbox/
#打包压缩放到上级目录
tar zcf ../kodbox.tar.gz .
#apt源配置
[root@docker01 /server/docker-compose/04.kodbox]# cat sources.list
deb http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
# deb http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
docker-compose目录准备
[root@docker01 ~]# tree /server/docker-compose/01.kodbox/
/server/docker-compose/01.kodbox/
├── docker-compose.yml
├── Dockerfile
├── entry.sh
├── kodbox.conf
├── kodbox.tar.gz
└── sources.list
自定义ngx-php镜像
Dockerfile
FROM ubuntu:22.04
LABEL author=zmx desc="kodbox镜像-ngx-php"
ENV SRC sources.list
ENV CODE /app/code/kodbox/
ENV TZ=Asia/Shanghai
ADD ${SRC} /etc/apt/sources.list
RUN apt update \
&& DEBIAN_FRONTEND=noninteractive apt install -y tzdata \
&& ln -snf /usr/share/zoneinfo/$TZ /etc/localtime \
&& echo $TZ > /etc/timezone \
&& apt install -y nginx \
&& apt install -y php8.1-common php8.1-bcmath php8.1-cli php8.1-curl php8.1-dev php8.1-fpm php8.1-gd php8.1-mysql php8.1-mbstring php8.1-redis
RUN mkdir -p ${CODE} \
&& ln -sf /var/log/nginx/access.log /dev/stdout \
&& ln -sf /var/log/nginx/error.log /dev/stderr \
&& rm -f /etc/nginx/sites-enabled/default \
&& sed -i 's#^listen =.*#listen = 127.0.0.1:9000#g' /etc/php/8.1/fpm/pool.d/www.conf
#删除默认站点
#暴漏服务日志
ADD kodbox.conf /etc/nginx/conf.d/
ADD entry.sh /
ADD kodbox.tar.gz ${CODE}
RUN chown -R www.www ${CODE}
EXPOSE 80 443
CMD ["/entry.sh"]
docker-compose
[root@docker01 /server/docker-compose/04.kodbox]# cat docker-compose.yml
services:
kodbox_web:
image: "web:kodbox_v1"
build:
context: .
dockerfile: Dockerfile
container_name: kodbox_v1
ports:
- 80:80
restart: always
depends_on:
- kodbox_db
kodbox_db:
image: "mysql:8.0-debian"
container_name: kodbox_db_v1
restart: always
environment:
MYSQL_ROOT_PASSWORD: "1"
MYSQL_DATABASE: kodbox
MYSQL_USER: kodbox
MYSQL_PASSWORD: lidao
volumes:
- kodbox_db:/var/lib/mysql/ #数据卷挂载 容器持久化
volumes:
kodbox_db:
- 数据卷空间 挂载目录
#查看挂载目录
docker volume ls
#查看挂载内容
docker inspect 04kodbox_kodbox_db
kodbox站点配置文件
- 配置文件
[root@docker01 /server/docker-compose/04.kodbox]# cat kodbox.conf
server {
listen 80;
server_name kodbox.zmx.cn;
root /app/code/kodbox;
location / {
index index.php ;
}
location ~*\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
- nginx+php启动脚本,增加执行权限
[root@docker01 /server/docker-compose/04.kodbox]# cat entry.sh
#!/bin/bash
##############################################################
# File Name:entry.sh
# Version:V1.0
# Author:zmx
# Organization:www.zhangmianxin.xin
# Desc:
##############################################################
php-fpm8.1
nginx -g "daemon off;"
构建镜像
#当前kodbox目录下执行构建镜像命令
docker-compose build
#启动容器
docker-composer up -d
#检查镜像
docker ps -a
- 访问测试10.0.0.81:80
docker私有镜像仓库
仓库选型与概述
- 应用场景:
- docker官方的镜像无法满足我们的需求
- 企业内部也要制定很多镜像,并且伴随着许多敏感信息
- 而且这些镜像都是私有的,不想公开的镜像
环境规划
| 主机名 | 环境与IP地址 |
|---|---|
| docker01 | docker环境/10.0.0.81/172.16.1.81 |
| docker02 | registry环境/10.0.0.82/172.16.1.82 |
- hosts解析--两台服务器都需要配置hosts解析
cat /etc/hosts
10.0.0.81 docker01 docker01.zmx.cn
10.0.0.82 docker02 docker02.zmx.cn reg.zmx.cn harbor.zmx.cn
registry镜像仓库
部署registry仓库
- docker-02部署registy 接收上传镜像
- docker-01发送镜像到docker-02
[root@docker02 ~]#
#下载registry镜像仓库服务器配置
docker pull registry
#或导入镜像
docker load -i register.tar
#配置(docker服务端准许使用http) (未来所有使用私有镜像仓库的节点都要配置)
使用http,官方要求https
#配置docker文件
[root@docker01 ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["reg.zmx.cn:5000","harbor.zmx.cn"],
"registry-mirrors" : ["https://do.nark.eu.org",
"https://dc.j8.work",
"https://docker.m.daocloud.io",
"https://dockerproxy.com",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.nju.edu.cn",
"https://docker.mirrors.ustc.edu.cn",
"https://docker.registry.cyou",
"https://docker-cf.registry.cyou",
"https://dockercf.jsdelivr.fyi",
"https://docker.jsdelivr.fyi",
"https://dockertest.jsdelivr.fyi",
"https://mirror.aliyuncs.com",
"https://dockerproxy.com",
"https://mirror.baidubce.com",
"https://docker.m.daocloud.io",
"https://docker.nju.edu.cn",
"https://docker.mirrors.sjtug.sjtu.edu.cn",
"https://docker.mirrors.ustc.edu.cn",
"https://mirror.iscas.ac.cn",
"https://docker.rainbond.cc",
"https://do.nark.eu.org",
"https://docker.shootchat.top",
"https://registry.docker-cn.com"]
}
#注意点:
注意第2行结尾的逗号.
注意reg.zmxlinux.cn域名解析.hosts解析.
systemctl restart docker
#镜像仓库启动
使用启动registry(未来可以docker compose实现)
指定端口号5000:5000
映射随机数据卷 容器中的/var/lib/registry/
#命令
docker volume create registry
docker volume ls
docker run -d --name "zmx_registry" -p 5000:5000 \
-v registry:/var/lib/registry \
--restart=always registry:latest
--restart表示容器异常退出,会自动重启容器.
上传镜像到registry仓库
#docker-01上传镜像
[root@docker01 ~]#
#给镜像打上tag标签
docker tag web:kodbox_1 reg.zmx.cn:5000/zmx/web:kodbox_v1
#登录到该仓库
docker login -u -pLidao996 reg.zmx.cn:5000
#上传镜像
docker push reg.zmx.cn:5000/zmx/web:kodbox_v1
#在docker-02查看镜像
[root@docker02 ~]# curl -L http://reg.zmx.cn:5000/v2/_catalog/
{"repositories":["zmxedu/mysql"]}
#从registry下载镜像
docker pull reg.zmx.cn:5000/zmx/web:kodbox_v1
docker企业级镜像仓库-harbor仓库
harbor仓库概述
hosts配置
#hosts文件配置
cat /etc/hosts
10.0.0.81 docker01 docker01.zmx.cn
10.0.0.82 docker02 docker02.zmx.cn reg.zmx.cn harbor.zmx.cn
harbor配置
#安装harbor
harbor-offline-installer-v2.3.1.tgz
#解压到存放harbor目录
mkdir /app/tools/harbor/
[root@docker02 /app/tools/harbor/harbor]# ll
总用量 618140
drwxr-xr-x 3 root root 20 7月 17 15:36 common
-rw-r--r-- 1 root root 3361 7月 19 2021 common.sh
-rw-r--r-- 1 root root 5981 7月 17 16:05 docker-compose.yml
-rw-r--r-- 1 root root 632922189 7月 19 2021 harbor.v2.3.1.tar.gz
-rw-r--r-- 1 root root 7843 7月 20 15:37 harbor.yml
-rw-r--r-- 1 root root 7843 7月 20 15:37 harbor.yml.tmpl
-rwxr-xr-x 1 root root 2500 7月 19 2021 install.sh
-rw-r--r-- 1 root root 11347 7月 19 2021 LICENSE
-rwxr-xr-x 1 root root 1881 7月 19 2021 prepare
#修改hardor配置文件里的域名与登录密码
hostname: harbor.zmx.cn
http:
port: 80
harbor_admin_password: zhangmianxin
database:
password: root123
max_idle_conns: 100
max_open_conns: 900
data_volume: /data
trivy:
ignore_unfixed: false
skip_update: false
insecure: false
jobservice:
max_job_workers: 10
notification:
webhook_job_max_retry: 10
chart:
absolute_url: disabled
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 2.3.0
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
#禁用https相关内容
#https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
#每次修改配置都需要执行
./install/sh
-
解析IP地址到本地
10.0.0.82 harbor.zmx.cn -
浏览器访问测试:harbor.zmx.cn
仓库使用
#镜像打上标签
[root@docker01 ~]# docker tag mysql:8.0-debian harbor.zmx.cn/zmx/mysql:8.0-debian
#登录到私有镜像仓库
[root@docker01 ~]# docker login -uadmin -pLidao996 harbor.zmx.cn
#上传镜像
[root@docker01 ~]# docker push harbor.zmx.cn/zmx/mysql:8.0-debian
#拉取镜像
[root@docker01 ~]# docker pull harbor.zmx.cn/zmx/mysql:8.0-debian
harbor配置https
