1.docker-compose安装
# 方式1
#安装
curl -L https://get.daocloud.io/docker/compose/releases/download/v2.10.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
#设置权限
chmod +x /usr/local/bin/docker-compose
# 注意最新下载会有一些提示,并不能运行
# Executing docker instal1 script, conmit: 66474034547a96caa0a25be56051ff8b726alb28
# If you installed the current Docker package using this script and are using itoain to update Docker, woucan safely ionore this messa
# 查了最新版docker对 Rootless安全控制,禁止root去操作docker ,建议使用其他已经下载过的版本运行。
# 方式2
yum -y install epel-release
yum -y install python-pip
# 升级pip源
cd ~;mkdir .pip;touch .pip/pip.conf
cat >> ./.pip/pip.conf <<'EOF'
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host=mirrors.aliyun.com
EOF
#升级最新版
python -m pip install --upgrade pip==20.3.4
# 安装docker-compose
pip install docker-compose==1.26.2
2.docker-compose命令
# 1.必须进入执行.yml 的文件夹
cd /usr/local/src/
# 2.yml 的文件命名必须是docker-compose.yml
mv my.yml docker-compose.yml
# 3.启动一个docker-compose 并且后台运行
docker-compose -f docker-compose.yml up -d
# 查看配置信息
docker-compose config
# 查看所有容器
docker-compose ps
# 查看容器 对应的id
docker-compose ps -q
# 停止所有服务
docker-compose stop
# 停止并删除所有服务 比较彻底
docker-compose down
# 查看日志
docker-compose logs
# 查看进程
docker-compose top
# 查看所有镜像
docker-compose images
# 重启服务
docker-compose restart
3.docker-compose 大全
github地址
github.com/mjsong07/do…
1.说明
- data 服务做容器的数据映射,如mysql,mongodb的映射
- dist 用于部署前端的网页资源,如html,php等
- logs 存放各个容器对应的日志信息
- .env配置 关键的数据库账户和参数设置
- 不同的yml 对应不同的容器
2.使用
# 创建文件夹
mkdir docker-compose-project
# 创建环境配置, 复制下面的配置
touch .env
vi .env
# 创建需要启动的docker-compose文件, 复制下面对应需要的内容
touch docker-compose-nginx.yml
vi docker-compose-nginx.yml
# 根据不同的配置 启动对应服务
# 启动 nginx
docker-compose -f docker-compose-nginx.yml up
# 启动 nginx-node-mongo
docker-compose -f docker-compose-nginx-node-mongo.yml up
# 启动 nginx-php-mysql
docker-compose -f docker-compose-nginx-php-mysql.yml up
# 启动docker 图形管理
docker-compose -f docker-compose-portainer.yml up -d
# 启动私有仓库
docker-compose -f docker-compose-registry.yml up -d
3.环境变量.env
.env
###########################################################
###################### General Setup ######################
###########################################################
### Docker compose files ##################################
# Select which docker-compose files to include. If using docker-sync append `:docker-compose.sync.yml` at the end
COMPOSE_FILE=docker-compose.yml
# Change the separator from : to ; on Windows
COMPOSE_PATH_SEPARATOR=:
# 私有仓库 地址
COMPOSE_DOCKER_REGISTRY_URL=xxx.xxx.xxx.xxx:5000
# Define the prefix of container names. This is useful if you have multiple projects that use laradock to have separate containers per project.
COMPOSE_PROJECT_NAME=ylzs
### Paths #################################################
# Point to the path of your applications code on your host
APP_DIST_PATH_HOST=./dist
# Point to where the `APP_DIST_PATH_HOST` should be in the container
APP_DIST_PATH_CONTAINER=/var/www
# Choose storage path on your machine. For all storage systems
DATA_PATH_HOST=./data
### Drivers ################################################
# All volumes driver
VOLUMES_DRIVER=local
# All Networks driver
NETWORKS_DRIVER=bridge
### PHP Version ###########################################
# Select a PHP version of the Workspace and PHP-FPM containers (Does not apply to HHVM).
# Accepted values: 5.6 , 7.4
PHP_VERSION=7.4
### Docker Host IP ########################################
# Enter your Docker Host IP (will be appended to /etc/hosts).
DOCKER_HOST_IP=
### database #################################################
# mysql ##########################
# MYSQL_PORT=2010 # 2010 < - 3306 #未使用
# MYSQL_ROOT_USERNAME=root #默认管理员账号 是 root,#未使用
MYSQL_ROOT_PASSWORD=123456
MYSQL_DATABASE=test
MYSQL_USER=admin
MYSQL_PASSWORD=123456
# MYSQL_ROOT_PASSWORD=123456
# MYSQL_DATABASE=test
# MYSQL_USER=root
# MYSQL_PASSWORD=123456
# mongo ##########################
# MONGO_PORT=2020 # 2020 < - 27017 #未使用
MONGO_INITDB_ROOT_USERNAME=admin
MONGO_INITDB_ROOT_PASSWORD=123456
# mongo-express
MONGO_EXPRESS_CONFIG_BASICAUTH_USERNAME=admin
MONGO_EXPRESS_CONFIG_BASICAUTH_PASSWORD=123456
# redis ##########################
# REDIS_PORT=2030 # 2031 < - 6379 #未使用
REDIS_USER=admin
REDIS_PASSWORD=123456
4.启动配置
nginx
docker-compose-nginx.yml
version: '4'
networks:
front: {}
backend: {}
# project-name: ylzs
services:
# nginx ################################################
nginx:
image: nginx:alpine
container_name: nginx
volumes: # 前端静态资源
- ./dist/html:/usr/share/nginx/html
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/ssl/:/etc/nginx/ssl # 证书
- ./nginx/common/:/etc/nginx/common # 共用配置
- ./logs/nginx:/var/log/nginx
ports:
- "8081:8080"
- "8082:8082"
- "8083:8083"
- "8086:8086"
- "48081:48081"
privileged: true
restart: always
command: nginx -g 'daemon off;'
nginx-php-mysql
docker-compose-nginx-php-mysql.yml
version: '4'
services:
# nginx ################################################
nginx:
image: nginx:alpine
container_name: nginx
volumes: # 前端静态资源
- ./dist/html:/usr/share/nginx/html
- ./dist/php:/var/www #这里是映射php的文件夹
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/ssl/:/etc/nginx/ssl # 证书
- ./nginx/common/:/etc/nginx/common # 共用配置
- ./logs/nginx:/var/log/nginx
ports:
- "8081:8080"
- "8082:8082"
- "8083:8083"
- "8086:8086"
- "48081:48081"
privileged: true
restart: always
command: nginx -g 'daemon off;'
links:
- php
# php ################################################
php: # 如果要使用不同的php版本 请修改 5.6 -> 7.4 dockerfile和 volumes 都要修改
image: laradock/php-fpm:latest-5.6
container_name: php
volumes: # 前端静态资源
- ./dist/php:/var/www
# - ./php/php5.6.ini:/usr/local/etc/php/php.ini
# - ./php/php-fpm.d5.6:/usr/local/etc/php-fpm.d
# - ./logs/php-fpm:/var/log/php-fpm
ports:
- "9000:9000"
privileged: true
# mysql & phpmyadmin 2010 ################################################
mysql:
image: mysql:5.7
container_name: mysql
ports:
- "2010:3306"
volumes:
- ./mysql/conf.d:/etc/mysql/conf.d # 启动读取的配置
- ./data/mysql:/var/lib/mysql #mysql数据库数据保存地方
- ./logs/mysql:/var/log/mysql
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: ${MYSQL_DATABASE}
MYSQL_USER: ${MYSQL_USER}
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
restart: always
command: "--character-set-server=utf8 --default-authentication-plugin=mysql_native_password"
privileged: true
phpmyadmin:
image: phpmyadmin:latest
container_name: phpmyadmin
ports:
- "2011:80"
environment:
PMA_HOST: mysql # 登录页面 服务器输入mysql,用户名root 密码 123456
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
PMA_ARBITRARY: 1 #连接的服务器个数
restart: unless-stopped
depends_on:
- mysql
adminer:
image: adminer
container_name: adminer
restart: always
environment:
ADMINER_DEFAULT_SERVER: mysql # 登录页面 服务器输入mysql,用户名root 密码 123456
ports:
- 2012:8080
nginx-php-mysql2 (数据库用本地)
docker-compose-nginx-php-mysql2.yml
version: "3.8"
services:
hgdev-nginx-svc:
build: ./dockerfile/nginx-1.19.6
ports:
- "80:80"
- "443:443"
volumes:
- ${CODE_PATH}:/data/www
- ${CONFIG_PATH}/nginx/logs:/var/log/nginx
- ${CONFIG_PATH}/nginx/conf:/etc/nginx
- sharephp80:/run/php80
- sharephp74:/run/php74
networks:
app_net:
ipv4_address: 172.16.30.34
container_name: "hgdev-nginx"
hgdev-php74-fpm-svc:
build: ./dockerfile/php74-fpm
expose:
- "9000"
volumes:
- ${CODE_PATH}:/data/www
- sharephp74:/run/php74
- ./configs/php74/php/php.ini:/usr/local/etc/php/php.ini
networks:
app_net:
ipv4_address: 172.16.30.36
container_name: "hgdev-php74-fpm"
hgdev-php80-fpm-svc:
build: ./dockerfile/php80-fpm
expose:
- "9000"
volumes:
- ${CODE_PATH}:/data/www
- sharephp80:/run/php80
networks:
app_net:
ipv4_address: 172.16.30.35
container_name: "hgdev-php80-fpm"
networks:
app_net:
driver: bridge
ipam:
config:
- subnet: 172.16.30.0/16
volumes:
sharephp80:
sharephp74:
注意上面的 nginx和php 是通过设定volumes:sharephp80 和 sharephp74 进行通信,如果sharephp74:/run/php74 改用 本地地址可能会有读写问题。
.env
# 项目代码在你电脑的代码存放位置工作空间
CODE_PATH=/Users/jason.yang/Desktop/myworkspace
#配置文件存放的目录,就是当前docker-compose文件所在的目录
CONFIG_PATH=/Users/jason.yang/Desktop/dockerfolder
dockerfile文件夹
dockerfile/nginx-1.19.6/Dockerfile
FROM nginx:1.19.6
LABEL maintainer="dev@hg.com"
RUN apt-get update \
&& apt-get install -y iputils-ping \
&& apt-get install -y vim \
&& apt-get install -y procps \
&& apt-get install -y cron \
&& mkdir -p /run/php80 \
&& echo "" >>/run/php80/php80-fpm.sock \
&& chmod 777 /run/php80/php80-fpm.sock
EXPOSE 80
EXPOSE 443
#CMD ["nginx", "-v"]
dockerfile/php74-fpm/Dockerfile
FROM php:7.4.19-fpm
LABEL maintainer="dev@hg.com"
RUN apt-get update \
&& apt-get install -y iputils-ping \
&& apt-get install -y vim \
&& apt-get install -y procps \
&& apt-get install -y cron \
&& apt-get install -y libpng-dev libfreetype6-dev libjpeg62-turbo-dev \
&& apt-get install -y libzip-dev zip \
&& apt-get install -y git \
&& apt-get install -y libcurl4-openssl-dev pkg-config libssl-dev libmemcached-dev libxml2-dev \
&& apt-get install -y supervisor \
&& apt-get install -y strace \
&& docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ \
&& docker-php-ext-install -j$(nproc) gd \
&& docker-php-ext-install pdo pdo_mysql \
&& docker-php-ext-install bcmath \
&& docker-php-ext-install zip \
&& docker-php-ext-install gettext \
&& docker-php-ext-install pcntl \
&& docker-php-ext-install soap \
&& docker-php-ext-install mysqli \
&& docker-php-ext-install calendar \
&& docker-php-ext-install dom \
&& docker-php-ext-install intl \
&& pecl install yaf-3.1.4 && docker-php-ext-enable yaf \
&& pecl channel-update pecl.php.net
RUN pecl install -o -f redis \
&& rm -rf /tmp/pear \
&& docker-php-ext-enable redis
RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
#install composer
RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
&& php composer-setup.php --install-dir=/usr/local/bin --filename=composer \
&& php -r "unlink('composer-setup.php');"
RUN git clone https://github.com/xdebug/xdebug.git \
&& cd xdebug \
&& git checkout tags/3.1.6 \
&& phpize \
&& ./configure --enable-xdebug \
&& make \
&& make install
RUN echo "xdebug.remote_enable=1\n" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
"xdebug.coverage_enable=1\n" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
"xdebug.idekey=\"PHPSTORM\"\n" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
"xdebug.remote_port=9001\n" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
RUN docker-php-ext-enable xdebug
RUN pecl install mongodb-1.16.2 \
&& echo "extension=mongodb.so\n" >> /usr/local/etc/php/conf.d/ext-mongodb.ini
RUN pecl install swoole-4.6.0 \
&& echo "extension=swoole.so\n" >> /usr/local/etc/php/conf.d/ext-swoole.ini
RUN pecl install memcached \
&& echo "extension=memcached.so\n" >> /usr/local/etc/php/conf.d/ext-memcached.ini
ADD zz-docker.conf /opt
RUN mv /opt/zz-docker.conf /usr/local/etc/php-fpm.d
#设置环境变量
#ENV APOLLO_URL="http://conf.hg-test.com"
#ENV APOLLO_TOKEN="68e395d949d609d5ec2f6975a194aaf144903893"
#ENV APOLLO_ENV="DEV"
#ENV APOLLO_SERVER="http://10.128.0.13:8081/"
#ENV APOLLO_CONF_DIR="/opt/apollo-config"
#EXPOSE 9000
#CMD ["php", "-v"]
dockerfile/php80-fpm/Dockerfile
FROM php:8.0-fpm
LABEL maintainer="dev@hg.com"
RUN apt-get update \
&& apt-get install -y iputils-ping \
&& apt-get install -y vim \
&& apt-get install -y procps \
&& apt-get install -y cron \
&& apt-get install -y libpng-dev libfreetype6-dev libjpeg62-turbo-dev \
&& apt-get install -y libzip-dev zip \
&& apt-get install -y git \
&& apt-get install -y libcurl4-openssl-dev pkg-config libssl-dev \
&& apt-get install -y supervisor \
&& apt-get install -y strace \
&& docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ \
&& docker-php-ext-install -j$(nproc) gd \
&& docker-php-ext-install pdo pdo_mysql \
&& docker-php-ext-install bcmath \
&& docker-php-ext-configure zip \
&& docker-php-ext-install zip \
&& pecl channel-update pecl.php.net
RUN pecl install -o -f redis \
&& rm -rf /tmp/pear \
&& docker-php-ext-enable redis
RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
#install composer
RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
&& php composer-setup.php --install-dir=/usr/local/bin --filename=composer \
&& php -r "unlink('composer-setup.php');"
ADD zz-docker.conf /opt
RUN mv /opt/zz-docker.conf /usr/local/etc/php-fpm.d \
&& mkdir -p /run/php80 \
&& echo "" >>/run/php80/php80-fpm.sock \
&& chmod 777 /run/php80/php80-fpm.sock
#设置环境变量
#ENV APOLLO_URL="http://conf.hg-test.com"
#ENV APOLLO_TOKEN="68e395d949d609d5ec2f6975a194aaf144903893"
#ENV APOLLO_ENV="DEV"
#ENV APOLLO_SERVER="http://10.128.0.13:8081/"
#ENV APOLLO_CONF_DIR="/opt/apollo-config"
#EXPOSE 9000
#CMD ["php", "-v"]
dockerfile/php74-fpm/zz-docker.conf
[global]
daemonize = no
[www]
listen = /run/php74/php7-fpm.sock
listen.mode = 0666
dockerfile/php80-fpm/zz-docker.conf
[global]
daemonize = no
[www]
listen = /run/php80/php80-fpm.sock
;listen = 127.0.0.1:9000
listen.mode = 0666
configs文件夹
configs/nginx/conf/php74.conf
fastcgi_pass unix:/run/php74/php7-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
include fastcgi_params;
fastcgi_param ENV dev;
fastcgi_param RUNTIME dev;
configs/nginx/conf/php80.conf
fastcgi_pass unix:/run/php80/php80-fpm.sock;
# fastcgi_pass hgdev-php80-fpm:9000;
fastcgi_index index.php;
include fastcgi.conf;
include fastcgi_params;
fastcgi_param ENV dev;
fastcgi_param RUNTIME dev;
注意点
- 容器之间可以通过 上面指定容器ip访问,也可以直接使用配置里面的 container_name 访问。
- 本地数据访问 可以直接使用
'db' => [
'driver' => 'Mysqli',
'host' => 'host.docker.internal',
'dbname' => 'dbname111',
'username' => 'root',
'password' => 'xxxx',
'port' => 3306,
'charset' => 'utf8',
],
nginx-node-mongo
docker-compose-nginx-node-mongo.yml
version: '4'
services:
# nginx ################################################
nginx:
image: nginx:alpine
container_name: nginx
volumes: # 前端静态资源
- ./dist/html:/usr/share/nginx/html
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/ssl/:/etc/nginx/ssl # 证书
- ./nginx/common/:/etc/nginx/common # 共用配置
- ./logs/nginx:/var/log/nginx
ports:
- "8081:8080"
- "8082:8082"
- "8083:8083"
- "8086:8086"
- "48081:48081"
privileged: true
restart: always
command: nginx -g 'daemon off;'
# node ################################################
node:
image: node:14-alpine
container_name: node
volumes: # 前端静态资源
- ./logs/pm2:/root/.pm2/logs
ports:
- "3000:3000"
# mongo 端口2020 ################################################
mongo:
image: mongo:4.1.6 # 注意不能是最新版本 必须指定版本
container_name: mongo
ports:
- 2020:27017
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: ${MONGO_INITDB_ROOT_USERNAME}
MONGO_INITDB_ROOT_PASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
volumes:
- ./data/mongo:/data/db
- ./data/mongodb_backup:/data/mongodb_backup
# - /data/mongo:/data/configdb
privileged: true
mongo-express:
image: mongo-express
container_name: mongo-express
restart: always
ports:
- 2021:8081
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: ${MONGO_INITDB_ROOT_USERNAME}
ME_CONFIG_MONGODB_ADMINPASSWORD: ${MONGO_INITDB_ROOT_PASSWORD}
ME_CONFIG_MONGODB_URL: mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017/
ME_CONFIG_OPTIONS_EDITORTHEME: default
ME_CONFIG_BASICAUTH_USERNAME: ${MONGO_EXPRESS_CONFIG_BASICAUTH_USERNAME}
ME_CONFIG_BASICAUTH_PASSWORD: ${MONGO_EXPRESS_CONFIG_BASICAUTH_PASSWORD}
# ME_CONFIG_MONGODB_SERVER: 127.0.0.1
depends_on:
- mongo
# mongoclient:
# image: mongoclient/mongoclient
# container_name: mongoclient
# environment:
# - ROOT_URL=http://localhost
# - MONGO_URL=mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017/
# - INSTALL_MONGO=true
# volumes:
# - ./data/mongoclient:/data/db
# ports:
# - "2022:3000"
# depends_on:
# - mongo
portainer docker图形管理界面
docker-compose-portainer.yml
version: '4'
services:
# docker ui界面portainer ################################################
portainer:
image: lihaixin/portainer # 第一次启动会需要自己创建账号
container_name: portainer
restart: always
volumes: # 前端静态资源
- /var/run/docker.sock:/var/run/docker.sock #这里必须强制使用/var/run/docker.sock
ports:
- "1001:9000"
registry 私有仓库
docker-compose-registry.yml
version: '4'
services:
##docker 仓库 端口 5000 ################################################
registry:
image: registry:2
container_name: registry
restart: always
volumes:
- ./data/registry:/var/lib/registry
ports:
- "5000:5000"
registry-web:
image: hyper/docker-registry-web #
container_name: docker-registry-web
restart: always
ports:
- "5001:8080"
environment:
REGISTRY_URL: http://registry:5000/v2
REGISTRY_NAME: localhost:5000
REGISTRY_READONLY: false # 设置为false才可以支持删除
links:
- registry
depends_on:
- registry
nginx 日志分析
docker-compose-goaccess.yml
# goaccess ################################################
goaccess2: # 暂时只能一次生成 不能动态生成
image: allinurl/goaccess:latest
container_name: goaccess2
ports:
- "7890:7890"
volumes:
- ./goaccess/data:/srv/data
- ./logs/nginx:/srv/logs
- ./dist/html/report:/srv/report
privileged: true
直接docker 运行,可以实时刷
tail -f /docker-compose-project/logs/nginx/access.log | docker run -p 7890:7890 --rm -i -e LANG=$LANG allinurl/goaccess -a -o html --log-format COMBINED --real-time-html - > /docker-compose-project/dist/html/report/index.html
操作mongodb 备份 还原
# 1.必须进入执行.yml 的文件夹
cd /docker-compose-project/
# 2.先查询当前 mongo对应的 CONTAINER_ID 容器ID
docker ps
#CONTAINER ID IMAGE xxx
#3d1ccf9bf4b7 mongo-express xxxx
# 3.先查询当前 mongo对应的 CONTAINER_ID 容器ID
docker exec -it 3d1ccf9bf4b7 bash
# 4.登录mnogodb
mongo -u mongoadmin -p mongoadmin
# 导入 导出约定
宿主电脑备份地址 /docker-compose-project/data/mongodb_backup/databaseName/
容器电脑备份地址 /data/mongodb_backup/databaseName/
# 整个数据库导出
mongodump -p 27017 -u mongoadmin -p mongoadmin --authenticationDatabase admin -h 127.0.0.1 -d databaseName -o /data/mongodb_backup
# 整个数据库导入
mongorestore -p 27017 -u mongoadmin -p mongoadmin --authenticationDatabase admin -h 127.0.0.1 -d databaseName /data/mongodb_backup
# 单个集合导出
# 导出 一次只能导出一个集合
mongoexport -p 27017 -u mongoadmin -p mongoadmin --authenticationDatabase admin -d databaseName -c collectionName -o /data/mongodb_backup/collectionName.json
# 导入 一次只能导入一个集合
mongoimport -p 27017 -u mongoadmin -p mongoadmin --authenticationDatabase admin -d databaseName -c collectionName --file /data/mongodb_backup/mongodb_backup/collectionName.json
# 复制当前容器路径 到 宿主电脑
docker cp [CONTAINER ID]:/data/mongodb_backup /docker-compose-project/data/mongodb_backup/
# 复制宿主电脑路径 到 容器路径里
docker cp /docker-compose-project/data/mongodb_backup [CONTAINER ID]:/data/mongodb_backup
4.docker-compose总结
镜像更新注意
1. 可以使用重复的tag,客户端只需要每次主动执行 docker pull 192.168.0.13:5000/ylzs-nginx:7 ,运行的时候就会拿到最新的版本
2. logrotate 配置是在项目nginx文件夹的logrotate/nginx中,每次都是实时读取
3. docker-compose中的command: nginx -g 'daemon off;' 要去掉,因为镜像中已经使用命令启动
找回docker-compose.yml 启动文件路径
docker inspect 容器id
在Mounts 的 bind里面找到关键信息
/docker_workspace/sentry23
"Mounts": [
{
"Type": "bind",
"Source": "/docker_workspace/sentry23/sentry",
"Destination": "/etc/sentry",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
进入 /docker_workspace/sentry23 ,执行docker-compose down 关闭
docker registry 私有仓库配置 支持 https
1. 生成自己的正式与秘钥
mkdir mycert
cd mycert/
openssl genrsa -out "root-ca.key" 4096
openssl req -new -key "root-ca.key" -out "root-ca.csr" -sha256 -subj '/C=CN/ST=Shanxi/L=Datong/O=Your Company Name/CN=Your Company Name Docker Registry CA'
# 创建文件
vi root-ca.cnf
[root_ca]basicConstraints = critical,CA:TRUE,pathlen:1keyUsage = critical, nonRepudiation, cRLSign, keyCertSignsubjectKeyIdentifier=hash
openssl x509 -req -days 3650 -in "root-ca.csr" -signkey "root-ca.key" -sha256 -out "root-ca.crt" -extfile "root-ca.cnf" -extensions root_ca
openssl genrsa -out "docker.domain.com.key" 4096
openssl req -new -key "docker.domain.com.key" -out "site.csr" -sha256 -subj '/C=CN/ST=Shanxi/L=Datong/O=Your Company Name/CN=docker.domain.com'
# 创建文件
vi site.cnf
[server]authorityKeyIdentifier=keyid,issuerbasicConstraints = critical,CA:FALSEextendedKeyUsage=serverAuthkeyUsage = critical, digitalSignature, keyEnciphermentsubjectAltName = DNS:docker.domain.com, IP:127.0.0.1subjectKeyIdentifier=hash
openssl x509 -req -days 750 -in "site.csr" -sha256 -CA "root-ca.crt" -CAkey "root-ca.key" -CAcreateserial -out "docker.domain.com.cert" -extfile "site.cnf" -extensions server
# 最终生成
root-ca.crt # 根证书
docker.domain.com.cert # 域名证书
docker.domain.com.key # 域名key
也可以使用 acme.sh生成,需要注册在线账号
docker-compose.yml
version: '2'
networks:
front: {}
backend: {}
# project-name: ylzs
services:
##docker 仓库 端口 5000 ################################################
registry:
image: registry:2
container_name: registry
restart: always
volumes:
- ./data/docker-registry/registry:/var/lib/registry
- ./data/docker-registry/auth:/auth
- ./data/docker-registry/certs:/certs
ports:
- "5000:5000"
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/ts.ifashioncloud.cn.cert
REGISTRY_HTTP_TLS_KEY: /certs/ts.ifashioncloud.cn.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
registry-ui:
image: konradkleine/docker-registry-frontend:v2
restart: always
environment:
- ENV_DOCKER_REGISTRY_HOST=registry
- ENV_DOCKER_REGISTRY_PORT=5000
- ENV_DOCKER_REGISTRY_USE_SSL=1
- ENV_MODE_BROWSE_ONLY=false
ports:
- "5001:80"
# registry-web:
# image: hyper/docker-registry-web #
# container_name: docker-registry-web
# restart: always
# ports:
# - "5001:8080"
# environment:
# REGISTRY_URL: http://registry:5000/v2
# REGISTRY_NAME: localhost:5000
# # REGISTRY_READONLY: false # 低版本不生效
# REGISTRY_TRUST_ANY_SSL: true # 支持ssl信任
# links:
# - registry
# depends_on:
# - registry
2. 创建docker账户与测试
# 先进入工作目录
mkdir -p ./data/docker-registry/
cd ./data/docker-registry && mkdir auth certs registry
# 创建秘钥 用户名docker 密码123456
echo "user:docker passwd:123456" >htpasswd
# 注意这里只能使用2.7.0 的版本生成秘钥 2.0不行
docker run --entrypoint htpasswd registry:2.7.0 -Bbn docker 123456 > ./data/docker-registry/auth/htpasswd
# 把证书 复制到
# 上传ca到使用的服务上
/etc/docker/certs.d/
└── docker.domain.com:5000
├── docker.domain.com.cert # 域名证书
├── docker.domain.com.key # 域名key
└── ca.crt # 根证书
# 修改host域名解析
vi /etc/hosts
# 加入
127.0.0.1 docker.domain.com # 其他客户端则要改成 实际的ip
# 启动
docker-compose up -d
# 测试登录
docker login docker.domain.com:5000
# 输入用户名docker 密码123456
# 测试推送
docker tag nginx docker.domain.com:5000/nginx
docker push docker.domain.com:5000/nginx #
# 测试拉取
docker pull docker.domain.com:5000/nginx #
常见错误
下面的配置修改后都记得重启docker
systemctl restart docker.service
1. 登录失败x509: certificate relies on legacy Common Name field
## 请检查是否添加私服信任,并重启docker。
vi /etc/docker/daemon.json
{
"registry-mirrors": [ "https://docker.domain.com:5000"]
}
2. http: server gave HTTP response to HTTPS client
{
"insecure-registries": ["https://docker.domain.com:5000"]
}
3. Error response from daemon: Missing client certificate
后缀命名问题
1. crt 改成 cert,crt用的是 ca根证书
2. 注意文件夹是有端口号 docker.domain.com:5000
/etc/docker/certs.d/
└── docker.domain.com:5000
├── docker.domain.com.cert # 域名证书
├── docker.domain.com.key # 域名key
└── ca.crt # 根证书
4. x509: certificate signed by unknown authority
1. 有可能是 内网服务器无法访问外网,所以检查不到 根CA,需要想办法安装ca软件+上传ca
2. 或者添加信任
{
"insecure-registries": ["https://docker.domain.com:5000"]
}
3. 当前docker用户未登陆,执行docker login www.xxx.cn:5000 # 这里不需要输入http或https
5. Error response from daemon: Get "www.xxx.cn:5000/v2/" net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
1. 这是 docker执行pull 拉取镜像失败 ,主要是由于用户未登录或已经退出,重新登录即可。
2. 在用户登录时,如果输入输入错误的账号或密码也会有这个提示,重新输入正确的账号即可,如果确实忘记,可以复制有成功登录过的电脑,把 /root/.docker/config.json 复制到有问题的相同路径下。 # 注意:没有该路径和文件则需要自己先创建
