Home | 簡體中文 | 繁體中文 | 雜文 | 知乎專欄 | Github | OSChina 博客 | 雲社區 | 雲棲社區 | Facebook | Linkedin | 視頻教程 | 打賞(Donations) | About
知乎專欄多維度架構 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者”

163.9. Docker Example

163.9.1. registry

		
docker run -d -p 5000:5000 --name registry registry:latest
		
		

163.9.1.1. Auth + SSL

			
iMac:registry neo$ mkdir etc			
iMac:registry neo$ htpasswd -Bbn neo chen > etc/htpasswd

or
	
docker run --entrypoint htpasswd registry:2 -Bbn neo passw0rd > etc/htpasswd			
			
			

			
	
			
			
			
docker run -d \
  --restart=always \
  --name registry \
  -v `pwd`/etc:/usr/local/etc \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/usr/local/etc/htpasswd \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/usr/local/etc/domain.cer \
  -e REGISTRY_HTTP_TLS_KEY=/usr/local/etc/domaon.key \
  -p 443:443 \
  registry:2			
			
			

163.9.2. Example Java - Spring boot with Docker

163.9.2.1. 獲取 CentOS 7 鏡像

docker pull centos:7

		
# docker pull centos:7
7: Pulling from library/centos
343b09361036: Pull complete 
Digest: sha256:bba1de7c9d900a898e3cadbae040dfe8a633c06bc104a0df76ae24483e03c077
Status: Downloaded newer image for centos:7
		
		

基于 CentOS 7 運行一個容器

docker run -it --name mycentos docker.io/centos:7 /bin/bash

		
# docker run -it --name mycentos docker.io/centos:7 /bin/bash
		
		

運行後直接進入了容器的shell控制台預設是bash

163.9.2.2. 安裝 openjdk

		
# yum install -y java-1.8.0-openjdk

# cat >> /etc/profile.d/java.sh <<'EOF'
export JAVA_HOME=/usr/java/default
export JAVA_OPTS="-server -Xms2048m -Xmx4096m -Djava.io.tmpdir=/tmp -Djava.security.egd=file:/dev/./urandom -Dfile.encoding=UTF8 -Duser.timezone=GMT+08"
export CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib:.
export PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin:
EOF

# source /etc/profile.d/java.sh
		
		

檢查Java是否安裝成功

		
# whereis java
java: /usr/bin/java /usr/lib/java /etc/java /usr/share/java /usr/share/man/man1/java.1.gz

# java -version
openjdk version "1.8.0_131"
OpenJDK Runtime Environment (build 1.8.0_131-b11)
OpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode)
		
		

創建應用程序目錄

# mkdir -p /www/netkiller.cn/www.netkiller.cn/		
		

推出當前容器

# exit
		

163.9.2.3. Spring boot 包

複製 jar 檔案到Docker容器

		
docker cp /www/netkiller.cn/www.netkiller.cn/www.netkiller.cn-0.0.1.war mycentos:/usr/local/libexec
		
		

163.9.2.4. 啟動 Spring boot 項目

啟動容器

		
# docker start mycentos
mycentos		
		
		

進入容器

		
# docker exec -it mycentos /bin/bash
		
		

如果僅僅是測試可以手動啟動 Srping boot 項目

		
# cat >> /root/run.sh <<EOF
java -server -Xms2048m -Xmx8192m -jar /usr/local/libexec/www.netkiller.cn-0.0.1.war
EOF

chmod u+x /root/run.sh
		
		

生產環境請使用啟動腳本

				
# curl -s https://raw.githubusercontent.com/oscm/build/master/Application/Spring/service/springbootd -o /etc/init.d/springbootd
# chmod +x /etc/init.d/springbootd
		
		

編輯啟動腳本 /etc/init.d/springbootd 修改下面配置項

		
##############################################
BASEDIR="/www/netkiller.cn/api.netkiller.cn"
JAVA_HOME=/srv/java
JAVA_OPTS="-server -Xms2048m -Xmx8192m -Djava.security.egd=file:/dev/./urandom"
PACKAGE="api.netkiller.cn-0.0.2-release.jar"
CONFIG="--spring.config.location=$BASEDIR/application.properties"
USER=www
##############################################
NAME=springbootd
PROG="$JAVA_HOME/bin/java $JAVA_OPTS -jar $BASEDIR/$PACKAGE $CONFIG"
LOGFILE=/var/tmp/$NAME.log
PIDFILE=/var/tmp/$NAME.pid
ACCESS_LOG=/var/tmp/$NAME.access.log
##############################################
		
		

你也可以使用 systemd 啟動腳本,詳見《Netkiller Java 手札》

163.9.2.5. 基于 CentOS 7 製作 spring 鏡像

docker commit mycentos springboot:1

		
# docker commit mycentos springboot:1
sha256:757d92d642d1b5a7b244f6ddf89f24a8d463d154438651c83ba51a644b401782		
		
		

啟動 spring boot 容器

		
# docker run -d --name springboot -p 80:8080 springboot:1 /root/run.sh
		
		

		
-d: 以守護進程方式啟動 
--name:指定容器的名稱 
-p:映射容器8080連接埠到宿主機的80連接埠 
springboot:1 :上一步製作好的springboot鏡像,版本號為1	
		
		

啟動容器

		
# docker start springboot		
		
		

停止容器

		
# docker stop springboot		
		
		

163.9.3. Redis

http://download.redis.io/redis-stable/redis.conf

http://download.redis.io/redis-stable/sentinel.conf

163.9.3.1. Docker 命令

163.9.3.1.1. 獲取 Redis 鏡像

docker pull redis

		
# docker pull redis  
Using default tag: latest
latest: Pulling from library/redis
10a267c67f42: Pull complete 
5b690bc4eaa6: Pull complete 
4cdd94354d2a: Pull complete 
71c1f30d820f: Pull complete 
c54584150374: Pull complete 
d1f9221193a6: Pull complete 
d45bc46b48e4: Pull complete 
Digest: sha256:548a75066f3f280eb017a6ccda34c561ccf4f25459ef8e36d6ea582b6af1decf
Status: Downloaded newer image for redis:latest
		
			
163.9.3.1.2. 啟動一個 Redis 實例
				# docker run --name my-redis -d redis
				10207174e18f61290f9c869e6437fa787e459e07b076b82cedf800a8c37c515d
			

查看啟動情況

		
# docker ps 
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
10207174e18f        redis               "docker-entrypoint..."   8 minutes ago       Up 8 minutes        6379/tcp            my-redis
		
			
163.9.3.1.3. 進入 Redis
		
# docker run -it --link my-redis:redis --rm redis redis-cli -h redis -p 6379
redis:6379> set name neo
OK
redis:6379> get name
"neo"
redis:6379> exit
		
			
163.9.3.1.4. 啟動一個 Redis 實例並映射 6379 連接埠
		
# docker stop my-redis
my-redis		
		
# docker rm my-redis
my-redis

# docker run --name my-redis -d -p 6379:6379 redis
10207174e18f61290f9c869e6437fa787e459e07b076b82cedf800a8c37c515d

# docker ps -a                                    
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                    NAMES
1c4540d8617f        redis               "docker-entrypoint..."   2 seconds ago       Up 1 second         0.0.0.0:6379->6379/tcp   my-redis
		
			

檢查連接埠

		
# ss -lnt | grep 6379
LISTEN     0      128         :::6379                    :::*  
		
			
163.9.3.1.5. 維護容器

使用下面命令進入容器維護 Redis

		
# docker exec -it my-redis /bin/bash
root@1c4540d8617f:/data#

root@1c4540d8617f:/data# redis-server -v
Redis server v=3.2.9 sha=00000000:0 malloc=jemalloc-4.0.3 bits=64 build=a30533b464d1689b
		
			

163.9.3.2. Docker compose

		
version: "3.7"
services:
  redis:
    image: redis:latest
    container_name: redis
    ports:
      - "6379:6379"
    volumes:
      - redis_data:/var/lib/redis
    restart: always
    networks:
      - dev

networks:
  dev:
    driver: bridge

volumes:
  redis_data:
		
		

163.9.3.3. Docker Stack

		
version: '3.8'

services:
  redis:
    image: redis:latest
    environment:
      - TZ=Asia/Shanghai
    hostname: redis
    ports:
      - 6379:6379
    networks:
      - test
    volumes:
      - data:/var/lib/redis
    configs:
      - source: config
        target: /usr/local/etc/redis.conf
        mode: 0440
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
      resources:
        limits:
          cpus: "1"
          memory: 512M
      update_config:
        parallelism: 1
        delay: 5s
        monitor: 10s
        max_failure_ratio: 0.1
        order: start-first

configs:
  config:
    file: ./redis.conf

volumes:
  data:

networks:
   test:
     driver: overlay		
		
		

下載 配置檔案 https://redis.io/topics/config

		
iMac:redis neo$ curl -sO https://raw.githubusercontent.com/redis/redis/6.0/redis.conf
iMac:redis neo$ egrep -v "^#|^$" redis.conf 
		
		

修改配置檔案

		
bind 0.0.0.0
logfile "/var/log/redis/redis.log"
dir /var/lib/redis	
appendonly yes	
		
		

創建 Docker 網絡

		
iMac:redis neo$ docker network create \
>   --driver=overlay \
>   --subnet=172.12.0.0/16 \
>   --ip-range=172.12.0.0/16 \
>   --gateway=172.12.0.1 \
>   --attachable \
>   test
gvcz5y66ovrlqfaxb02zx026t

iMac:redis neo$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
786efe30f42d        bridge              bridge              local
51e2b21d7daa        docker_gwbridge     bridge              local
96ba0de26cd2        host                host                local
7r7k9robn0uu        ingress             overlay             swarm
cbf078a5f121        none                null                local
d851mrlkludv        redis_default       overlay             swarm
q0h9awx86ef4        registry_default    overlay             swarm
cf585ea9ceb4        registry_default    bridge              local
gvcz5y66ovrl        test                overlay             swarm
		
iMac:redis neo$ docker stack deploy -c redis.yml redis
Creating network redis_default
Creating service redis_redis		
		
		

查看服務

		
iMac:redis neo$ docker service ls
ID                  NAME                MODE                REPLICAS            IMAGE               PORTS
1ti2ndlpdhm8        redis_redis         replicated          0/1                 redis:latest        *:6379->6379/tcp
1w6xjrl0sn88        registry_registry   replicated          1/1                 registry:latest     *:5000->5000/tcp		
		
		

查看容器運行狀態

		
iMac:redis neo$ docker container ls
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
8407fd8fe66b        redis:latest        "docker-entrypoint.s…"   29 seconds ago      Up 29 seconds       6379/tcp            redis_redis.1.6fpqt3pdti03j9swn3x04ob9n		
		
		

163.9.4. Nginx

本例子使用 alpine 版本

163.9.4.1. nginx:latest

過程 163.1. 

  1. [root@iZj6ciilv2rcpgauqg2uuwZ]~# docker pull nginx
    Using default tag: latest
    latest: Pulling from library/nginx
    Digest: sha256:41ad9967ea448d7c2b203c699b429abe1ed5af331cd92533900c6d77490e0268
    Status: Image is up to date for nginx:latest
    				
  2. 啟動容器

    docker run --name my-nginx-container -p 80:80 -d nginx
    				

    上面不能滿足生產環境的需求,通常不會將數據放在容器中,我的做法如下。

    docker rm my-nginx-container -f
    docker run --name my-nginx-container \
    	-v /srv/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
    	-v /srv/nginx/conf.d:/etc/nginx/conf.d:ro \
    	-v /var/log/nginx:/var/log/nginx:rw \
    	-v /www:/www:ro \
    	-p 80:80 -d nginx
    docker ps
    				

163.9.4.2. 安裝 Docker Nginx alpine

過程 163.2. Docker nginx

  1. 獲取鏡像

    # docker pull nginx:alpine
    				
  2. 運行容器

    				
    docker run --name my-nginx-container -v /srv/nginx:/etc/nginx:ro -v /www:/www:ro -p 80:80 -d nginx:alpine
    				
    				
  3. docker exec -it my-nginx-container /bin/bash