docker的基础用法
文章目录
- docker的基础用法
- 一. docker介绍
- 二. docker安装与基础
- 三. docker常用操作
- 1. 显示整个系统的信息 docker info
- 2. 查看版本号 docker version
- 3. 在Docker Hub上搜索镜像, docker search
- 4. 列出镜像 docker images
- 5. 从注册表中提取镜像或存储库 docker pull httpd
- 6. 创建容器
- 7. 启动,重启,停止
- 8. 杀掉和移除服务
- 9. 查看日志
- 10. 在新容器运行命令
- 11. 连接到运行的容器 docker attach,退出后容器会停止
- 12. 在运行的容器中运行命令 docker exec,退出后容器不会停止
- 13.报错,重启docker
- 14. 返回Docker对象的低级信息/详细信息 docker inspect
- 四. 防火墙
一. docker介绍
1. docker的含义
- 是管理容器的工具
2. OCI与OCF
2.1 OCI(Open Container-initiative)
- 开放容器规范:
- 运行时的规范
- 镜像的规范
2.2 OCF(Open Container Format)
- 开放容器的格式
- 容器作为runC的子进程启动,可以嵌入到其他各种系统中,而不需要运行守护进程
- runC构建在libcontainer之上,同样的容器技术支撑着数以百万计的Docker Engine安装
3. docker镜像与镜像仓库
-
镜像是静态的,而容器是动态的,容器有其生命周期,镜像与容器的关系类似于程序与进程的关系
-
容器是可以删除的,容器被删除后其镜像是不会被删除的。
4. docker对象
4.1 镜像
- 镜像是一个只读模板,带有创建docker容器的说明
- 一个镜像基于另一个镜像,并带有一些额外的定制
- 您可以创建自己的镜像,也可以只使用其他人创建并在注册表中发布的镜像。
4.2 容器
- 容器是镜像的可运行实例
- 您可以使用docker API或CLI创建、运行、停止、移动或删除容器。
- 您可以将一个容器连接到一个或多个网络,将存储附加到它,甚至根据它的当前状态创建一个新镜像。
二. docker安装与基础
1. docker的安装
1.1 配置docker的镜像仓库
[root@SYL4 ~]# cd /etc/yum.repos.d/
[root@SYL4 yum.repos.d]# ls
CentOS-Base.repo epel-testing-modular.repo epel.repo
epel-modular.repo epel-testing.repo redhat.repo
[root@SYL4 yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
1.2 安装docker
[root@SYL4 ~]# yum list all|grep docker
[root@SYL4 ~]# yum -y install docker-ce
2. docker加速的配置
- docker cn
- 中国科技大学加速器
- 阿里云加速器(需要通过阿里云开发者平台注册帐号,免费使用个人私有的加速器)
2.1 启动docker,生成加速器配置文件
[root@SYL4 ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@SYL4 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; en>
Active: active (running) since Sun 2022-04-24 15:57:13 CST>
Docs: https://docs.docker.com
Main PID: 198086 (dockerd)
Tasks: 9
Memory: 29.0M
CGroup: /system.slice/docker.service
└─198086 /usr/bin/dockerd -H fd:// --containerd=/r>
[root@SYL4 ~]# ls /etc/docker/
key.json
[root@SYL4 ~]#
2.2 配置docker加速器
[root@SYL4 ~]# cd /etc/docker/
[root@SYL4 docker]# ls
key.json
[root@SYL4 docker]# vim daemon.json
[root@SYL4 docker]# cat daemon.json
{
"registry-mirrors": ["https://szudx43q.mirror.aliyuncs.com"]
}
[root@SYL4 docker]# systemctl daemon-reload
[root@SYL4 docker]# systemctl restart docker
[root@SYL4 docker]#
三. docker常用操作
docker info 显示整个系统的信息
docker version 查看版本号
docker search 在Docker Hub上搜索镜像
docker pull 从注册表中提取镜像或存储库
docker images 镜像列表
docker create 创建一个新容器
docker start 启动容器
docker run 在新容器中运行命令
docker attach 连接到运行的容器
docker ps 列出本地容器
docker logs 获取容器日志
docker restart 重启容器
docker stop 停止一个或多个运行中的容器/正常退出
docker kill 杀死一个或多个运行中的容器
docker rm 移除一个或多个容器
docker exec 在运行的容器中运行命令
docker inspect 返回Docker对象的低级信息/详细信息
1. 显示整个系统的信息 docker info
[root@SYL4 ~]# docker info
Client:
Context: default //调试模式
Debug Mode: false//插件
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0//容器
Running: 0//运行
Paused: 0//暂停
Stopped: 0//停止
Images: 0//镜像
Server Version: 20.10.14
Storage Driver: overlay2//存储驱动
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc version: v1.0.3-0-gf46b6ba
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 4.18.0-348.el8.x86_64
Operating System: Red Hat Enterprise Linux 8.5 (Ootpa)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 1.748GiB
Name: SYL4
ID: VHGE:CXZW:RYB7:GKM2:X5V6:F5ZP:6EGP:EBEK:JCZY:5XIK:CXNF:TKOG
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://szudx43q.mirror.aliyuncs.com/
Live Restore Enabled: false
[root@SYL4 ~]#
2. 查看版本号 docker version
[root@SYL4 ~]# docker version
Client: Docker Engine - Community
Version: 20.10.14
API version: 1.41
Go version: go1.16.15
Git commit: a224086
Built: Thu Mar 24 01:47:44 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.14
API version: 1.41 (minimum version 1.12)
Go version: go1.16.15
Git commit: 87a90dc
Built: Thu Mar 24 01:46:10 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.11
GitCommit: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc:
Version: 1.0.3
GitCommit: v1.0.3-0-gf46b6ba
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@SYL4 ~]#
3. 在Docker Hub上搜索镜像, docker search
[root@SYL4 ~]# docker search httpd
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
httpd The Apache HTTP Server Project 3975 [OK]
centos/httpd-24-centos7 Platform for running Apache httpd 2.4 or bui… 44
centos/httpd 35 [OK]
hypoport/httpd-cgi httpd-cgi 2 [OK]
solsson/httpd-openidc mod_auth_openidc on official httpd image, ve… 2 [OK]
manageiq/httpd Container with httpd, built on CentOS for Ma… 1 [OK]
lead4good/httpd-fpm httpd server which connects via fcgi proxy h… 1 [OK]
dockerpinata/httpd 1
publici/httpd httpd:latest 1 [OK]
dariko/httpd-rproxy-ldap Apache httpd reverse proxy with LDAP authent… 1 [OK]
inanimate/httpd-ssl A play container with httpd, ssl enabled, an… 1 [OK]
centos/httpd-24-centos8 1
clearlinux/httpd httpd HyperText Transfer Protocol (HTTP) ser… 1
manageiq/httpd_configmap_generator Httpd Configmap Generator 0 [OK]
manasip/httpd 0
e2eteam/httpd 0
paketobuildpacks/httpd 0
httpdocker/kubia 0
sandeep1988/httpd-new httpd-new 0
httpdocker/kubia-unhealthy 0
amd64/httpd The Apache HTTP Server Project 0
patrickha/httpd-err 0
httpdss/archerysec ArcherySec repository 0 [OK]
19022021/httpd-connection_test This httpd image will test the connectivity … 0
itsziget/httpd24 Extended HTTPD Docker image based on the off… 0 [OK]
[root@SYL4 ~]#
4. 列出镜像 docker images
[root@SYL4 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
5. 从注册表中提取镜像或存储库 docker pull httpd
[root@SYL4 ~]# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
a2abf6c4d29d: Pull complete
dcc4698797c8: Pull complete
41c22baa66ec: Pull complete
67283bbdd4a0: Pull complete
d982c879c57e: Pull complete
Digest: sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
[root@SYL4 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest dabbfbe0c57b 4 months ago 144MB
[root@SYL4 ~]#
[root@SYL4 ~]# docker pull httpd:2.4.53
2.4.53: Pulling from library/httpd
1fe172e4850f: Already exists
e2fa1fe9b1ec: Already exists
60dd7398e74e: Already exists
ea2ca81c6d4c: Already exists
f646c69a26ec: Already exists
Digest: sha256:e02a2ef36151905c790efb0a8472f690010150f062639bd8c0760e7b1e884c07
Status: Downloaded newer image for httpd:2.4.53
docker.io/library/httpd:2.4.53
[root@SYL4 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd 2.4.53 c30a46771695 4 days ago 144MB
httpd latest dabbfbe0c57b 4 months ago 144MB
[root@SYL4 ~]#
6. 创建容器
docker create --name+名字 -p容器端口映射真机 +服务
docker ps 列出本地容器 -a列出未启动容器
[root@SYL4 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd 2.4.53 c30a46771695 4 days ago 144MB
httpd latest dabbfbe0c57b 4 months ago 144MB
[root@SYL4 ~]# docker create --name web -p 80:80 httpd:2.4.53
0146899d0c7aec70c6b61c6e3fd60a85c8094d9b1d15d30a59fe36d9ab017223
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0146899d0c7a httpd:2.4.53 "httpd-foreground" 26 seconds ago Created web
[root@SYL4 ~]#
7. 启动,重启,停止
启动
[root@SYL4 ~]# docker start web
web
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0146899d0c7a httpd:2.4.53 "httpd-foreground" 5 minutes ago Up 22 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
[root@SYL4 ~]# systemctl disable --now firewalld
[root@SYL4 ~]# setenforce 0
[root@SYL4 ~]# vi /etc/selinux/config
停止
[root@SYL4 ~]# docker stop web
web
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
重启
[root@SYL4 ~]# docker restart web
web
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0146899d0c7a httpd:2.4.53 "httpd-foreground" 11 minutes ago Up 5 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
8. 杀掉和移除服务
[root@SYL4 ~]# docker rm -f web//删除容器
web
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@SYL4 ~]#
[root@SYL4 ~]# docker kill web
web
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
716728e19427 httpd "httpd-foreground" 6 minutes ago Exited (137) 8 seconds ago web
[root@SYL4 ~]#
9. 查看日志
[root@SYL4 ~]# docker logs web
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 24 10:26:21.809014 2022] [mpm_event:notice] [pid 1:tid 139621542448448] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Apr 24 10:26:21.833449 2022] [core:notice] [pid 1:tid 139621542448448] AH00094: Command line: 'httpd -D FOREGROUND'
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 24 10:30:25.983348 2022] [mpm_event:notice] [pid 1:tid 139987630406976] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Apr 24 10:30:25.983485 2022] [core:notice] [pid 1:tid 139987630406976] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.232.1 - - [24/Apr/2022:10:33:45 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:46 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:48 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:53 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:55 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:34:11 +0000] "GET /bbdb%20n HTTP/1.1" 404 196
[root@SYL4 ~]#
10. 在新容器运行命令
-it 交互模式 在新容器执行命令,退出后容器就停掉了
[root@SYL4 ~]# docker run -it --name mu busybox /bin/sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
5cc84ad355aa: Pull complete
Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
Status: Downloaded newer image for busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
36: eth0@if37: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1dd0826017e httpd "httpd-foreground" 6 minutes ago Up 6 minutes 80/tcp shuang
6252bbff7a3c busybox "/bin/sh" 21 hours ago Exited (255) 3 hours ago mu
716728e19427 httpd "httpd-foreground" 21 hours ago Exited (255) 3 hours ago 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
-d 在后台运行,不指定端口号只能在虚拟机上访问
[root@SYL4 ~]# docker run -d --name shuang httpd
b1dd0826017eec7727e0b7c7fd20442ab952318fad1aba82e84ba55b1a747894
[root@SYL4 ~]# docker inspect shuang
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
[root@SYL4 ~]# curl 172.17.0.2
<html><body><h1>It works!</h1></body></html>
[root@SYL4 ~]#
11. 连接到运行的容器 docker attach,退出后容器会停止
[root@SYL4 ~]# docker start mu
mu
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6252bbff7a3c busybox "/bin/sh" 7 minutes ago Up 6 seconds mu
716728e19427 httpd "httpd-foreground" 26 minutes ago Up 16 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]# docker attach mu
/ # exit
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6252bbff7a3c busybox "/bin/sh" 7 minutes ago Exited (0) 4 seconds ago mu
716728e19427 httpd "httpd-foreground" 26 minutes ago Up 17 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
12. 在运行的容器中运行命令 docker exec,退出后容器不会停止
[root@SYL4 ~]# docker start mu
mu
[root@SYL4 ~]# docker exec -it mu /bin/sh
/ # exit
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6252bbff7a3c busybox "/bin/sh" 11 minutes ago Up 16 seconds mu
716728e19427 httpd "httpd-foreground" 30 minutes ago Up 21 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
[root@SYL4 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6252bbff7a3c busybox "/bin/sh" 12 minutes ago Up About a minute mu
716728e19427 httpd "httpd-foreground" 31 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1dd0826017e httpd "httpd-foreground" 18 minutes ago Up 18 minutes 80/tcp shuang
6252bbff7a3c busybox "/bin/sh" 21 hours ago Up 3 minutes mu
716728e19427 httpd "httpd-foreground" 22 hours ago Exited (255) 3 hours ago 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]#
[root@SYL4 ~]# docker exec -it shuang /bin/bash
root@b1dd0826017e:/usr/local/apache2# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@b1dd0826017e:/usr/local/apache2#
13.报错,重启docker
docker start 716728e19427 Error response from daemon: driver failed programming external connectivity on endpoint web (4bff53ea2d5aceea29c4e0bba3e568aa380b185564d1fd05d9802ca28dcdc5d0): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name. (exit status 1)) Error: failed to start containers: 716728e19427
[root@SYL4 ~]# systemctl restart docker
14. 返回Docker对象的低级信息/详细信息 docker inspect
[root@SYL4 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6252bbff7a3c busybox "/bin/sh" 20 hours ago Exited (255) 2 hours ago mu
716728e19427 httpd "httpd-foreground" 21 hours ago Exited (255) 2 hours ago 0.0.0.0:80->80/tcp, :::80->80/tcp web
[root@SYL4 ~]# docker inspect mu
[
{
"Id": "6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915",
"Created": "2022-04-24T10:39:34.739640404Z",
"Path": "/bin/sh",
"Args": [],
"State": {
"Status": "exited",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 255,
"Error": "",
"StartedAt": "2022-04-24T10:51:15.817487904Z",
"FinishedAt": "2022-04-25T12:58:52.189528825+08:00"
},
"Image": "sha256:beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a",
"ResolvConfPath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/hostname",
"HostsPath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/hosts",
"LogPath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915-json.log",
"Name": "/mu",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9-init/diff:/var/lib/docker/overlay2/050cde657ef01d5bb6bc4abfc6ae566f9e51798eb177a8856af351ec996c8f6a/diff",
"MergedDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9/merged",
"UpperDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9/diff",
"WorkDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "6252bbff7a3c",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh"
],
"Image": "busybox",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "131ad9ab8616ccb5f0133e6ba6303fefe2f7c0c67fdcf75e2e5ddba22a15bf64",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/131ad9ab8616",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "e3e356d1a96061a7b3fa2d50a894a10817fcdc89d6d5f5cfee2f294e1f878203",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:03",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "f4a1d5a0413a2d924f50029302e21925c9c6cd90beb7433ee387caa7206b3085",
"EndpointID": "e3e356d1a96061a7b3fa2d50a894a10817fcdc89d6d5f5cfee2f294e1f878203",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03",
"DriverOpts": null
}
}
}
}
]
[root@SYL4 ~]#
四. 防火墙
1.放行防火墙协议
firewall-cmdadd添加-rich-rule富规则'规则家=ipv4地址=0.0.0.0/0 服务名=http accept允许访问'permanent永久添加
[root@SYL4 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 service name=http accept' --permanent
success
[root@SYL4 ~]# firewall-cmd --reload//加载
success
[root@SYL4 ~]# firewall-cmd --list-all//
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="0.0.0.0/0" service name="http" accept
[root@SYL4 ~]#
2. 放行端口号
[root@SYL4 ~]# vim /etc/ssh/sshd_config
[root@SYL4 ~]# systemctl restart sshd
[root@SYL4 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:2222 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 [::]:2222 [::]:*
LISTEN 0 128 [::]:111 [::]:*
[root@SYL4 ~]#
[root@SYL4 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 port protocol=tcp port=2222 accept' --permanent
success
[root@SYL4 ~]# firewall-cmd --reload
success
[root@SYL4 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="0.0.0.0/0" service name="http" accept
rule family="ipv4" source address="0.0.0.0/0" port port="2222" protocol="tcp" accept
[root@SYL4 ~]#
2.1 测试
3. 删除防火墙
[root@SYL4 ~]# firewall-cmd --remove-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 port protocol=tcp port=2222 accept' --permanent
success
[root@SYL4 ~]# firewall-cmd --reload
success
[root@SYL4 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="0.0.0.0/0" service name="http" accept
[root@SYL4 ~]#
重启
[root@SYL4 ~]# vim /etc/ssh/sshd_config //改的端口号改回来
[root@SYL4 ~]# systemctl restart sshd //重启服务
连接主机...
java.net.ConnectException: Connection refused: connect
连接主机...
连接主机成功
Last login: Mon Apr 25 14:53:04 2022 from 192.168.232.1
[root@SYL4 ~]#