文章目录
docker容器网络
Docker在安装后自动提供3种网络,可以使用docker network ls命令查看
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER ScopE
9692fae45042 bridge bridge local
cd5368439dc0 host host local
c49a1db81682 none null local
Docker使用Linux桥接,在宿主机虚拟一个Docker容器网桥(docker0),Docker启动一个容器时会根据Docker网桥的网段分配给容器一个IP地址,称为Container-IP,同时Docker网桥是每个容器的默认网关。因为在同一宿主机内的容器都接入同一个网桥,这样容器之间就能够通过容器的Container-IP直接通信。
docker的4种网络模式
| 网络模式 | 配置 | 说明 |
|---|---|---|
| host | –network host | 容器和宿主机共享Network namespace |
| container | –network container:NAME_OR_ID | 容器和另外一个容器共享Network namespace |
| none | –network none | 容器有独立的Network namespace, 但并没有对其进行任何网络设置, 如分配veth pair 和网桥连接,配置IP等 |
| bridge | –network bridge | 默认模式 |
bridge模式
当Docker进程启动时,会在主机上创建一个名为docker0的虚拟网桥,此主机上启动的Docker容器会连接到这个虚拟网桥上。虚拟网桥的工作方式和物理交换机类似,这样主机上的所有容器就通过交换机连在了一个二层网络中。
从docker0子网中分配一个IP给容器使用,并设置docker0的IP地址为容器的默认网关。在主机上创建一对虚拟网卡veth pair设备,Docker将veth pair设备的一端放在新创建的容器中,并命名为eth0(容器的网卡),另一端放在主机中,以vethxxx这样类似的名字命名,并将这个网络设备加入到docker0网桥中。可以通过brctl show命令查看。
bridge模式是docker的默认网络模式,不写–network参数,就是bridge模式。使用docker run -p时,docker实际是在iptables做了DNAT规则,实现端口转发功能。可以使用iptables -t nat -vnL查看。
bridge模式如下图所示:
假设上图的docker2中运行了一个Nginx,大家来想几个问题:
- 同主机间两个容器间是否可以直接通信?比如在docker1上能不能直接访问到docker2的Nginx站点?
- 在宿主机上能否直接访问到docker2的Nginx站点?
- 在另一台主机上如何访问node1上的这个Nginx站点呢?DNAT发布?
Docker网桥是宿主机虚拟出来的,并不是真实存在的网络设备,外部网络是无法寻址到的,这也意味着外部网络无法通过直接Container-IP访问到容器。如果容器希望外部访问能够访问到,可以通过映射容器端口到宿主主机(端口映射),即docker run创建容器时候通过 -p 或 -P 参数来启用,访问容器的时候就通过[宿主机IP]:[容器端口]访问容器。
container模式
这个模式指定新创建的容器和已经存在的一个容器共享一个 Network Namespace,而不是和宿主机共享。新创建的容器不会创建自己的网卡,配置自己的 IP,而是和一个指定的容器共享 IP、端口范围等。同样,两个容器除了网络方面,其他的如文件系统、进程列表等还是隔离的。两个容器的进程可以通过 lo 网卡设备通信。
container模式如下图所示:
host模式
如果启动容器的时候使用host模式,那么这个容器将不会获得一个独立的Network Namespace,而是和宿主机共用一个Network Namespace。容器将不会虚拟出自己的网卡,配置自己的IP等,而是使用宿主机的IP和端口。但是,容器的其他方面,如文件系统、进程列表等还是和宿主机隔离的。
使用host模式的容器可以直接使用宿主机的IP地址与外界通信,容器内部的服务端口也可以使用宿主机的端口,不需要进行NAT,host最大的优势就是网络性能比较好,但是docker host上已经使用的端口就不能再用了,网络的隔离性不好。
Host模式如下图所示:
none模式
使用none模式,Docker容器拥有自己的Network Namespace,但是,并不为Docker容器进行任何网络配置。也就是说,这个Docker容器没有网卡、IP、路由等信息。需要我们自己为Docker容器添加网卡、配置IP等。
这种网络模式下容器只有lo回环网络,没有其他网卡。none模式可以在容器创建时通过–network none来指定。这种类型的网络没有办法联网,封闭的网络能很好的保证容器的安全性。
应用场景:
none模式如下图所示:
docker network inspect bridge #查看bridge网络的详细配置
docker容器lnmp
启动docker
systemctl start docker
查看镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
luojiatian1904/Nginx v2 7693d5b0f248 23 hours ago 550MB # Nginx镜像已经完成
启动Nginx
[root@localhost ~]# docker run -it luojiatian1904/Nginx:v2
# 查看
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ecac8d503b87 luojiatian1904/Nginx:v2 "/usr/local/Nginx/sb…" 51 seconds ago Up 50 seconds vigilant_bardeen
# 重新打开一个终端访问Nginx默认页面
[root@localhost ~]# curl 172.17.0.2
……………………
<h1>Welcome to Nginx!</h1>
……………………
拉取一个centos镜像
[root@localhost ~]# docker pull centos
Using default tag: latest
latest: Pulling from library/centos
a1d0c7532777: Already exists
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for centos:latest
docker.io/library/centos:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
luojiatian1904/Nginx v2 7693d5b0f248 23 hours ago 550MB
centos latest 5d0da3dc9764 2 months ago 231MB
做MysqL镜像并使用容器模式的网络
[root@localhost ~]# docker run -it --name MysqL --network container:ecac8d503b87 centos:latest /bin/bash
[root@ecac8d503b87 /]# # 启动本地镜像centos 在里面安装MysqL --network container:ecac8d503b87(以Nginx容器ID为共享网络)
重新打开一个终端查看
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f92580cb7790 centos:latest "/bin/bash" 54 seconds ago Up 53 seconds MysqL
ecac8d503b87 luojiatian1904/Nginx:v2 "/usr/local/Nginx/sb…" 10 minutes ago Up 10 minutes vigilant_bardeen
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f92580cb7790 centos:latest "/bin/bash" 54 seconds ago Up 53 seconds MysqL
ecac8d503b87 luojiatian1904/Nginx:v2 "/usr/local/Nginx/sb…" 10 minutes ago Up 10 minutes vigilant_bardeen
[root@localhost ~]# ls /usr/src/
debug kernels MysqL-5.7.34-linux-glibc2.12-x86_64.tar.gz
[root@localhost ~]# docker cp /usr/src/MysqL-5.7.34-linux-glibc2.12-x86_64.tar.gz f92580cb7790:/usr/src
# cp到MysqL01容器ID下的/usr/src
MysqL容器下查看
[root@ecac8d503b87 /]# ls /usr/src/
debug kernels MysqL-5.7.34-linux-glibc2.12-x86_64.tar.gz
# 下载
[root@ecac8d503b87 /]# yum -y install which numactl-libs ncurses-compat-libs libaio.x86_64 libaio-devel.x86_64
# 创建用户
[root@3367881fd446 src]# useradd -r -M -s /sbin/nologin MysqL
[root@3367881fd446 src]# id MysqL
uid=998(MysqL) gid=996(MysqL) groups=996(MysqL)
# 解压MysqL包
[root@ecac8d503b87 /]# tar xf /usr/src/MysqL-5.7.34-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@ecac8d503b87 /]# cd /usr/local/
[root@ecac8d503b87 local]# ls
bin games lib libexec sbin src
etc include lib64 MysqL-5.7.34-linux-glibc2.12-x86_64 share
# 创建软连接并修改属主属组
[root@ecac8d503b87 local]# ln -sv MysqL-5.7.34-linux-glibc2.12-x86_64 MysqL
'MysqL' -> 'MysqL-5.7.34-linux-glibc2.12-x86_64'
[root@ecac8d503b87 local]# chown -R MysqL.MysqL MysqL*
[root@ecac8d503b87 local]# ls -l
total 0
drwxr-xr-x. 2 root root 6 Nov 3 2020 bin
drwxr-xr-x. 2 root root 6 Nov 3 2020 etc
drwxr-xr-x. 2 root root 6 Nov 3 2020 games
drwxr-xr-x. 2 root root 6 Nov 3 2020 include
drwxr-xr-x. 2 root root 6 Nov 3 2020 lib
drwxr-xr-x. 3 root root 17 Sep 15 14:17 lib64
drwxr-xr-x. 2 root root 6 Nov 3 2020 libexec
lrwxrwxrwx. 1 MysqL MysqL 35 Dec 3 12:52 MysqL -> MysqL-5.7.34-linux-glibc2.12-x86_64
drwxr-xr-x. 9 MysqL MysqL 129 Dec 3 12:52 MysqL-5.7.34-linux-glibc2.12-x86_64
drwxr-xr-x. 2 root root 6 Nov 3 2020 sbin
drwxr-xr-x. 5 root root 49 Sep 15 14:17 share
drwxr-xr-x. 2 root root 6 Nov 3 2020 src
# 添加环境变量
[root@ecac8d503b87 local]# echo "export PATH=/usr/local/MysqL/bin:$PATH" > /etc/profile.d/MysqL.sh
[root@ecac8d503b87 local]# bash
[root@ecac8d503b87 local]# which MysqL
/usr/local/MysqL/bin/MysqL
# 创建数据存放目录
[root@ecac8d503b87 local]# mkdir /opt/data
[root@ecac8d503b87 local]# chown -R MysqL.MysqL /opt/data
[root@ecac8d503b87 local]# ls -l /opt/
total 0
drwxr-xr-x. 2 MysqL MysqL 6 Dec 3 12:54 data
# 初始哈数据库不要密码
[root@ecac8d503b87 ~]# /usr/local/MysqL/bin/MysqLd --initialize-insecure --user=MysqL --datadir=/opt/data
2021-12-03T12:56:50.792679Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2021-12-03T12:56:51.508946Z 0 [Warning] InnoDB: New log files created, LSN=45790
2021-12-03T12:56:51.734379Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2021-12-03T12:56:51.787968Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 7c0ea73a-5438-11ec-9faf-0242ac110002.
2021-12-03T12:56:51.788823Z 0 [Warning] Gtid table is not ready to be used. Table 'MysqL.gtid_executed' cannot be opened.
2021-12-03T12:56:52.757884Z 0 [Warning] CA certificate ca.pem is self signed.
2021-12-03T12:56:52.878626Z 1 [Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
# 生成配置文件
[root@ecac8d503b87 ~]# vi /etc/my.cnf
[MysqLd]
port = 3306
datadir = /opt/data
basedir = /usr/local/MysqL
socket = /tmp/MysqL.sock
pid-file = /opt/data/MysqL.pid
log-error = /opt/data/MysqL.err
skip-name-resolve
# 修改文件
[root@ecac8d503b87 ~]# vi /usr/local/MysqL/support-files/MysqL.server
……………………
basedir=/usr/local/MysqL
datadir=/opt/data
……………………
# 启动
[root@ecac8d503b87 ~]# /usr/local/MysqL/support-files/MysqL.server start
Starting MysqL.Logging to '/opt/data/MysqL.err'.
. SUCCESS!
[root@ecac8d503b87 ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f92580cb7790 centos:latest "/bin/bash" 12 minutes ago Up 12 minutes MysqL
ecac8d503b87 luojiatian1904/Nginx:v2 "/usr/local/Nginx/sb…" 22 minutes ago Up 22 minutes vigilant_bardeen
[root@localhost ~]# docker commit -p MysqL
sha256:5c07c0cdf9a29d4ca80a15d7a324ec7851540d63456fbc2f82173abd5d620847
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 5c07c0cdf9a2 35 seconds ago 3.74GB
luojiatian1904/Nginx v2 7693d5b0f248 23 hours ago 550MB
centos latest 5d0da3dc9764 2 months ago 231MB
[root@localhost ~]# docker tag 5c07c0cdf9a2 luojiatian1904/MysqL:v1
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
luojiatian1904/MysqL v1 5c07c0cdf9a2 About a minute ago 3.74GB
luojiatian1904/Nginx v2 7693d5b0f248 23 hours ago 550MB
centos latest 5d0da3dc9764 2 months ago 231MB
安装PHP
# 运行一个PHP容器和Nginx共享网络
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f92580cb7790 centos:latest "/bin/bash" 15 minutes ago Up 15 minutes MysqL
ecac8d503b87 luojiatian1904/Nginx:v2 "/usr/local/Nginx/sb…" 24 minutes ago Up 24 minutes vigilant_bardeen
[root@localhost ~]# docker run -it --name PHP8 --network container:ecac8d503b87 centos:latest /bin/bash
[root@ecac8d503b87 /]#
# 重新打开一个终端查看正在运行的容器
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
250940d3d136 centos:latest "/bin/bash" 21 seconds ago Up 20 seconds PHP8
f92580cb7790 centos:latest "/bin/bash" 15 minutes ago Up 15 minutes MysqL
ecac8d503b87 luojiatian1904/Nginx:v2 "/usr/local/Nginx/sb…" 25 minutes ago Up 25 minutes vigilant_bardeen
回到PHP启动的终端
[root@ecac8d503b87 /]# yum -y install epel-release
# 下载依赖包
[root@ecac8d503b87 /]# yum install sqlite-devel libzip-devel libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg-turbo libjpeg-turbo-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel gcc gcc-c++ make --allowerasing
[root@ecac8d503b87 /]# yum -y install http://mirror.centos.org/centos/8/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
# 打开另一个终端上传PHP包到容器内
[root@localhost ~]# ls /usr/src/
debug kernels MysqL-5.7.34-linux-glibc2.12-x86_64.tar.gz PHP-8.0.10.tar.gz
[root@localhost ~]# docker cp /usr/src/PHP-8.0.10.tar.gz 250940d3d136:/usr/src
# 回到容器终端查看并解压
[root@ecac8d503b87 /]# cd /usr/src/
[root@ecac8d503b87 src]# ls
debug kernels PHP-8.0.10.tar.gz
[root@ecac8d503b87 src]# tar xf PHP-8.0.10.tar.gz -C /usr/local/
[root@ecac8d503b87 src]# cd /usr/local/
[root@ecac8d503b87 local]# ls
bin etc games include lib lib64 libexec PHP-8.0.10 sbin share src
# 编译安装
[root@3367881fd446 ]# cd PHP-8.0.10/
[root@ecac8d503b87 PHP-8.0.10]# ./configure --prefix=/usr/local/PHP8 \
--with-config-file-path=/etc \
--enable-fpm \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif \
--enable-ftp \
--enable-gd \
--with-jpeg \
--with-zlib-dir \
--with-freetype \
--with-gettext \
--enable-mbstring \
--enable-pdo \
--with-MysqLi=MysqLnd \
--with-pdo-MysqL=MysqLnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--with-zip \
--enable-MysqLnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix
.......
# 安装
[root@ecac8d503b87 PHP-8.0.10]# make && make install
......
# 添加环境变量
[root@ecac8d503b87 PHP-8.0.10]# echo 'export PATH=/usr/local/PHP8/bin:$PATH' > /etc/profile.d/PHP.sh
[root@ecac8d503b87 PHP-8.0.10]# bash
# 配置PHP-fpm
[root@ecac8d503b87 PHP-8.0.10]# cp PHP.ini-production /etc/PHP.ini
[root@ecac8d503b87 PHP-8.0.10]# cd sapi/fpm/
[root@ecac8d503b87 fpm]# ls
config.m4 init.d.PHP-fpm.in PHP-fpm.8 PHP-fpm.service tests
CREDITS LICENSE PHP-fpm.8.in PHP-fpm.service.in www.conf
fpm Makefile.frag PHP-fpm.conf status.html www.conf.in
init.d.PHP-fpm PHP-fpm PHP-fpm.conf.in status.html.in
[root@ecac8d503b87 fpm]# cp init.d.PHP-fpm /etc/init.d/PHP-fpm
[root@ecac8d503b87 fpm]# chmod +x /etc/init.d/PHP-fpm
[root@ecac8d503b87 fpm]# cd /usr/local/PHP8/etc/
[root@ecac8d503b87 etc]# cp PHP-fpm.conf.default PHP-fpm.conf
[root@ecac8d503b87 etc]# cd PHP-fpm.d/
[root@ecac8d503b87 PHP-fpm.d]# cp www.conf.default www.conf
# 启动PHP
[root@3367881fd446 PHP-fpm.d]# /usr/local/PHP8/sbin/PHP-fpm -c /usr/local/PHP8/etc/PHP-fpm.conf
[root@ecac8d503b87 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
配置
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
250940d3d136 centos:latest "/bin/bash" 26 minutes ago Up 26 minutes PHP8
f92580cb7790 centos:latest "/bin/bash" 41 minutes ago Up 41 minutes MysqL
ecac8d503b87 luojiatian1904/Nginx:v2 "/usr/local/Nginx/sb…" 51 minutes ago Up 51 minutes vigilant_bardeen
[root@localhost ~]# docker exec -it ecac8d503b87 /bin/bash
[root@ecac8d503b87 /]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
[root@ecac8d503b87 /]# vi /usr/local/Nginx/conf/Nginx.conf
..........
location / {
root html;
index index.PHP index.html index.htm; # 添加index.PHP
}
.........
location ~ \.PHP$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.PHP;
fastcgi_param SCRIPT_FILENAME $Document_root$fastcgi_script_name; # 修改
include fastcgi_params;
}
........
[root@ecac8d503b87 /]# mkdir -p /var/www/html
[root@ecac8d503b87 /]# cat > /var/www/html/index.PHP <<EOF
> <?PHP
> PHPinfo();
> ?>
> EOF
[root@ecac8d503b87 /]# cat /var/www/html/index.PHP
<?PHP
PHPinfo();
?>
更改PHP配置文件
[root@ecac8d503b87 ~]# vi /usr/local/PHP8/etc/PHP-fpm.conf
.......
daemonize = yes
.......
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
