Docker Network Settings
Docker creates a bridged network card [docker 0]. docker has two mappings, one is random mapping and the other is specified mapping Production scenarios generally do not use random mapping The advantage of random mapping is that ports are allocated by docker and do not conflict
Install nginx specified port
docker pull nginx docker run --name nginx-test -p 8080:80 -d nginx --name nginx-test container name -p 8080:80 Port mapping specified (local firewall needs to be turned on) -d nginx settings container exists and runs in the background Access nginx port http://localhost:8080
Install nginx without specifying a port
docker run -d -P nginx docker run --name -d -P nginx View Running Ports
root@jenkins:/data/docker# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9185/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 9383/master tcp6 0 0 127.0.0.1:8040 :::* LISTEN 73876/java tcp6 0 0 :::8080 :::* LISTEN 123262/docker-proxy tcp6 0 0 :::8050 :::* LISTEN 73876/java tcp6 0 0 :::22 :::* LISTEN 9185/sshd tcp6 0 0 ::1:25 :::* LISTEN 9383/master tcp6 0 0 :::1024 :::* LISTEN 123397/docker-proxy tcp6 0 0 :::1025 :::* LISTEN 123487/docker-proxy tcp6 0 0 :::1026 :::* LISTEN 123576/docker-proxy tcp6 0 0 :::1028 :::* LISTEN 123830/docker-proxy
View Running Firewall Rules
root@jenkins:/data/docker# iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 4 packets, 272 bytes) pkts bytes target prot opt in out source destination 17 884 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 52 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.17.0.3 172.17.0.3 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.17.0.4 172.17.0.4 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.17.0.5 172.17.0.5 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.17.0.6 172.17.0.6 tcp dpt:80 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 2 104 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:172.17.0.2:80 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1024 to:172.17.0.3:80 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1025 to:172.17.0.4:80 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1026 to:172.17.0.5:80 0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1028 to:172.17.0.6:80
view log docker logs [ID/Name] to view nginx output logs
docker startup mapping multiport
docker run -d -p 443:443 -p 82:80 --name nginxv2 nginx
docker data management
There are two types of docker data:
Data Volume: -v/data
-v src:dst
Data Volume Container: --volumes-from
You can think of data volumes as mounts, you can mount data into a docker image, and when I write data in a docker image, I actually write to the physical host.If there are too many containers, it is not easy to manage
Data Volume Settings
example: We create a container named nginx-volume-test and mount it in the / data/docker/nginx-volume-test directory of the container docker run -d --name nginx-volume-time -v /data/docker/nginx-volume-test nginx Enter the container to see the mount
root@jenkins:/data/docker/nginx-volume-test# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c532b25656e1 nginx "nginx -g 'daemon ..." 15 minutes ago Up 15 minutes 80/tcp nginx-volume-time01 444c4206bd4f nginx "nginx -g 'daemon ..." 16 minutes ago Up 16 minutes 80/tcp nginx-volume-time a1d17b854c3c nginx "nginx -g 'daemon ..." 33 minutes ago Up 33 minutes 0.0.0.0:1028->80/tcp nginx_test_01 42cb50b2c0be nginx "nginx -g 'daemon ..." 34 minutes ago Up 34 minutes 0.0.0.0:1026->80/tcp affectionate_lewin 517785002f20 nginx "nginx -g 'daemon ..." 34 minutes ago Up 34 minutes 0.0.0.0:1025->80/tcp admiring_lamport dc50ad70f047 nginx "nginx -g 'daemon ..." 35 minutes ago Up 35 minutes 0.0.0.0:1024->80/tcp infallible_shannon 0b256496d251 nginx "nginx -g 'daemon ..." 43 minutes ago Up 43 minutes 0.0.0.0:8080->80/tcp nginx1 root@jenkins:/data/docker/nginx-volume-test# sh /data/docker/docker_in.sh nginx-volume-time mesg: ttyname failed: No such device root@444c4206bd4f:/# mount |grep /da /dev/mapper/centos-root on /data/docker/nginx-volume-test type xfs (rw,relatime,attr2,inode64,noquota)
You can only see / data/docker/nginx-volume-test above, but you don't know the directory between the server and docker
Find the connection between the storage directory and the docker container
root@jenkins:/data/docker/nginx-volume-test# docker inspect -f {{.Mounts}} nginx-volume-time [{volume 7facc10a0e5a697fd6e03cfbb99c2a0e1ab14c4a7629341f21fdeb0be0ce5b68 /var/lib/docker/volumes/7facc10a0e5a697fd6e03cfbb99c2a0e1ab14c4a7629341f21fdeb0be0ce5b68/_data /data/docker/nginx-volume-test local true }] root@jenkins:/data/docker/nginx-volume-test# cd /var/lib/docker/volumes/7facc10a0e5a697fd6e03cfbb99c2a0e1ab14c4a7629341f21fdeb0be0ce5b68/_data root@jenkins:/var/lib/docker/volumes/7facc10a0e5a697fd6e03cfbb99c2a0e1ab14c4a7629341f21fdeb0be0ce5b68/_data# ls 1 2 test
Specify a specific directory
docker run -d --name nginx_prod -v /data/docker/nginx_prod/:/data nginx Tip: -v/data/docker/nginx_prod/directory where files are stored Directories in the data container
This method is not supported in dockerfile because it is not portable We can also add parameters and mount them read-only docker run -d --name nginx_prod -v /data/docker/nginx_prod/:/data:ro nginx
Container mounts a.bash_history mount and delete
docker run --rm -it -v /root/.bash_history:/.bash_history nginx /bin/bash Delete after exit
Synchronization case between container data
docker run -d --name nfs -v /root/nfs-data:/data nginx Then create after entering the container, there will be file synchronization docker run --rm -it --volumes-from nfs centos /bin/bash
Data Volume Container
docker run -it --rm --name volume-test --volumes-from nfs centos /bin/bash --The name of another container for volumes-from Tip: If we can access the data volume container as well as stop nfs, the other benefit of the data volume container is that it works regardless of whether or not it is running and cannot be deleted as long as any container is using the data volume container