Docker
在 Debian 12 上安装 Docker
Docker 环境准备
系统配置修改 (按需)配置 sudoers 权限:
# 切换到root账号
su -
# 安装必要组件
apt-get install sudo curl iptables vim
# 添加 appuser 账号 sudo 权限
visudo /etc/sudoers
# 添加以下内容
appuser ALL=(ALL:ALL) ALL
# Ctrl+O 保存,然后Ctrl+X 退出
Docker 引擎部署
- 修改APT源(如果安装OS时选择的是国外的源则需要修改)
sudo cp /etc/apt/sources.list /etc/apt/sources.list.bak
sudo rm /etc/apt/sources.list
sudo cat <<EOF >/etc/apt/sources.list
deb https://mirrors.aliyun.com/debian/ bookworm main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ bookworm main non-free contrib
deb https://mirrors.aliyun.com/debian-security/ bookworm-security main
deb-src https://mirrors.aliyun.com/debian-security/ bookworm-security main
deb https://mirrors.aliyun.com/debian/ bookworm-updates main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ bookworm-updates main non-free contrib
deb https://mirrors.aliyun.com/debian/ bookworm-backports main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ bookworm-backports main non-free contrib
EOF
添加Docker源:
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
sudo echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.aliyun.com/docker-ce/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
移除已存在的 Docker 引擎:
sudo su # 获取root 权限
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
安装 Docker 引擎:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
确认Docker部署路径:
sudo df -h
# 如果/var/lib路径磁盘大小不够,使用命令建立软链接
sudo ln -s /dockerhomexxxx /var/lib/
配置Docker 网络子网和Docker Registry备用源:
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<EOF
{
"bip": "10.1.0.1/25",
"default-address-pools":
[
{"base":"10.1.0.0/24","size":25}
],
"registry-mirrors": [
"https://cr.laoyou.ip-ddns.com",
"https://a.ussh.net",
"https://hub.littlediary.cn",
"https://hub.crdz.gq",
"https://docker.kejilion.pro",
"https://registry.dockermirror.com",
"https://hub.rat.dev",
"https://atomhub.openatom.cn",
"https://docker.1ms.run",
"https://dytt.online",
"https://func.ink",
"https://lispy.org",
"https://docker.xiaogenban1993.com"
]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
启动 Docker 引擎:
sudo systemctl start docker
# 配置 Docker 引擎自启动
sudo systemctl enable docker
部署 Docker 管理 UI
下载Portainer YAML
cd /tmp
curl -L https://downloads.portainer.io/ce-lts/portainer-agent-stack.yml -o portainer-agent-stack.yml
如果无法下载,也可以手动编辑yaml后上传
version: '3.2'
services:
agent:
image: portainer/agent:lts
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:lts
command: -H tcp://tasks.agent:9001 --tlsskipverify
ports:
- "9443:9443"
- "9000:9000"
- "8000:8000"
volumes:
- portainer_data:/data
networks:
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
agent_network:
driver: overlay
attachable: true
volumes:
portainer_data:
OR
version: '3.2'
services:
agent:
image: registry.ifcloud.com/portainer/agent:2.20.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: registry.ifcloud.com/portainer/portainer-ce:2.20.1
command: -H tcp://tasks.agent:9001 --tlsskipverify
ports:
- "9000:9000"
volumes:
- portainer_data:/data
networks:
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
agent_network:
driver: overlay
attachable: true
volumes:
portainer_data:
部署 portainer stack:
sudo docker stack deploy -c /tmp/portainer-agent-stack.yml portainer
在 CentOS7 上安装 Docker
Docker 环境准备
修改防火墙配置:
firewall-cmd --add-port=2377/tcp --permanent
firewall-cmd --add-port=7946/tcp --permanent
firewall-cmd --add-port=7946/udp --permanent
firewall-cmd --add-port=4789/udp --permanent
firewall-cmd --reload
OR 禁用防火墙(不推荐)
sudo systemctl stop firewalld
sudo systemctl disable firewalld
禁用 selinux:
sudo setenforce 0
sudo cp /etc/selinux/config /etc/selinux/config.bak
sudo sed -i -e "s:SELINUX=.*:SELINUX=permissive:g" /etc/selinux/config
修改yum源为阿里云:
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
rm /etc/yum.repos.d/CentOS-Base.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum clean all && yum makecache
移除已存在的 Docker 引擎:
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
配置 Docker 源:
curl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/docker-ce.repo
安装 Docker 引擎:
sudo yum install docker-ce docker-ce-cli containerd.io
# 启动 Docker 引擎
sudo systemctl start docker
# 配置 Docker 引擎自启动
sudo systemctl enable docker
部署 Docker 管理 UI
在管理节点部署 Portainer : 创建/tmp/portainer.yml
version: '3.2'
services:
agent:
image: portainer/agent:2.20.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.20.1
command: -H tcp://tasks.agent:9001 --tlsskipverify
ports:
- "9000:9000"
volumes:
- portainer_data:/data
networks:
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
agent_network:
driver: overlay
attachable: true
volumes:
portainer_data:
拉取镜像(因为网络问题可能不会成功,需要解决docker 备用源)
sudo docker pull portainer/portainer-ce:2.20.1
sudo docker pull portainer/agent:2.20.1
部署 portainer:
sudo docker stack deploy -c /tmp/portainer.yml portainer
Docker 修改 Home 路径
vi /etc/docker/deamon.json
# data-root 路径 挂载点磁盘空间一定要充足
{
"registry-mirrors": ["http://hub-mirror.c.163.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn"],
"data-root": "/dockerhome"
}
重新加载 daemon
systemctl daemon-reload
systemctl restart docker
导出本地镜像
docker save -o my-app.tar your-image-name:tag
示例:
docker save -o go-app.tar my-go-app:latest
方法二:直接导出/导入镜像(适合临时使用)
步骤:
- 本地导出镜像
docker save -o my-app.tar your-image-name:tag
# 示例:
docker save -o go-app.tar my-go-app:latest
- 传输到服务器
# 使用 SCP (Linux/Mac)
scp go-app.tar user@your-server-ip:/tmp/
# Windows 使用 PowerShell
scp go-app.tar user@your-server-ip:/tmp/
# 或使用 WinSCP (图形化工具)
- 在服务器导入镜像
ssh user@your-server-ip
docker load -i /tmp/go-app.tar
docker images # 验证镜像存在
docker run -d --name go-app -p 8080:8080 my-go-app:latest
高级方案:自建私有仓库(适合企业/长期项目)
- 在服务器搭建私有仓库
docker run -d -p 5000:5000 --restart=always --name registry registry:2
- 推送镜像到私有仓库 可以将本地的镜像(包括从外网下载来的镜像)通过打标签后,推送到私有仓库。
Docker 推送的要求是,镜像的名称必须与远程私有仓库的地址路径完全匹配。需要用 docker tag命令为本地镜像创建一个符合要求的新标签。
命令格式: docker tag <本地镜像名>:<标签> <远程仓库地址>/<项目或用户名>/<镜像名>:<标签>
# 示例 将本地mariadb:10.4 推送到远程私有仓库
docker tag mariadb:10.4 registry.dajianyijing.com/mariadb:10.4
docker push registry.dajianyijing.com/mariadb:10.4
- 从私有仓库拉取
# 服务器操作
docker pull registry.dajianyijing.com/mariadb:10.4