docker的基础用法和防火墙的放行
2024-05-14 04:56:24
docker的基础用法
文章目录
- docker的基础用法
- 一. docker介绍
- 1. docker的含义
- 2. OCI与OCF
- 2.1 OCI(Open Container-initiative)
- 2.2 OCF(Open Container Format)
- 3. docker镜像与镜像仓库
- 4. docker对象
- 4.1 镜像
- 4.2 容器
- 二. docker安装与基础
- 1. docker的安装
- 1.1 [配置docker的镜像仓库](https://mirrors.aliyun.com/docker-ce/linux/centos/)
- 1.2 安装docker
- 2. docker加速的配置
- 2.1 启动docker,生成加速器配置文件
- 2.2 [配置docker加速器](https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors)
- 三. docker常用操作
- 1. 显示整个系统的信息 docker info
- 2. 查看版本号 docker version
- 3. 在Docker Hub上搜索镜像, docker search
- 4. 列出镜像 docker images
- 5. 从注册表中提取镜像或存储库 docker pull httpd
- 6. 创建容器
- 7. 启动,重启,停止
- 8. 杀掉和移除服务
- 9. 查看日志
- 10. 在新容器运行命令
- 11. 连接到运行的容器 docker attach,退出后容器会停止
- 12. 在运行的容器中运行命令 docker exec,退出后容器不会停止
- 13.报错,重启docker
- 14. 返回Docker对象的低级信息/详细信息 docker inspect
- 四. 防火墙
- 1.放行防火墙协议
- 2. 放行端口号
- 2.1 测试
- 3. 删除防火墙
一. docker介绍
1. docker的含义
- 是管理容器的工具
2. OCI与OCF
2.1 OCI(Open Container-initiative)
- 开放容器规范:
- 运行时的规范
- 镜像的规范
2.2 OCF(Open Container Format)
- 开放容器的格式
- 容器作为runC的子进程启动,可以嵌入到其他各种系统中,而不需要运行守护进程
- runC构建在libcontainer之上,同样的容器技术支撑着数以百万计的Docker Engine安装
3. docker镜像与镜像仓库
镜像是静态的,而容器是动态的,容器有其生命周期,镜像与容器的关系类似于程序与进程的关系
容器是可以删除的,容器被删除后其镜像是不会被删除的。
4. docker对象
4.1 镜像
- 镜像是一个只读模板,带有创建docker容器的说明
- 一个镜像基于另一个镜像,并带有一些额外的定制
- 您可以创建自己的镜像,也可以只使用其他人创建并在注册表中发布的镜像。
4.2 容器
- 容器是镜像的可运行实例
- 您可以使用docker API或CLI创建、运行、停止、移动或删除容器。
- 您可以将一个容器连接到一个或多个网络,将存储附加到它,甚至根据它的当前状态创建一个新镜像。
二. docker安装与基础
1. docker的安装
1.1 配置docker的镜像仓库
[root@SYL4 ~]# cd /etc/yum.repos.d/
[root@SYL4 yum.repos.d]# ls
CentOS-Base.repo epel-testing-modular.repo epel.repo
epel-modular.repo epel-testing.repo redhat.repo
[root@SYL4 yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
1.2 安装docker
[root@SYL4 ~]# yum list all|grep docker
[root@SYL4 ~]# yum -y install docker-ce
2. docker加速的配置
- docker cn
- 中国科技大学加速器
- 阿里云加速器(需要通过阿里云开发者平台注册帐号,免费使用个人私有的加速器)
2.1 启动docker,生成加速器配置文件
[root@SYL4 ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@SYL4 ~]# systemctl status docker
● docker.service - Docker Application Container EngineLoaded: loaded (/usr/lib/systemd/system/docker.service; en>Active: active (running) since Sun 2022-04-24 15:57:13 CST>Docs: https://docs.docker.comMain PID: 198086 (dockerd)Tasks: 9Memory: 29.0MCGroup: /system.slice/docker.service└─198086 /usr/bin/dockerd -H fd:// --containerd=/r>[root@SYL4 ~]# ls /etc/docker/
key.json
[root@SYL4 ~]#
2.2 配置docker加速器
[root@SYL4 ~]# cd /etc/docker/
[root@SYL4 docker]# ls
key.json
[root@SYL4 docker]# vim daemon.json
[root@SYL4 docker]# cat daemon.json
{"registry-mirrors": ["https://szudx43q.mirror.aliyuncs.com"]
}
[root@SYL4 docker]# systemctl daemon-reload
[root@SYL4 docker]# systemctl restart docker
[root@SYL4 docker]# 三. docker常用操作
docker info 显示整个系统的信息
docker version 查看版本号
docker search 在Docker Hub上搜索镜像
docker pull 从注册表中提取镜像或存储库
docker images 镜像列表
docker create 创建一个新容器
docker start 启动容器
docker run 在新容器中运行命令
docker attach 连接到运行的容器
docker ps 列出本地容器
docker logs 获取容器日志
docker restart 重启容器
docker stop 停止一个或多个运行中的容器/正常退出
docker kill 杀死一个或多个运行中的容器
docker rm 移除一个或多个容器
docker exec 在运行的容器中运行命令
docker inspect 返回Docker对象的低级信息/详细信息
1. 显示整个系统的信息 docker info
[root@SYL4 ~]# docker info
Client:
Context: default //调试模式Debug Mode: false//插件Plugins:app: Docker App (Docker Inc., v0.9.1-beta3)buildx: Docker Buildx (Docker Inc., v0.8.1-docker)scan: Docker Scan (Docker Inc., v0.17.0)Server:Containers: 0//容器Running: 0//运行Paused: 0//暂停Stopped: 0//停止Images: 0//镜像Server Version: 20.10.14Storage Driver: overlay2//存储驱动Backing Filesystem: xfsSupports d_type: trueNative Overlay Diff: trueuserxattr: falseLogging Driver: json-fileCgroup Driver: cgroupfsCgroup Version: 1Plugins:Volume: localNetwork: bridge host ipvlan macvlan null overlayLog: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslogSwarm: inactiveRuntimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runcDefault Runtime: runcInit Binary: docker-initcontainerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8runc version: v1.0.3-0-gf46b6bainit version: de40ad0Security Options:seccompProfile: defaultKernel Version: 4.18.0-348.el8.x86_64Operating System: Red Hat Enterprise Linux 8.5 (Ootpa)OSType: linuxArchitecture: x86_64CPUs: 4Total Memory: 1.748GiBName: SYL4ID: VHGE:CXZW:RYB7:GKM2:X5V6:F5ZP:6EGP:EBEK:JCZY:5XIK:CXNF:TKOGDocker Root Dir: /var/lib/dockerDebug Mode: falseRegistry: https://index.docker.io/v1/Labels:Experimental: falseInsecure Registries:127.0.0.0/8Registry Mirrors:https://szudx43q.mirror.aliyuncs.com/Live Restore Enabled: false[root@SYL4 ~]#
2. 查看版本号 docker version
[root@SYL4 ~]# docker version
Client: Docker Engine - CommunityVersion: 20.10.14API version: 1.41Go version: go1.16.15Git commit: a224086Built: Thu Mar 24 01:47:44 2022OS/Arch: linux/amd64Context: defaultExperimental: trueServer: Docker Engine - CommunityEngine:Version: 20.10.14API version: 1.41 (minimum version 1.12)Go version: go1.16.15Git commit: 87a90dcBuilt: Thu Mar 24 01:46:10 2022OS/Arch: linux/amd64Experimental: falsecontainerd:Version: 1.5.11GitCommit: 3df54a852345ae127d1fa3092b95168e4a88e2f8runc:Version: 1.0.3GitCommit: v1.0.3-0-gf46b6badocker-init:Version: 0.19.0GitCommit: de40ad0
[root@SYL4 ~]#
3. 在Docker Hub上搜索镜像, docker search
[root@SYL4 ~]# docker search httpd
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
httpd The Apache HTTP Server Project 3975 [OK]
centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui… 44
centos/httpd 35 [OK]
hypoport/httpd-cgi httpd-cgi 2 [OK]
solsson/httpd-openidc mod_auth_openidc on official httpd image, ve… 2 [OK]
manageiq/httpd Container with httpd, built on CentOS for Ma… 1 [OK]
lead4good/httpd-fpm httpd server which connects via fcgi proxy h… 1 [OK]
dockerpinata/httpd 1
publici/httpd httpd:latest 1 [OK]
dariko/httpd-rproxy-ldap Apache httpd reverse proxy with LDAP authent… 1 [OK]
inanimate/httpd-ssl A play container with httpd, ssl enabled, an… 1 [OK]
centos/httpd-24-centos8 1
clearlinux/httpd httpd HyperText Transfer Protocol (HTTP) ser… 1
manageiq/httpd_configmap_generator Httpd Configmap Generator 0 [OK]
manasip/httpd 0
e2eteam/httpd 0
paketobuildpacks/httpd 0
httpdocker/kubia 0
sandeep1988/httpd-new httpd-new 0
httpdocker/kubia-unhealthy 0
amd64/httpd The Apache HTTP Server Project 0
patrickha/httpd-err 0
httpdss/archerysec ArcherySec repository 0 [OK]
19022021/httpd-connection_test This httpd image will test the connectivity … 0
itsziget/httpd24 Extended HTTPD Docker image based on the off… 0 [OK]
[root@SYL4 ~]#
4. 列出镜像 docker images
[root@SYL4 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
5. 从注册表中提取镜像或存储库 docker pull httpd
[root@SYL4 ~]# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
a2abf6c4d29d: Pull complete
dcc4698797c8: Pull complete
41c22baa66ec: Pull complete
67283bbdd4a0: Pull complete
d982c879c57e: Pull complete
Digest: sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
[root@SYL4 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest dabbfbe0c57b 4 months ago 144MB
[root@SYL4 ~]#
[root@SYL4 ~]# docker pull httpd:2.4.53
2.4.53: Pulling from library/httpd
1fe172e4850f: Already exists
e2fa1fe9b1ec: Already exists
60dd7398e74e: Already exists
ea2ca81c6d4c: Already exists
f646c69a26ec: Already exists
Digest: sha256:e02a2ef36151905c790efb0a8472f690010150f062639bd8c0760e7b1e884c07
Status: Downloaded newer image for httpd:2.4.53
docker.io/library/httpd:2.4.53
[root@SYL4 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd 2.4.53 c30a46771695 4 days ago 144MB
httpd latest dabbfbe0c57b 4 months ago 144MB
[root@SYL4 ~]#
6. 创建容器
docker create --name+名字 -p容器端口映射真机 +服务
docker ps 列出本地容器 -a列出未启动容器
[root@SYL4 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd 2.4.53 c30a46771695 4 days ago 144MB
httpd latest dabbfbe0c57b 4 months ago 144MB
[root@SYL4 ~]# docker create --name web -p 80:80 httpd:2.4.53
0146899d0c7aec70c6b61c6e3fd60a85c8094d9b1d15d30a59fe36d9ab017223
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0146899d0c7a httpd:2.4.53 "httpd-foreground" 26 seconds ago Created web
[root@SYL4 ~]#
7. 启动,重启,停止
启动
[root@SYL4 ~]# docker start web
web
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0146899d0c7a httpd:2.4.53 "httpd-foreground" 5 minutes ago Up 22 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
[root@SYL4 ~]# systemctl disable --now firewalld
[root@SYL4 ~]# setenforce 0
[root@SYL4 ~]# vi /etc/selinux/config 停止
[root@SYL4 ~]# docker stop web
web
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES重启
[root@SYL4 ~]# docker restart web
web
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0146899d0c7a httpd:2.4.53 "httpd-foreground" 11 minutes ago Up 5 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
8. 杀掉和移除服务
[root@SYL4 ~]# docker rm -f web//删除容器
web
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@SYL4 ~]#
[root@SYL4 ~]# docker kill web
web
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
716728e19427 httpd "httpd-foreground" 6 minutes ago Exited (137) 8 seconds ago web
[root@SYL4 ~]#
9. 查看日志
[root@SYL4 ~]# docker logs web
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 24 10:26:21.809014 2022] [mpm_event:notice] [pid 1:tid 139621542448448] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Apr 24 10:26:21.833449 2022] [core:notice] [pid 1:tid 139621542448448] AH00094: Command line: 'httpd -D FOREGROUND'
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 24 10:30:25.983348 2022] [mpm_event:notice] [pid 1:tid 139987630406976] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Apr 24 10:30:25.983485 2022] [core:notice] [pid 1:tid 139987630406976] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.232.1 - - [24/Apr/2022:10:33:45 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:46 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:48 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:53 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:55 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:34:11 +0000] "GET /bbdb%20n HTTP/1.1" 404 196
[root@SYL4 ~]#
10. 在新容器运行命令
-it 交互模式 在新容器执行命令,退出后容器就停掉了
[root@SYL4 ~]# docker run -it --name mu busybox /bin/sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
5cc84ad355aa: Pull complete
Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
Status: Downloaded newer image for busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ffinet 172.17.0.3/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever
/ #
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1dd0826017e httpd "httpd-foreground" 6 minutes ago Up 6 minutes 80/tcp shuang
6252bbff7a3c busybox "/bin/sh" 21 hours ago Exited (255) 3 hours ago mu
716728e19427 httpd "httpd-foreground" 21 hours ago Exited (255) 3 hours ago 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]# -d 在后台运行,不指定端口号只能在虚拟机上访问
[root@SYL4 ~]# docker run -d --name shuang httpd
b1dd0826017eec7727e0b7c7fd20442ab952318fad1aba82e84ba55b1a747894[root@SYL4 ~]# docker inspect shuang"Gateway": "172.17.0.1","IPAddress": "172.17.0.2","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:02","DriverOpts": null}}}}
]
[root@SYL4 ~]# curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
[root@SYL4 ~]#
11. 连接到运行的容器 docker attach,退出后容器会停止
[root@SYL4 ~]# docker start mu
mu
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6252bbff7a3c busybox "/bin/sh" 7 minutes ago Up 6 seconds mu
716728e19427 httpd "httpd-foreground" 26 minutes ago Up 16 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]# docker attach mu
/ # exit
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6252bbff7a3c busybox "/bin/sh" 7 minutes ago Exited (0) 4 seconds ago mu
716728e19427 httpd "httpd-foreground" 26 minutes ago Up 17 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
12. 在运行的容器中运行命令 docker exec,退出后容器不会停止
[root@SYL4 ~]# docker start mu
mu
[root@SYL4 ~]# docker exec -it mu /bin/sh
/ # exit
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6252bbff7a3c busybox "/bin/sh" 11 minutes ago Up 16 seconds mu
716728e19427 httpd "httpd-foreground" 30 minutes ago Up 21 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6252bbff7a3c busybox "/bin/sh" 12 minutes ago Up About a minute mu
716728e19427 httpd "httpd-foreground" 31 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1dd0826017e httpd "httpd-foreground" 18 minutes ago Up 18 minutes 80/tcp shuang
6252bbff7a3c busybox "/bin/sh" 21 hours ago Up 3 minutes mu
716728e19427 httpd "httpd-foreground" 22 hours ago Exited (255) 3 hours ago 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
[root@SYL4 ~]# docker exec -it shuang /bin/bash
root@b1dd0826017e:/usr/local/apache2# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@b1dd0826017e:/usr/local/apache2# 13.报错,重启docker
docker start 716728e19427 Error response from daemon: driver failed programming external connectivity on endpoint web (4bff53ea2d5aceea29c4e0bba3e568aa380b185564d1fd05d9802ca28dcdc5d0): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name. (exit status 1)) Error: failed to start containers: 716728e19427
[root@SYL4 ~]# systemctl restart docker
14. 返回Docker对象的低级信息/详细信息 docker inspect
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6252bbff7a3c busybox "/bin/sh" 20 hours ago Exited (255) 2 hours ago mu
716728e19427 httpd "httpd-foreground" 21 hours ago Exited (255) 2 hours ago 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]# docker inspect mu
[{"Id": "6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915","Created": "2022-04-24T10:39:34.739640404Z","Path": "/bin/sh","Args": [],"State": {"Status": "exited","Running": false,"Paused": false,"Restarting": false,"OOMKilled": false,"Dead": false,"Pid": 0,"ExitCode": 255,"Error": "","StartedAt": "2022-04-24T10:51:15.817487904Z","FinishedAt": "2022-04-25T12:58:52.189528825+08:00"},"Image": "sha256:beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a","ResolvConfPath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/resolv.conf","HostnamePath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/hostname","HostsPath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/hosts","LogPath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915-json.log","Name": "/mu","RestartCount": 0,"Driver": "overlay2","Platform": "linux","MountLabel": "","ProcessLabel": "","AppArmorProfile": "","ExecIDs": null,"HostConfig": {"Binds": null,"ContainerIDFile": "","LogConfig": {"Type": "json-file","Config": {}},"NetworkMode": "default","PortBindings": {},"RestartPolicy": {"Name": "no","MaximumRetryCount": 0},"AutoRemove": false,"VolumeDriver": "","VolumesFrom": null,"CapAdd": null,"CapDrop": null,"CgroupnsMode": "host","Dns": [],"DnsOptions": [],"DnsSearch": [],"ExtraHosts": null,"GroupAdd": null,"IpcMode": "private","Cgroup": "","Links": null,"OomScoreAdj": 0,"PidMode": "","Privileged": false,"PublishAllPorts": false,"ReadonlyRootfs": false,"SecurityOpt": null,"UTSMode": "","UsernsMode": "","ShmSize": 67108864,"Runtime": "runc","ConsoleSize": [0,0],"Isolation": "","CpuShares": 0,"Memory": 0,"NanoCpus": 0,"CgroupParent": "","BlkioWeight": 0,"BlkioWeightDevice": [],"BlkioDeviceReadBps": null,"BlkioDeviceWriteBps": null,"BlkioDeviceReadIOps": null,"BlkioDeviceWriteIOps": null,"CpuPeriod": 0,"CpuQuota": 0,"CpuRealtimePeriod": 0,"CpuRealtimeRuntime": 0,"CpusetCpus": "","CpusetMems": "","Devices": [],"DeviceCgroupRules": null,"DeviceRequests": null,"KernelMemory": 0,"KernelMemoryTCP": 0,"MemoryReservation": 0,"MemorySwap": 0,"MemorySwappiness": null,"OomKillDisable": false,"PidsLimit": null,"Ulimits": null,"CpuCount": 0,"CpuPercent": 0,"IOMaximumIOps": 0,"IOMaximumBandwidth": 0,"MaskedPaths": ["/proc/asound","/proc/acpi","/proc/kcore","/proc/keys","/proc/latency_stats","/proc/timer_list","/proc/timer_stats","/proc/sched_debug","/proc/scsi","/sys/firmware"],"ReadonlyPaths": ["/proc/bus","/proc/fs","/proc/irq","/proc/sys","/proc/sysrq-trigger"]},"GraphDriver": {"Data": {"LowerDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9-init/diff:/var/lib/docker/overlay2/050cde657ef01d5bb6bc4abfc6ae566f9e51798eb177a8856af351ec996c8f6a/diff","MergedDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9/merged","UpperDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9/diff","WorkDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9/work"},"Name": "overlay2"},"Mounts": [],"Config": {"Hostname": "6252bbff7a3c","Domainname": "","User": "","AttachStdin": true,"AttachStdout": true,"AttachStderr": true,"Tty": true,"OpenStdin": true,"StdinOnce": true,"Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd": ["/bin/sh"],"Image": "busybox","Volumes": null,"WorkingDir": "","Entrypoint": null,"OnBuild": null,"Labels": {}},"NetworkSettings": {"Bridge": "","SandboxID": "131ad9ab8616ccb5f0133e6ba6303fefe2f7c0c67fdcf75e2e5ddba22a15bf64","HairpinMode": false,"LinkLocalIPv6Address": "","LinkLocalIPv6PrefixLen": 0,"Ports": {},"SandboxKey": "/var/run/docker/netns/131ad9ab8616","SecondaryIPAddresses": null,"SecondaryIPv6Addresses": null,"EndpointID": "e3e356d1a96061a7b3fa2d50a894a10817fcdc89d6d5f5cfee2f294e1f878203","Gateway": "172.17.0.1","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"IPAddress": "172.17.0.3","IPPrefixLen": 16,"IPv6Gateway": "","MacAddress": "02:42:ac:11:00:03","Networks": {"bridge": {"IPAMConfig": null,"Links": null,"Aliases": null,"NetworkID": "f4a1d5a0413a2d924f50029302e21925c9c6cd90beb7433ee387caa7206b3085","EndpointID": "e3e356d1a96061a7b3fa2d50a894a10817fcdc89d6d5f5cfee2f294e1f878203","Gateway": "172.17.0.1","IPAddress": "172.17.0.3","IPPrefixLen": 16,"IPv6Gateway": "","GlobalIPv6Address": "","GlobalIPv6PrefixLen": 0,"MacAddress": "02:42:ac:11:00:03","DriverOpts": null}}}}
]
[root@SYL4 ~]#
四. 防火墙
1.放行防火墙协议
firewall-cmdadd添加-rich-rule富规则'规则家=ipv4地址=0.0.0.0/0 服务名=http accept允许访问'permanent永久添加[root@SYL4 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 service name=http accept' --permanent
success
[root@SYL4 ~]# firewall-cmd --reload//加载
success
[root@SYL4 ~]# firewall-cmd --list-all//
public (active)target: defaulticmp-block-inversion: nointerfaces: ens160sources: services: cockpit dhcpv6-client sshports: protocols: forward: nomasquerade: noforward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="0.0.0.0/0" service name="http" accept
[root@SYL4 ~]#
2. 放行端口号
[root@SYL4 ~]# vim /etc/ssh/sshd_config
[root@SYL4 ~]# systemctl restart sshd
[root@SYL4 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:2222 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 [::]:2222 [::]:*
LISTEN 0 128 [::]:111 [::]:*
[root@SYL4 ~]#
[root@SYL4 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 port protocol=tcp port=2222 accept' --permanent
success
[root@SYL4 ~]# firewall-cmd --reload
success
[root@SYL4 ~]# firewall-cmd --list-all
public (active)target: defaulticmp-block-inversion: nointerfaces: ens160sources: services: cockpit dhcpv6-client sshports: protocols: forward: nomasquerade: noforward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="0.0.0.0/0" service name="http" acceptrule family="ipv4" source address="0.0.0.0/0" port port="2222" protocol="tcp" accept
[root@SYL4 ~]#
2.1 测试
3. 删除防火墙
[root@SYL4 ~]# firewall-cmd --remove-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 port protocol=tcp port=2222 accept' --permanent
success
[root@SYL4 ~]# firewall-cmd --reload
success
[root@SYL4 ~]# firewall-cmd --list-all
public (active)target: defaulticmp-block-inversion: nointerfaces: ens160sources: services: cockpit dhcpv6-client sshports: protocols: forward: nomasquerade: noforward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="0.0.0.0/0" service name="http" accept
[root@SYL4 ~]#
重启
[root@SYL4 ~]# vim /etc/ssh/sshd_config //改的端口号改回来
[root@SYL4 ~]# systemctl restart sshd //重启服务
连接主机...
java.net.ConnectException: Connection refused: connect
连接主机...
连接主机成功
Last login: Mon Apr 25 14:53:04 2022 from 192.168.232.1
[root@SYL4 ~]#
docker的基础用法和防火墙的放行相关推荐
- Docker应用基础
Docker应用基础 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 每日一想: 互联网有这么典型的一句话:一般来讲,懂得越少的人越有自信,而懂得越多的人他越谦虚,这是由于每个人认知 ...
- docker镜像简介和docker常用基础命令
docker镜像简介和docker常用基础命令 文章目录 docker镜像简介和docker常用基础命令 1:docker镜像概述 1.1:什么是docker镜像 1.2:docker镜像的获取方式 ...
- Docker | Docker技术基础梳理(五) - Docker网络管理
Docker | Docker技术基础梳理(五) - Docker网络管理 链接: 原文链接 原文链接: https://gitbook.cn/books/5b8f3c471966b44b00d265 ...
- docker多个容器一起打包_详解Docker 容器基础系统镜像打包
因为容器本身是共享宿主操作系统内核,所以容器基础系统镜像包本身就是一个标准的 Linux rootfs + 用户自定义的工具.根据这个思路,我们就可以构建一个自己的容器基础系统镜像. 构建标准的 Li ...
- Docker认识基础
版权声明:本文为博主chszs的原创文章,未经博主允许不得转载. https://blog.csdn.net/chszs/article/details/48212081 Docker认识基础 作者: ...
- docker 启动容器的时候没-p 后面怎么加-p_基于Docker搭建基础自动化部署
阅读本文约需要7分钟 大家好,我是你们的导师,我每天都会在这里给大家分享一些干货内容(当然了,周末也要允许老师休息一下哈).上次老师跟大家分享了下SpringBoot如何实现全链路调用 ...
- Docker镜像基础命令
Docker镜像基础命令 给root用户设置密码 Sudo -s à passwd root à su 更新apt的镜像源地址:阿里云 https://opsx.alibaba.com/mirror ...
- day 1-requests基础用法和网页基础学习总结
day 1-requests基础用法和网页基础 1. requests用法 1.认识爬虫 1)爬虫 用程序自动获取网页数据(可以让数据采集的过程变得简单又高效) 2)爬虫流程: 第一步:获取网络数据( ...
- 【Docker】基于CentOS 8:Docker使用基础
文章目录 一.Docker的组成 1.1 镜像 1.2 容器 1.3 仓库 二.Docker安装 2.1 CentOS 6 安装 2.2 CentOS 7 安装 2.4 CentOS 8 安装 2.3 ...
最新文章
- 用AI创造可持续发展社会价值,第二届腾讯Light·公益创新挑战赛正式启动
- OpenAI 开放 GPT-3 微调功能,让开发者笑开了花
- 02数据结构——算法概念
- eclipse配置mysql教程_在Eclipse连接mysql-----配置jbdc_MySQL
- 〔译〕TypeScript 2.0 正式发布
- 教你在Excel里做GA的水平百分比图的详细步骤(图文教程)-成为excel大师(1)...
- ExtJS + Gears
- Java技巧: 根据网址查询DNS/IP地址
- hdu 7111-Remove
- oracle data guard --理论知识回顾02
- 【Flink】Flink PipelineExecutor 体系
- 对字符串进行折半查找c语言,C语言:编写折半查找函数
- 中文对比英文自然语言处理NLP的区别综述
- java jvm参数获取_在java代码中获取JVM参数
- 在布局空间标注的尺寸量不对_装修公司为什么要量房?量房到底在量什么?又该注意什么?...
- 三菱PLC程序,汽车厂流水线输送控制系统
- python问卷星微信登录_为什么我还可以继续使用python自动填问卷星?
- 学位论文参考文献格式
- 网关与路由器的区别!!
- 5e检索服务器信息,5Eplay易玩网服务器出租常见问题解答(FAQ)