docker入门2:以nginx为例查看命令和网络_查询docker内的nginx使用什么网络

作者：花生_TL007 | 2024-03-27 01:48:36

踩

查询docker内的nginx使用什么网络

1.docker pull hub.c.163.com/library/nginx

[root@rhel64-64bit nginx]# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED                  VIRTUAL SIZE
yoyo                          latest              5b236a0b4e50        23 hours ago             109.4 MB
hub.c.163.com/library/nginx   latest              25c6ec04df86        12 months ago            109.4 MB

2.对于如何启动镜像,镜像的环境变量和暴露的端口等都可以从镜像的官网上查看：
https://hub.daocloud.io/repos/2b7310fb-1a50-48f2-9586-44622a2d1771
docker run -p 9089:80 -d yoyo

3.docker ps查看容器

docker ps查看正在运行的容器：
[root@rhel64-64bit nginx]# docker ps
CONTAINER ID   IMAGE   COMMAND               CREATED       STATUS            PORTS                NAMES
17b426998b5b   yoyo    "nginx -g 'daemon of  9 hours ago   Up About an hour  0.0.0.0:9089->80/tcp determined_lalande
docker top查看容器内的进程：
[root@rhel64-64bit auth]# docker top 17
UID    PID     PPID     C    STIME    TTY      TIME           CMD
root   1040    513      0    01:41    ?        00:00:00       nginx: master process nginx -g daemon off;
101    1056    1040     0    01:41    ?        00:00:00       nginx: worker process

[root@rhel64-64bit ~]# cd /var/lib/docker
[root@rhel64-64bit docker]# ll
total 52
drwx------   6 root root  4096 May 16 17:29 containers    ----存放容器的信息
drwx------   5 root root  4096 May 15 17:39 devicemapper  ----镜像层的信息在mnt文件夹下
drwx------ 107 root root 12288 May 16 15:35 graph
drwx------   2 root root  4096 May 15 17:05 init
-rw-r--r--   1 root root 11264 May 16 17:29 linkgraph.db
-rw-------   1 root root  1024 May 16 15:45 repositories-devicemapper
drwx------   2 root root  4096 May 16 15:35 tmp
drwx------   2 root root  4096 May 15 17:05 trust
drwx------   9 root root  4096 May 16 15:43 volumes      ----如mysql会把data目录下文件挂到到本地这个目录下，inspect可以查看
   "Volumes": {
        "/var/lib/mysql": "/var/lib/docker/volumes/58a49a9b746d76e16ca8699194304eaa8c31e36a5c01db268ebb375e8aa86995/_data"

4.dcoker inspect 17查看容器的详细信息：

  "State": {
        "Running": true,
        "Paused": false,
        "Dead": false,
        "Pid": 22652,  -----运行状态和pid信息

        "Gateway": "172.17.42.1",   --容器内网关
        "IPAddress": "172.17.0.1",  --容器内ip地址
        
        "Ports": {
            "80/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "9089"  ---宿主机与容器的端口映射
       "NetworkMode": "bridge",         ---网络类型是bridge，还可以是host，none，在启动容器时可加--net=host参数指定
        "Env": [
            "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",---容器内环境变量
            "NGINX_VERSION=1.13.0-1~stretch",
            "NJS_VERSION=1.13.0.0.1.10-1~stretch"

5.查看监听端口和进程：

netstat -pan|grep 9089
[root@rhel64-64bit ~]# netstat -pan|grep 9089
tcp        0      0 :::9089                     :::*                        LISTEN      22616/docker-proxy

[root@rhel64-64bit ~]# ps aux|grep docker
root     21991  0.2  1.3 605060 28236 pts/0    Sl   16:48   0:12 /usr/bin/docker -d
root     22616  0.0  0.7 131548 15444 pts/0    Sl   17:14   0:00 docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 9089 -container-ip 172.17.0.1 -container-port 80
[root@rhel64-64bit ~]# ps aux|grep 22652
root     22652  0.0  0.2  32412  4780 ?        Ss   17:14   0:00 nginx: master process nginx -g daemon off;

6.防火墙的规则被自动添加，所有访问本机的9089端口的包被转发给容器172.17.0.1:80

docker自动添加这么一条规则iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER  
[root@rhel64-64bit ~]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 1867 packets, 178K bytes)
 pkts bytes target     prot opt in     out     source            destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0         0.0.0.0/0           ADDRTYPE match dst-type LOCAL

 Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source             destination         
    0     0 DNAT       tcp  --  !docker0 *       0.0.0.0/0        0.0.0.0/0           tcp dpt:9089 to:172.17.0.1:80

查看filte链规则目标是容器172.17.0.1:80的数据包都被转发：
[root@rhel64-64bit ~]# iptables -nvL
Chain FORWARD (policy ACCEPT 56986 packets, 15M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1090  111K DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0   

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !docker0 docker0  0.0.0.0/0            172.17.0.1          tcp dpt:80

7.宿主机内http://192.168.1.103:9089可以访问到nginx网页，但是除了宿主机外其他主机都无法访问，
上面的防火墙规则默认策略都是accept的，由此可能是没有开启ip forward的功能：
/etc/sysctl.conf修改
net.ipv4.ip_forward = 1

root@rhel64-64bit ipv4]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
后，此时非宿主机也可以访问http://192.168.1.103:9089，103是宿主机的ip

8.托管静态网页内容
https://hub.daocloud.io/repos/2b7310fb-1a50-48f2-9586-44622a2d1771
建议的是使用Dockerfile的方式
FROM daocloud.io/nginx
COPY static-html-directory /usr/share/nginx/html

也可以使用-v参数把宿主机文件目录挂载到容器内的方法：
docker run -v /root/nginx:/usr/share/nginx/html -p 9089:80 -d yoyo

查看挂载信息：
docekr inspect 17:
  "Volumes": {
        "/usr/share/nginx/html": "/root/nginx"
    },
    "VolumesRW": {
        "/usr/share/nginx/html": true

宿主机：
[root@rhel64-64bit docker]# cd /root/nginx
[root@rhel64-64bit nginx]# ll
total 4
-rw-r--r-- 1 root root 18 May 16 09:18 index.html
[root@rhel64-64bit nginx]# cat index.html
this is aryoyo...

容器内：
[root@rhel64-64bit nginx]# docker exec -it 17 bash
root@17b426998b5b:/# pwd
/
root@17b426998b5b:/# cd /usr/share/nginx/html
root@17b426998b5b:/usr/share/nginx/html# ls
index.html

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/花生_TL007/article/detail/321068