docker的基础用法和防火墙的放行

docker的基础用法

文章目录

- docker的基础用法
- - 一. docker介绍
  - - 1. docker的含义
    - 2. OCI与OCF
    - - 2.1 OCI（Open Container-initiative）
      - 2.2 OCF（Open Container Format）
    - 3. docker镜像与镜像仓库
    - 4. docker对象
    - - 4.1 镜像
      - 4.2 容器
  - 二. docker安装与基础
  - - 1. docker的安装
    - - 1.1 [配置docker的镜像仓库](https://mirrors.aliyun.com/docker-ce/linux/centos/)
      - 1.2 安装docker
    - 2. docker加速的配置
    - - 2.1 启动docker,生成加速器配置文件
      - 2.2 [配置docker加速器](https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors)
  - 三. docker常用操作
  - - 1. 显示整个系统的信息 docker info
    - 2. 查看版本号 docker version
    - 3. 在Docker Hub上搜索镜像, docker search
    - 4. 列出镜像 docker images
    - 5. 从注册表中提取镜像或存储库 docker pull httpd
    - 6. 创建容器
    - 7. 启动，重启，停止
    - 8. 杀掉和移除服务
    - 9. 查看日志
    - 10. 在新容器运行命令
    - 11. 连接到运行的容器 docker attach，退出后容器会停止
    - 12. 在运行的容器中运行命令 docker exec,退出后容器不会停止
    - 13.报错，重启docker
    - 14. 返回Docker对象的低级信息/详细信息 docker inspect
  - 四. 防火墙
  - - 1.放行防火墙协议
    - 2. 放行端口号
    - - 2.1 测试
    - 3. 删除防火墙

一. docker介绍 1. docker的含义

是管理容器的工具

2. OCI与OCF 2.1 OCI（Open Container-initiative）

开放容器规范：
- 运行时的规范
- 镜像的规范

2.2 OCF（Open Container Format）

开放容器的格式
- 容器作为runC的子进程启动，可以嵌入到其他各种系统中，而不需要运行守护进程
- runC构建在libcontainer之上，同样的容器技术支撑着数以百万计的Docker Engine安装

3. docker镜像与镜像仓库

镜像是静态的，而容器是动态的，容器有其生命周期，镜像与容器的关系类似于程序与进程的关系
容器是可以删除的，容器被删除后其镜像是不会被删除的。

4. docker对象 4.1 镜像

镜像是一个只读模板，带有创建docker容器的说明
一个镜像基于另一个镜像，并带有一些额外的定制
您可以创建自己的镜像，也可以只使用其他人创建并在注册表中发布的镜像。

4.2 容器

容器是镜像的可运行实例
您可以使用docker API或CLI创建、运行、停止、移动或删除容器。
您可以将一个容器连接到一个或多个网络，将存储附加到它，甚至根据它的当前状态创建一个新镜像。

二. docker安装与基础 1. docker的安装 1.1 配置docker的镜像仓库

[root@SYL4 ~]# cd /etc/yum.repos.d/
[root@SYL4 yum.repos.d]# ls
CentOS-Base.repo   epel-testing-modular.repo  epel.repo
epel-modular.repo  epel-testing.repo          redhat.repo
[root@SYL4 yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

1.2 安装docker

[root@SYL4 ~]# yum list all|grep docker
[root@SYL4 ~]# yum -y install docker-ce

2. docker加速的配置

docker cn
中国科技大学加速器
阿里云加速器（需要通过阿里云开发者平台注册帐号，免费使用个人私有的加速器）

2.1 启动docker,生成加速器配置文件

[root@SYL4 ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@SYL4 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; en>
   Active: active (running) since Sun 2022-04-24 15:57:13 CST>
     Docs: https://docs.docker.com
 Main PID: 198086 (dockerd)
    Tasks: 9
   Memory: 29.0M
   CGroup: /system.slice/docker.service
           └─198086 /usr/bin/dockerd -H fd:// --containerd=/r>

[root@SYL4 ~]# ls /etc/docker/
key.json
[root@SYL4 ~]#

2.2 配置docker加速器

[root@SYL4 ~]# cd /etc/docker/
[root@SYL4 docker]# ls
key.json
[root@SYL4 docker]# vim daemon.json
[root@SYL4 docker]# cat daemon.json 
{
          "registry-mirrors": ["https://szudx43q.mirror.aliyuncs.com"]
}
[root@SYL4 docker]# systemctl daemon-reload
[root@SYL4 docker]# systemctl restart docker
[root@SYL4 docker]#

三. docker常用操作

docker info  显示整个系统的信息
docker version  查看版本号
docker search  在Docker Hub上搜索镜像
docker pull	从注册表中提取镜像或存储库
docker images 镜像列表
docker create	创建一个新容器
docker start	启动容器 
docker run	在新容器中运行命令
docker attach	连接到运行的容器
docker ps	列出本地容器
docker logs	获取容器日志
docker restart	重启容器
docker stop	停止一个或多个运行中的容器/正常退出
docker kill	杀死一个或多个运行中的容器
docker rm	移除一个或多个容器
docker exec	在运行的容器中运行命令
docker inspect	返回Docker对象的低级信息/详细信息

1. 显示整个系统的信息 docker info

[root@SYL4 ~]# docker info
Client:
Context:    default //调试模式
 Debug Mode: false//插件
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.8.1-docker)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 0//容器
  Running: 0//运行
  Paused: 0//暂停
  Stopped: 0//停止
 Images: 0//镜像
 Server Version: 20.10.14
 Storage Driver: overlay2//存储驱动
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc version: v1.0.3-0-gf46b6ba
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 4.18.0-348.el8.x86_64
 Operating System: Red Hat Enterprise Linux 8.5 (Ootpa)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 1.748GiB
 Name: SYL4
 ID: VHGE:CXZW:RYB7:GKM2:X5V6:F5ZP:6EGP:EBEK:JCZY:5XIK:CXNF:TKOG
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://szudx43q.mirror.aliyuncs.com/
 Live Restore Enabled: false

[root@SYL4 ~]#

2. 查看版本号 docker version

[root@SYL4 ~]# docker version
Client: Docker Engine - Community
 Version:           20.10.14
 API version:       1.41
 Go version:        go1.16.15
 Git commit:        a224086
 Built:             Thu Mar 24 01:47:44 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.14
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.15
  Git commit:       87a90dc
  Built:            Thu Mar 24 01:46:10 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.5.11
  GitCommit:        3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc:
  Version:          1.0.3
  GitCommit:        v1.0.3-0-gf46b6ba
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
[root@SYL4 ~]#

3. 在Docker Hub上搜索镜像, docker search

[root@SYL4 ~]# docker search httpd
NAME                                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
httpd                                The Apache HTTP Server Project                  3975      [OK]       
centos/httpd-24-centos7              Platform for running Apache httpd 2.4 or bui…   44                   
centos/httpd                                                                         35                   [OK]
hypoport/httpd-cgi                   httpd-cgi                                       2                    [OK]
solsson/httpd-openidc                mod_auth_openidc on official httpd image, ve…   2                    [OK]
manageiq/httpd                       Container with httpd, built on CentOS for Ma…   1                    [OK]
lead4good/httpd-fpm                  httpd server which connects via fcgi proxy h…   1                    [OK]
dockerpinata/httpd                                                                   1                    
publici/httpd                        httpd:latest                                    1                    [OK]
dariko/httpd-rproxy-ldap             Apache httpd reverse proxy with LDAP authent…   1                    [OK]
inanimate/httpd-ssl                  A play container with httpd, ssl enabled, an…   1                    [OK]
centos/httpd-24-centos8                                                              1                    
clearlinux/httpd                     httpd HyperText Transfer Protocol (HTTP) ser…   1                    
manageiq/httpd_configmap_generator   Httpd Configmap Generator                       0                    [OK]
manasip/httpd                                                                        0                    
e2eteam/httpd                                                                        0                    
paketobuildpacks/httpd                                                               0                    
httpdocker/kubia                                                                     0                    
sandeep1988/httpd-new                httpd-new                                       0                    
httpdocker/kubia-unhealthy                                                           0                    
amd64/httpd                          The Apache HTTP Server Project                  0                    
patrickha/httpd-err                                                                  0                    
httpdss/archerysec                   ArcherySec repository                           0                    [OK]
19022021/httpd-connection_test       This httpd image will test the connectivity …   0                    
itsziget/httpd24                     Extended HTTPD Docker image based on the off…   0                    [OK]
[root@SYL4 ~]#

4. 列出镜像 docker images

[root@SYL4 ~]# docker images
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE

5. 从注册表中提取镜像或存储库 docker pull httpd

[root@SYL4 ~]# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
a2abf6c4d29d: Pull complete 
dcc4698797c8: Pull complete 
41c22baa66ec: Pull complete 
67283bbdd4a0: Pull complete 
d982c879c57e: Pull complete 
Digest: sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
[root@SYL4 ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED        SIZE
httpd        latest    dabbfbe0c57b   4 months ago   144MB
[root@SYL4 ~]# 
[root@SYL4 ~]# docker pull httpd:2.4.53
2.4.53: Pulling from library/httpd
1fe172e4850f: Already exists 
e2fa1fe9b1ec: Already exists 
60dd7398e74e: Already exists 
ea2ca81c6d4c: Already exists 
f646c69a26ec: Already exists 
Digest: sha256:e02a2ef36151905c790efb0a8472f690010150f062639bd8c0760e7b1e884c07
Status: Downloaded newer image for httpd:2.4.53
docker.io/library/httpd:2.4.53
[root@SYL4 ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED        SIZE
httpd        2.4.53    c30a46771695   4 days ago     144MB
httpd        latest    dabbfbe0c57b   4 months ago   144MB
[root@SYL4 ~]#

6. 创建容器

docker create --name+名字 -p容器端口映射真机 +服务
docker ps 列出本地容器 -a列出未启动容器
[root@SYL4 ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED        SIZE
httpd        2.4.53    c30a46771695   4 days ago     144MB
httpd        latest    dabbfbe0c57b   4 months ago   144MB
[root@SYL4 ~]# docker create --name web -p 80:80 httpd:2.4.53
0146899d0c7aec70c6b61c6e3fd60a85c8094d9b1d15d30a59fe36d9ab017223
[root@SYL4 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
[root@SYL4 ~]# docker ps -a
CONTAINER ID   IMAGE          COMMAND              CREATED          STATUS    PORTS     NAMES
0146899d0c7a   httpd:2.4.53   "httpd-foreground"   26 seconds ago   Created             web
[root@SYL4 ~]#

7. 启动，重启，停止

启动
[root@SYL4 ~]# docker start web
web
[root@SYL4 ~]# docker ps
CONTAINER ID   IMAGE          COMMAND              CREATED         STATUS          PORTS                               NAMES
0146899d0c7a   httpd:2.4.53   "httpd-foreground"   5 minutes ago   Up 22 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp   web
[root@SYL4 ~]# 
[root@SYL4 ~]# systemctl disable --now firewalld
[root@SYL4 ~]# setenforce 0
[root@SYL4 ~]# vi /etc/selinux/config 

停止
[root@SYL4 ~]# docker stop web
web
[root@SYL4 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

重启
[root@SYL4 ~]# docker restart web
web
[root@SYL4 ~]# docker ps
CONTAINER ID   IMAGE          COMMAND              CREATED          STATUS         PORTS                               NAMES
0146899d0c7a   httpd:2.4.53   "httpd-foreground"   11 minutes ago   Up 5 seconds   0.0.0.0:80->80/tcp, :::80->80/tcp   web
[root@SYL4 ~]#

8. 杀掉和移除服务

[root@SYL4 ~]# docker rm -f web//删除容器
web
[root@SYL4 ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
[root@SYL4 ~]# 
[root@SYL4 ~]# docker kill web
web
[root@SYL4 ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED         STATUS                       PORTS     NAMES
716728e19427   httpd     "httpd-foreground"   6 minutes ago   Exited (137) 8 seconds ago             web
[root@SYL4 ~]#

9. 查看日志

[root@SYL4 ~]# docker logs web
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 24 10:26:21.809014 2022] [mpm_event:notice] [pid 1:tid 139621542448448] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Apr 24 10:26:21.833449 2022] [core:notice] [pid 1:tid 139621542448448] AH00094: Command line: 'httpd -D FOREGROUND'
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sun Apr 24 10:30:25.983348 2022] [mpm_event:notice] [pid 1:tid 139987630406976] AH00489: Apache/2.4.52 (Unix) configured -- resuming normal operations
[Sun Apr 24 10:30:25.983485 2022] [core:notice] [pid 1:tid 139987630406976] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.232.1 - - [24/Apr/2022:10:33:45 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:46 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:48 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:53 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:33:55 +0000] "GET / HTTP/1.1" 304 -
192.168.232.1 - - [24/Apr/2022:10:34:11 +0000] "GET /bbdb%20n HTTP/1.1" 404 196
[root@SYL4 ~]#

10. 在新容器运行命令

-it 交互模式 在新容器执行命令，退出后容器就停掉了
[root@SYL4 ~]# docker run -it --name mu busybox /bin/sh
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
5cc84ad355aa: Pull complete 
Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
Status: Downloaded newer image for busybox:latest
/ # ip a
1: lo:  mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
36: eth0@if37:  mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
/ # 
[root@SYL4 ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED         STATUS                     PORTS                               NAMES
b1dd0826017e   httpd     "httpd-foreground"   6 minutes ago   Up 6 minutes               80/tcp                              shuang
6252bbff7a3c   busybox   "/bin/sh"            21 hours ago    Exited (255) 3 hours ago                                       mu
716728e19427   httpd     "httpd-foreground"   21 hours ago    Exited (255) 3 hours ago   0.0.0.0:80->80/tcp, :::80->80/tcp   web
[root@SYL4 ~]# 

-d 在后台运行，不指定端口号只能在虚拟机上访问
[root@SYL4 ~]# docker run -d --name shuang httpd
b1dd0826017eec7727e0b7c7fd20442ab952318fad1aba82e84ba55b1a747894

[root@SYL4 ~]# docker inspect shuang
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]
[root@SYL4 ~]# curl 172.17.0.2
It works!
[root@SYL4 ~]#

11. 连接到运行的容器 docker attach，退出后容器会停止

[root@SYL4 ~]# docker start mu
mu
[root@SYL4 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS          PORTS                               NAMES
6252bbff7a3c   busybox   "/bin/sh"            7 minutes ago    Up 6 seconds                                        mu
716728e19427   httpd     "httpd-foreground"   26 minutes ago   Up 16 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   web
[root@SYL4 ~]# docker attach mu
/ # exit
[root@SYL4 ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS                     PORTS                               NAMES
6252bbff7a3c   busybox   "/bin/sh"            7 minutes ago    Exited (0) 4 seconds ago                                       mu
716728e19427   httpd     "httpd-foreground"   26 minutes ago   Up 17 minutes              0.0.0.0:80->80/tcp, :::80->80/tcp   web
[root@SYL4 ~]#

12. 在运行的容器中运行命令 docker exec,退出后容器不会停止

[root@SYL4 ~]# docker start mu
mu
[root@SYL4 ~]# docker exec -it mu /bin/sh
/ # exit
[root@SYL4 ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS          PORTS                               NAMES
6252bbff7a3c   busybox   "/bin/sh"            11 minutes ago   Up 16 seconds                                       mu
716728e19427   httpd     "httpd-foreground"   30 minutes ago   Up 21 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   web
[root@SYL4 ~]# 
[root@SYL4 ~]# docker ps
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS              PORTS                               NAMES
6252bbff7a3c   busybox   "/bin/sh"            12 minutes ago   Up About a minute                                       mu
716728e19427   httpd     "httpd-foreground"   31 minutes ago   Up 22 minutes       0.0.0.0:80->80/tcp, :::80->80/tcp   web
[root@SYL4 ~]# 
[root@SYL4 ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED          STATUS                     PORTS                               NAMES
b1dd0826017e   httpd     "httpd-foreground"   18 minutes ago   Up 18 minutes              80/tcp                              shuang
6252bbff7a3c   busybox   "/bin/sh"            21 hours ago     Up 3 minutes                                                   mu
716728e19427   httpd     "httpd-foreground"   22 hours ago     Exited (255) 3 hours ago   0.0.0.0:80->80/tcp, :::80->80/tcp   web
[root@SYL4 ~]# 
[root@SYL4 ~]# docker exec -it shuang /bin/bash
root@b1dd0826017e:/usr/local/apache2# cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@b1dd0826017e:/usr/local/apache2#

13.报错，重启docker

docker start 716728e19427 Error response from daemon: driver failed programming external connectivity on endpoint web (4bff53ea2d5aceea29c4e0bba3e568aa380b185564d1fd05d9802ca28dcdc5d0):  (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.  (exit status 1)) Error: failed to start containers: 716728e19427
[root@SYL4 ~]# systemctl restart docker

14. 返回Docker对象的低级信息/详细信息 docker inspect

[root@SYL4 ~]# docker ps -a
CONTAINER ID   IMAGE     COMMAND              CREATED        STATUS                     PORTS                               NAMES
6252bbff7a3c   busybox   "/bin/sh"            20 hours ago   Exited (255) 2 hours ago                                       mu
716728e19427   httpd     "httpd-foreground"   21 hours ago   Exited (255) 2 hours ago   0.0.0.0:80->80/tcp, :::80->80/tcp   web
[root@SYL4 ~]# docker inspect mu
[
    {
        "Id": "6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915",
        "Created": "2022-04-24T10:39:34.739640404Z",
        "Path": "/bin/sh",
        "Args": [],
        "State": {
            "Status": "exited",
            "Running": false,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 0,
            "ExitCode": 255,
            "Error": "",
            "StartedAt": "2022-04-24T10:51:15.817487904Z",
            "FinishedAt": "2022-04-25T12:58:52.189528825+08:00"
        },
        "Image": "sha256:beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a",
        "ResolvConfPath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/hostname",
        "HostsPath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/hosts",
        "LogPath": "/var/lib/docker/containers/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915/6252bbff7a3c73d1201176039cf9d1ed6d0150955913317b1073a605b102a915-json.log",
        "Name": "/mu",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {},
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "host",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9-init/diff:/var/lib/docker/overlay2/050cde657ef01d5bb6bc4abfc6ae566f9e51798eb177a8856af351ec996c8f6a/diff",
                "MergedDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9/merged",
                "UpperDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9/diff",
                "WorkDir": "/var/lib/docker/overlay2/73407dae4813b9c4694e087936f8799771faa96ddded1641502909a8fe8115b9/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [],
        "Config": {
            "Hostname": "6252bbff7a3c",
            "Domainname": "",
            "User": "",
            "AttachStdin": true,
            "AttachStdout": true,
            "AttachStderr": true,
            "Tty": true,
            "OpenStdin": true,
            "StdinOnce": true,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/sh"
            ],
            "Image": "busybox",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {}
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "131ad9ab8616ccb5f0133e6ba6303fefe2f7c0c67fdcf75e2e5ddba22a15bf64",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/131ad9ab8616",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "e3e356d1a96061a7b3fa2d50a894a10817fcdc89d6d5f5cfee2f294e1f878203",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.3",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:03",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "f4a1d5a0413a2d924f50029302e21925c9c6cd90beb7433ee387caa7206b3085",
                    "EndpointID": "e3e356d1a96061a7b3fa2d50a894a10817fcdc89d6d5f5cfee2f294e1f878203",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:03",
                    "DriverOpts": null
                }
            }
        }
    }
]
[root@SYL4 ~]#

四. 防火墙 1.放行防火墙协议

firewall-cmdadd添加-rich-rule富规则'规则家=ipv4地址=0.0.0.0/0 服务名=http accept允许访问'permanent永久添加

[root@SYL4 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 service name=http accept' --permanent
success
[root@SYL4 ~]# firewall-cmd --reload//加载
success
[root@SYL4 ~]# firewall-cmd --list-all//
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens160
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
        rule family="ipv4" source address="0.0.0.0/0" service name="http" accept
[root@SYL4 ~]#

2. 放行端口号

[root@SYL4 ~]# vim /etc/ssh/sshd_config 
[root@SYL4 ~]# systemctl restart sshd
[root@SYL4 ~]# ss -antl
State  Recv-Q Send-Q   Local Address:Port   Peer Address:Port Process                                                       
LISTEN 0      128            0.0.0.0:2222        0.0.0.0:*                                                                  
LISTEN 0      128            0.0.0.0:111         0.0.0.0:*                                                                  
LISTEN 0      32       192.168.122.1:53          0.0.0.0:*                                                                  
LISTEN 0      128               [::]:2222           [::]:*                                                                  
LISTEN 0      128               [::]:111            [::]:*                                                                  
[root@SYL4 ~]# 
[root@SYL4 ~]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 port  protocol=tcp port=2222 accept' --permanent
success
[root@SYL4 ~]# firewall-cmd --reload
success
[root@SYL4 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens160
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
        rule family="ipv4" source address="0.0.0.0/0" service name="http" accept
        rule family="ipv4" source address="0.0.0.0/0" port port="2222" protocol="tcp" accept
[root@SYL4 ~]#

2.1 测试

3. 删除防火墙

[root@SYL4 ~]# firewall-cmd --remove-rich-rule 'rule family=ipv4 source address=0.0.0.0/0 port protocol=tcp port=2222 accept' --permanent
success
[root@SYL4 ~]# firewall-cmd --reload
success
[root@SYL4 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens160
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
        rule family="ipv4" source address="0.0.0.0/0" service name="http" accept
[root@SYL4 ~]# 
重启
[root@SYL4 ~]# vim /etc/ssh/sshd_config //改的端口号改回来
[root@SYL4 ~]# systemctl restart sshd   //重启服务
连接主机...
java.net.ConnectException: Connection refused: connect
连接主机...
连接主机成功
Last login: Mon Apr 25 14:53:04 2022 from 192.168.232.1
[root@SYL4 ~]#

docker的基础用法和防火墙的放行

It works! [root@SYL4 ~]#

Linux相关栏目本月热门文章