知了小站 - IT人的小站 - Docker容器 https://izlzl.com/tag/docker/ 总结国内加速拉取 Docker 镜像的几种方法 https://izlzl.com/archives/1749.html 2024-07-30T20:58:00+08:00 本文介绍多种方法加速Docker镜像拉取,包括利用Nginx、Cloudflare反向代理等方案,使国内服务器更高效获取海外Docker镜像。目前仍可用的镜像(随时可能失效)sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": [ "https://docker.m.daocloud.io", "https://huecker.io", "https://dockerhub.timeweb.cloud", "https://noohub.ru" ] } EOF sudo systemctl daemon-reload sudo systemctl restart docker使用 Nginx 反向代理需要有一台国外服务器, 按下面添加 Nginx 配置即可,配置完成后,在 /etc/docker/daemon.json 中修改成你的域名,具体参考上方配置,然后重启 dockerserver { listen 443 ssl; server_name 域名; ssl_certificate 证书地址; ssl_certificate_key 密钥地址; proxy_ssl_server_name on; # 启用SNI ssl_session_timeout 24h; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256'; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; location / { proxy_pass https://registry-1.docker.io; # Docker Hub 的官方镜像仓库 proxy_set_header Host registry-1.docker.io; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 关闭缓存 proxy_buffering off; # 转发认证相关的头部 proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization; # 对 upstream 状态码检查,实现 error_page 错误重定向 proxy_intercept_errors on; # error_page 指令默认只检查了第一次后端返回的状态码,开启后可以跟随多次重定向。 recursive_error_pages on; # 根据状态码执行对应操作,以下为301、302、307状态码都会触发 #error_page 301 302 307 = @handle_redirect; error_page 429 = @handle_too_many_requests; } #处理重定向 location @handle_redirect { resolver 1.1.1.1; set $saved_redirect_location '$upstream_http_location'; proxy_pass $saved_redirect_location; } # 处理429错误 location @handle_too_many_requests { proxy_set_header Host 替换为在CloudFlare Worker设置的域名; # 替换为另一个服务器的地址 proxy_pass http://替换为在CloudFlare Worker设置的域名; proxy_set_header Host $http_host; } }使用 Cloudflare 反向代理登录到 Cloudflare 控制台, 新建 worker, 在 worker.js 文件中输入以下代码, 注意需要自行修改代码中的域名'use strict' const hub_host = 'registry-1.docker.io' const auth_url = 'https://auth.docker.io' const workers_url = 'https://你的域名' const workers_host = '你的域名' const home_page_url = 'https://qninq.cn/file/html/dockerproxy.html' /** @type {RequestInit} */ const PREFLIGHT_INIT = { status: 204, headers: new Headers({ 'access-control-allow-origin': '*', 'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS', 'access-control-max-age': '1728000', }), } /** * @param {any} body * @param {number} status * @param {Object<string, string>} headers */ function makeRes(body, status = 200, headers = {}) { headers['access-control-allow-origin'] = '*' return new Response(body, {status, headers}) } /** * @param {string} urlStr */ function newUrl(urlStr) { try { return new URL(urlStr) } catch (err) { return null } } addEventListener('fetch', e => { const ret = fetchHandler(e) .catch(err => makeRes('cfworker error:\n' + err.stack, 502)) e.respondWith(ret) }) /** * @param {FetchEvent} e */ async function fetchHandler(e) { const getReqHeader = (key) => e.request.headers.get(key); let url = new URL(e.request.url); if (url.pathname === '/') { // Fetch and return the home page HTML content with replacement let response = await fetch(home_page_url); let text = await response.text(); text = text.replace(/{workers_host}/g, workers_host); return new Response(text, { status: response.status, headers: response.headers }); } if (url.pathname === '/token') { let token_parameter = { headers: { 'Host': 'auth.docker.io', 'User-Agent': getReqHeader("User-Agent"), 'Accept': getReqHeader("Accept"), 'Accept-Language': getReqHeader("Accept-Language"), 'Accept-Encoding': getReqHeader("Accept-Encoding"), 'Connection': 'keep-alive', 'Cache-Control': 'max-age=0' } }; let token_url = auth_url + url.pathname + url.search return fetch(new Request(token_url, e.request), token_parameter) } url.hostname = hub_host; let parameter = { headers: { 'Host': hub_host, 'User-Agent': getReqHeader("User-Agent"), 'Accept': getReqHeader("Accept"), 'Accept-Language': getReqHeader("Accept-Language"), 'Accept-Encoding': getReqHeader("Accept-Encoding"), 'Connection': 'keep-alive', 'Cache-Control': 'max-age=0' }, cacheTtl: 3600 }; if (e.request.headers.has("Authorization")) { parameter.headers.Authorization = getReqHeader("Authorization"); } let original_response = await fetch(new Request(url, e.request), parameter) let original_response_clone = original_response.clone(); let original_text = original_response_clone.body; let response_headers = original_response.headers; let new_response_headers = new Headers(response_headers); let status = original_response.status; if (new_response_headers.get("Www-Authenticate")) { let auth = new_response_headers.get("Www-Authenticate"); let re = new RegExp(auth_url, 'g'); new_response_headers.set("Www-Authenticate", response_headers.get("Www-Authenticate").replace(re, workers_url)); } if (new_response_headers.get("Location")) { return httpHandler(e.request, new_response_headers.get("Location")) } let response = new Response(original_text, { status, headers: new_response_headers }) return response; } /** * @param {Request} req * @param {string} pathname */ function httpHandler(req, pathname) { const reqHdrRaw = req.headers // preflight if (req.method === 'OPTIONS' && reqHdrRaw.has('access-control-request-headers') ) { return new Response(null, PREFLIGHT_INIT) } let rawLen = '' const reqHdrNew = new Headers(reqHdrRaw) const refer = reqHdrNew.get('referer') let urlStr = pathname const urlObj = newUrl(urlStr) /** @type {RequestInit} */ const reqInit = { method: req.method, headers: reqHdrNew, redirect: 'follow', body: req.body } return proxy(urlObj, reqInit, rawLen, 0) } /** * * @param {URL} urlObj * @param {RequestInit} reqInit */ async function proxy(urlObj, reqInit, rawLen) { const res = await fetch(urlObj.href, reqInit) const resHdrOld = res.headers const resHdrNew = new Headers(resHdrOld) // verify if (rawLen) { const newLen = resHdrOld.get('content-length') || '' const badLen = (rawLen !== newLen) if (badLen) { return makeRes(res.body, 400, { '--error': `bad len: ${newLen}, except: ${rawLen}`, 'access-control-expose-headers': '--error', }) } } const status = res.status resHdrNew.set('access-control-expose-headers', '*') resHdrNew.set('access-control-allow-origin', '*') resHdrNew.set('Cache-Control', 'max-age=1500') resHdrNew.delete('content-security-policy') resHdrNew.delete('content-security-policy-report-only') resHdrNew.delete('clear-site-data') return new Response(res.body, { status, headers: resHdrNew }) }部署完成后,点击设置->触发器->添加自定义域,绑定自己的域名即可。配置完成后,在 /etc/docker/daemon.json 中修改成你的域名,具体参考上方配置,然后重启 docker。原文地址:https://blog.csun.site/posts/b3f62daf.html Docker容器 - 数据打包迁移全过程记录 https://izlzl.com/archives/1704.html 2023-02-23T18:09:00+08:00 记录下Docker容器打包迁移的一些命令:# 确认要迁移容器的名称 docker ps -a # 打包容器为新的镜像 docker commit 容器名 镜像名 # 把镜像保存为tar文件 docker save 镜像名 >文件名称.tar # 将文件传输到另一台服务器,用SCP命令 scp -P 22 /文件路径/文件名称.tar root@接收文件的服务器的IP:/存放文件的目录 # 恢复镜像 docker load < 文件名称.tar恢复镜像后,用同样的方法创建容器即可。 记 Docker 运行 Logstash out of memory 问题 https://izlzl.com/archives/1667.html 2022-08-06T15:50:00+08:00 最近在 Docker 容器上搭建 Zookeeper+Kafka+Logstash+Elasticsearch+Kibana 日志分析系统,在运行 Logstash 和 Elasticsearch 时遇到了如下错误:library initialization failed - unable to allocate file descriptor table - out of memorylibrary initialization failed - unable to allocate file descriptor table - out of memory在这里记录下解决方案。解决方案通过重写 Docker 的 ExecStart 的参数解决sudo systemctl edit docker进入后,添加或者修改对应参数[Service] ExecStart= ExecStart=/usr/bin/dockerd --default-ulimit nofile=65536:65536 -H fd://最后重启 Dockersudo systemctl daemon-reload sudo systemctl restart docker参考:https://stackoverflow.com/questions/68776387/docker-library-initialization-failed-unable-to-allocate-file-descriptor-tabl Centos 中删除 docker0 虚拟网卡 https://izlzl.com/archives/1508.html 2022-04-21T14:32:00+08:00 Centos 删除 Docker 环境后,并不会将虚拟网卡docker0 删除。因此就需要手动处理下ifconfig docker0 down yum -y install bridge-utils brctl delbr docker0这样处理后,才算彻底删除了 Docker 环境。注意:如果你没有删除删除 Docker 环境,那么下次系统启动 Docker Daemon 时还是会自动创建 docker0 网桥。 进入 Docker 容器报错 OCI runtime exec failed: exec failed https://izlzl.com/archives/1378.html 2021-10-23T11:03:00+08:00 使用 docker exec -it 容器名/容器ID /bin/bash 进入容器报错报错信息如下:OCI runtime exec failed: exec failed: container_linux.go:380: starting container process caused: exec: "/bin/bash": stat /bin/bash: no such file or directory: unknown查看相应镜像发现镜像是使用alpine制作的再次输入命令docker exec -it 容器名/容器ID /bin/sh进入成功 Centos 7 彻底卸载清除 Docker 环境 https://izlzl.com/archives/1278.html 2021-03-08T21:30:00+08:00 CentOS 7 彻底卸载 Docker 环境流程如下杀死所有运行容器docker kill $(docker ps -a -q)删除所有Docker容器docker rm $(docker ps -a -q)删除所有Docker镜像docker rmi $(docker images -q)停止 docker 服务systemctl stop docker删除存储目录rm -rf /etc/docker rm -rf /run/docker rm -rf /var/lib/dockershim rm -rf /var/lib/docker如果发现删除不掉,需要先 umount,如umount /var/lib/docker/devicemapper卸载 docker查看已安装的 docker 包yum list installed | grep docker卸载相关包yum remove docker-ce* yum remove containerd.io.x86_64原文地址:https://www.omicsclass.com/article/1184 Typecho 迁移到 Docker 的过程记录 https://izlzl.com/archives/1237.html 2020-08-24T21:07:00+08:00 前言之前博客搭建在阿里云的机器上,现在快过期了,加上原机器带宽太小,就不打算续费了,现在就需要将 Typecho 博客迁移到新机器上。以前使用的是宝塔面板搭建的,现在不想把机器环境搞得乱七八糟,因此选择使用 Docker 来搭建 Typecho。安装Docker使用一键脚本安装Dockercurl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun && systemctl start docker && systemctl enable docker如果提示 curl 命令不存在,就需要先安装 curl# Centos yum -y install curl # Ubuntu、Debian apt -y install curl配置镜像加速如果你机器是国内的机器,那么需要配置镜像加速阿里云镜像获取地址:https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors修改 /etc/docker/daemon.json,文件不存在就创建一个{ "registry-mirrors": [ "你的加速地址" ] }安装数据库这里选择的是 Mariadb,可自行选择数据库镜像,这里配置参数就不做解释了,懂的都懂docker run -d -v /home/mysql:/var/lib/mysql \ -p 3306:3306 -e MYSQL_ROOT_PASSWORD=密码 \ --privileged=true --restart=always --name mariadb mariadb安装 PHP安装官方的 php:7.2-fpm 镜像后,还需要进入容器安装 mysql pdo 才能使用 Mysql 数据库,比较麻烦,这里我自己在 php:7.2-fpm 的基础上构建了个带 mysql pdo 的镜像,可以选择性使用。docker run -d -v /home/nginx/html:/var/www/html \ -p 8080:8080 --link mariadb:mariadb --name php dqjdda/php安装 Nginxdocker run -d \ --link php:php \ --name nginx --restart always \ -p 80:80 -p 443:443 \ -e "TZ=Asia/Shanghai" \ -v /home/nginx/nginx.conf:/etc/nginx/nginx.conf \ -v /home/nginx/conf.d:/etc/nginx/conf.d \ -v /home/nginx/logs:/var/log/nginx \ -v /home/nginx/cert:/etc/nginx/cert \ -v /home/nginx/html:/var/www/html \ nginx配置 Nginx/home/nginx/conf.d 用于放配置文件/home/nginx/logs 存放日志/home/nginx/cert 存放证书/home/nginx/html 存放网页在 /home/nginx/conf.d 目录创建文件 blog.confserver { listen 443 ssl http2; server_name izlzl.com; gzip on; # 缓存SSL ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; # 证书配置 ssl_certificate /etc/nginx/cert/ydyno.com/ydyno.com_chain.crt; ssl_certificate_key /etc/nginx/cert/ydyno.com/ydyno.com_key.key; root /var/www/html/ydyno; index index.php; # 伪静态 if (!-e $request_filename) { rewrite ^(.*)$ /index.php$1 last; } location ~ .*\.php(\/.*)*$ { include fastcgi_params; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; fastcgi_pass php:9000; } location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { expires 5d; } # deny access to . files, for security location ~ /\. { log_not_found off; deny all; } } server { listen 80; server_name izlzl.com ydyno.com; return 301 https://izlzl.com$request_uri; }迁移博客直接将老服务器的博客目录移动到 /var/www/html/ydyno ,然后将数据库导出,然后导入到新库即可