Docker在安装后自动提供3种网络,可以使用docker network ls
命令查看
[root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 9692fae45042 bridge bridge local cd5368439dc0 host host local c49a1db81682 none null local
Docker使用Linux桥接,在宿主机虚拟一个Docker容器网桥(docker0),Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址,称为Container-IP,同时Docker网桥是每个容器的默认网关。因为在同一宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的Container-IP直接通信。
网络模式 | 配置 | 说明 |
---|---|---|
host | –network host | 容器和宿主机共享Network namespace |
container | –network container:NAME_OR_ID | 容器和另外一个容器共享Network namespace |
none | –network none | 容器有独立的Network namespace, 但并没有对其进行任何网络设置, 如分配veth pair 和网桥连接,配置IP等 |
bridge | –network bridge | 默认模式 |
当Docker进程启动时,会在主机上创建一个名为docker0的虚拟网桥,此主机上启动的Docker容器会连接到这个虚拟网桥上。虚拟网桥的工作方式和物理交换机类似,这样主机上的所有容器就通过交换机连在了一个二层网络中。
从docker0子网中分配一个IP给容器使用,并设置docker0的IP地址为容器的默认网关。在主机上创建一对虚拟网卡veth pair设备,Docker将veth pair设备的一端放在新创建的容器中,并命名为eth0(容器的网卡),另一端放在主机中,以vethxxx这样类似的名字命名,并将这个网络设备加入到docker0网桥中。可以通过brctl show命令查看。
bridge模式是docker的默认网络模式,不写–network参数,就是bridge模式。使用docker run -p时,docker实际是在iptables做了DNAT规则,实现端口转发功能。可以使用iptables -t nat -vnL查看。
bridge模式如下图所示:
假设上图的docker2中运行了一个nginx,大家来想几个问题:
Docker网桥是宿主机虚拟出来的,并不是真实存在的网络设备,外部网络是无法寻址到的,这也意味着外部网络无法通过直接Container-IP访问到容器。如果容器希望外部访问能够访问到,可以通过映射容器端口到宿主主机(端口映射),即docker run创建容器时候通过 -p 或 -P 参数来启用,访问容器的时候就通过[宿主机IP]:[容器端口]访问容器。
这个模式指定新创建的容器和已经存在的一个容器共享一个 Network Namespace,而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的 IP,而是和一个指定的容器共享 IP、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的。两个容器的进程可以通过 lo 网卡设备通信。
container模式如下图所示:
如果启动容器的时候使用host模式,那么这个容器将不会获得一个独立的Network Namespace,而是和宿主机共用一个Network Namespace。容器将不会虚拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口。但是,容器的其他方面,如文件系统、进程列表等还是和宿主机隔离的。
使用host模式的容器可以直接使用宿主机的IP地址与外界通信,容器内部的服务端口也可以使用宿主机的端口,不需要进行NAT,host最大的优势就是网络性能比较好,但是docker host上已经使用的端口就不能再用了,网络的隔离性不好。
Host模式如下图所示:
使用none模式,Docker容器拥有自己的Network Namespace,但是,并不为Docker容器进行任何网络配置。也就是说,这个Docker容器没有网卡、IP、路由等信息。需要我们自己为Docker容器添加网卡、配置IP等。
这种网络模式下容器只有lo回环网络,没有其他网卡。none模式可以在容器创建时通过–network none来指定。这种类型的网络没有办法联网,封闭的网络能很好的保证容器的安全性。
应用场景:
none模式如下图所示:
docker network inspect bridge #查看bridge网络的详细配置
启动docker
systemctl start docker
查看镜像
[root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE luojiatian1904/nginx v2 7693d5b0f248 23 hours ago 550MB # nginx镜像已经完成
启动nginx
[root@localhost ~]# docker run -it luojiatian1904/nginx:v2 # 查看 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb…" 51 seconds ago Up 50 seconds vigilant_bardeen # 重新打开一个终端访问nginx默认页面 [root@localhost ~]# curl 172.17.0.2 …………………… <h1>Welcome to nginx!</h1> ……………………
拉取一个centos镜像
[root@localhost ~]# docker pull centos Using default tag: latest latest: Pulling from library/centos a1d0c7532777: Already exists Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177 Status: Downloaded newer image for centos:latest docker.io/library/centos:latest [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE luojiatian1904/nginx v2 7693d5b0f248 23 hours ago 550MB centos latest 5d0da3dc9764 2 months ago 231MB
做mysql镜像并使用容器模式的网络
[root@localhost ~]# docker run -it --name mysql --network container:ecac8d503b87 centos:latest /bin/bash [root@ecac8d503b87 /]# # 启动本地镜像centos 在里面安装MySQL --network container:ecac8d503b87(以nginx容器ID为共享网络)
重新打开一个终端查看
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f92580cb7790 centos:latest "/bin/bash" 54 seconds ago Up 53 seconds mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb…" 10 minutes ago Up 10 minutes vigilant_bardeen
上传MySQL包到本地上传到centos容器
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f92580cb7790 centos:latest "/bin/bash" 54 seconds ago Up 53 seconds mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb…" 10 minutes ago Up 10 minutes vigilant_bardeen [root@localhost ~]# ls /usr/src/ debug kernels mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz [root@localhost ~]# docker cp /usr/src/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz f92580cb7790:/usr/src # cp到mysql01容器ID下的/usr/src
MySQL容器下查看
[root@ecac8d503b87 /]# ls /usr/src/ debug kernels mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz # 下载 [root@ecac8d503b87 /]# yum -y install which numactl-libs ncurses-compat-libs libaio.x86_64 libaio-devel.x86_64 # 创建用户 [root@3367881fd446 src]# useradd -r -M -s /sbin/nologin mysql [root@3367881fd446 src]# id mysql uid=998(mysql) gid=996(mysql) groups=996(mysql) # 解压MySQL包 [root@ecac8d503b87 /]# tar xf /usr/src/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz -C /usr/local/ [root@ecac8d503b87 /]# cd /usr/local/ [root@ecac8d503b87 local]# ls bin games lib libexec sbin src etc include lib64 mysql-5.7.34-linux-glibc2.12-x86_64 share # 创建软连接并修改属主属组 [root@ecac8d503b87 local]# ln -sv mysql-5.7.34-linux-glibc2.12-x86_64 mysql 'mysql' -> 'mysql-5.7.34-linux-glibc2.12-x86_64' [root@ecac8d503b87 local]# chown -R mysql.mysql mysql* [root@ecac8d503b87 local]# ls -l total 0 drwxr-xr-x. 2 root root 6 Nov 3 2020 bin drwxr-xr-x. 2 root root 6 Nov 3 2020 etc drwxr-xr-x. 2 root root 6 Nov 3 2020 games drwxr-xr-x. 2 root root 6 Nov 3 2020 include drwxr-xr-x. 2 root root 6 Nov 3 2020 lib drwxr-xr-x. 3 root root 17 Sep 15 14:17 lib64 drwxr-xr-x. 2 root root 6 Nov 3 2020 libexec lrwxrwxrwx. 1 mysql mysql 35 Dec 3 12:52 mysql -> mysql-5.7.34-linux-glibc2.12-x86_64 drwxr-xr-x. 9 mysql mysql 129 Dec 3 12:52 mysql-5.7.34-linux-glibc2.12-x86_64 drwxr-xr-x. 2 root root 6 Nov 3 2020 sbin drwxr-xr-x. 5 root root 49 Sep 15 14:17 share drwxr-xr-x. 2 root root 6 Nov 3 2020 src # 添加环境变量 [root@ecac8d503b87 local]# echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh [root@ecac8d503b87 local]# bash [root@ecac8d503b87 local]# which mysql /usr/local/mysql/bin/mysql # 创建数据存放目录 [root@ecac8d503b87 local]# mkdir /opt/data [root@ecac8d503b87 local]# chown -R mysql.mysql /opt/data [root@ecac8d503b87 local]# ls -l /opt/ total 0 drwxr-xr-x. 2 mysql mysql 6 Dec 3 12:54 data # 初始哈数据库不要密码 [root@ecac8d503b87 ~]# /usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/opt/data 2021-12-03T12:56:50.792679Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2021-12-03T12:56:51.508946Z 0 [Warning] InnoDB: New log files created, LSN=45790 2021-12-03T12:56:51.734379Z 0 [Warning] InnoDB: Creating foreign key constraint system tables. 2021-12-03T12:56:51.787968Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 7c0ea73a-5438-11ec-9faf-0242ac110002. 2021-12-03T12:56:51.788823Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened. 2021-12-03T12:56:52.757884Z 0 [Warning] CA certificate ca.pem is self signed. 2021-12-03T12:56:52.878626Z 1 [Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option. # 生成配置文件 [root@ecac8d503b87 ~]# vi /etc/my.cnf [mysqld] port = 3306 datadir = /opt/data basedir = /usr/local/mysql socket = /tmp/mysql.sock pid-file = /opt/data/mysql.pid log-error = /opt/data/mysql.err skip-name-resolve # 修改文件 [root@ecac8d503b87 ~]# vi /usr/local/mysql/support-files/mysql.server …………………… basedir=/usr/local/mysql datadir=/opt/data …………………… # 启动 [root@ecac8d503b87 ~]# /usr/local/mysql/support-files/mysql.server start Starting MySQL.Logging to '/opt/data/mysql.err'. . SUCCESS! [root@ecac8d503b87 ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 80 *:3306 *:*
将MySQL提交为一个镜像
[root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f92580cb7790 centos:latest "/bin/bash" 12 minutes ago Up 12 minutes mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb…" 22 minutes ago Up 22 minutes vigilant_bardeen [root@localhost ~]# docker commit -p mysql sha256:5c07c0cdf9a29d4ca80a15d7a324ec7851540d63456fbc2f82173abd5d620847 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE <none> <none> 5c07c0cdf9a2 35 seconds ago 3.74GB luojiatian1904/nginx v2 7693d5b0f248 23 hours ago 550MB centos latest 5d0da3dc9764 2 months ago 231MB [root@localhost ~]# docker tag 5c07c0cdf9a2 luojiatian1904/mysql:v1 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE luojiatian1904/mysql v1 5c07c0cdf9a2 About a minute ago 3.74GB luojiatian1904/nginx v2 7693d5b0f248 23 hours ago 550MB centos latest 5d0da3dc9764 2 months ago 231MB
安装php
# 运行一个php容器和nginx共享网络 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f92580cb7790 centos:latest "/bin/bash" 15 minutes ago Up 15 minutes mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb…" 24 minutes ago Up 24 minutes vigilant_bardeen [root@localhost ~]# docker run -it --name php8 --network container:ecac8d503b87 centos:latest /bin/bash [root@ecac8d503b87 /]# # 重新打开一个终端查看正在运行的容器 [root@localhost ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 250940d3d136 centos:latest "/bin/bash" 21 seconds ago Up 20 seconds php8 f92580cb7790 centos:latest "/bin/bash" 15 minutes ago Up 15 minutes mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb…" 25 minutes ago Up 25 minutes vigilant_bardeen
回到php启动的终端
[root@ecac8d503b87 /]# yum -y install epel-release # 下载依赖包 [root@ecac8d503b87 /]# yum install sqlite-devel libzip-devel libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg-turbo libjpeg-turbo-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel gcc gcc-c++ make --allowerasing [root@ecac8d503b87 /]# yum -y install http://mirror.centos.org/centos/8/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm # 打开另一个终端上传php包到容器内 [root@localhost ~]# ls /usr/src/ debug kernels mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz php-8.0.10.tar.gz [root@localhost ~]# docker cp /usr/src/php-8.0.10.tar.gz 250940d3d136:/usr/src # 回到容器终端查看并解压 [root@ecac8d503b87 /]# cd /usr/src/ [root@ecac8d503b87 src]# ls debug kernels php-8.0.10.tar.gz [root@ecac8d503b87 src]# tar xf php-8.0.10.tar.gz -C /usr/local/ [root@ecac8d503b87 src]# cd /usr/local/ [root@ecac8d503b87 local]# ls bin etc games include lib lib64 libexec php-8.0.10 sbin share src # 编译安装 [root@3367881fd446 ]# cd php-8.0.10/ [root@ecac8d503b87 php-8.0.10]# ./configure --prefix=/usr/local/php8 \ --with-config-file-path=/etc \ --enable-fpm \ --disable-debug \ --disable-rpath \ --enable-shared \ --enable-soap \ --with-openssl \ --enable-bcmath \ --with-iconv \ --with-bz2 \ --enable-calendar \ --with-curl \ --enable-exif \ --enable-ftp \ --enable-gd \ --with-jpeg \ --with-zlib-dir \ --with-freetype \ --with-gettext \ --enable-mbstring \ --enable-pdo \ --with-mysqli=mysqlnd \ --with-pdo-mysql=mysqlnd \ --with-readline \ --enable-shmop \ --enable-simplexml \ --enable-sockets \ --with-zip \ --enable-mysqlnd-compression-support \ --with-pear \ --enable-pcntl \ --enable-posix ....... # 安装 [root@ecac8d503b87 php-8.0.10]# make && make install ...... # 添加环境变量 [root@ecac8d503b87 php-8.0.10]# echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php.sh [root@ecac8d503b87 php-8.0.10]# bash # 配置php-fpm [root@ecac8d503b87 php-8.0.10]# cp php.ini-production /etc/php.ini [root@ecac8d503b87 php-8.0.10]# cd sapi/fpm/ [root@ecac8d503b87 fpm]# ls config.m4 init.d.php-fpm.in php-fpm.8 php-fpm.service tests CREDITS LICENSE php-fpm.8.in php-fpm.service.in www.conf fpm Makefile.frag php-fpm.conf status.html www.conf.in init.d.php-fpm php-fpm php-fpm.conf.in status.html.in [root@ecac8d503b87 fpm]# cp init.d.php-fpm /etc/init.d/php-fpm [root@ecac8d503b87 fpm]# chmod +x /etc/init.d/php-fpm [root@ecac8d503b87 fpm]# cd /usr/local/php8/etc/ [root@ecac8d503b87 etc]# cp php-fpm.conf.default php-fpm.conf [root@ecac8d503b87 etc]# cd php-fpm.d/ [root@ecac8d503b87 php-fpm.d]# cp www.conf.default www.conf # 启动php [root@3367881fd446 php-fpm.d]# /usr/local/php8/sbin/php-fpm -c /usr/local/php8/etc/php-fpm.conf [root@ecac8d503b87 ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 127.0.0.1:9000 0.0.0.0:* LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 80 *:3306 *:*
配置
[root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 250940d3d136 centos:latest "/bin/bash" 26 minutes ago Up 26 minutes php8 f92580cb7790 centos:latest "/bin/bash" 41 minutes ago Up 41 minutes mysql ecac8d503b87 luojiatian1904/nginx:v2 "/usr/local/nginx/sb…" 51 minutes ago Up 51 minutes vigilant_bardeen [root@localhost ~]# docker exec -it ecac8d503b87 /bin/bash [root@ecac8d503b87 /]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 127.0.0.1:9000 0.0.0.0:* LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 80 *:3306 *:* [root@ecac8d503b87 /]# vi /usr/local/nginx/conf/nginx.conf .......... location / { root html; index index.php index.html index.htm; # 添加index.php } ......... location ~ \.php$ { root /var/www/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $Document_root$fastcgi_script_name; # 修改 include fastcgi_params; } ........ [root@ecac8d503b87 /]# mkdir -p /var/www/html [root@ecac8d503b87 /]# cat > /var/www/html/index.php <<EOF > <?php > phpinfo(); > ?> > EOF [root@ecac8d503b87 /]# cat /var/www/html/index.php <?php phpinfo(); ?> 更改php配置文件 [root@ecac8d503b87 ~]# vi /usr/local/php8/etc/php-fpm.conf ....... daemonize = yes .......