mysql

docker run \
-itd \
-p 3306:3306 \
--restart always \
-e MYSQL_ROOT_PASSWORD=root \
-e TZ=Asia/Shanghai \
-v ${HOME}/mysql:/var/lib/mysql \
--name mysql57 \
mysql:5.7 \
--character-set-server=utf8mb4 \
--collation-server=utf8mb4_unicode_ci \
--character-set-client-handshake=FALSE docker run -it --rm mysql:5.7 mysql -h172.17.0.2 -uroot -proot

一些经常或不经常用到的镜像启动方法

## mongo
docker run \
-d \
--restart=always \
-v /data/mongo:/data/db -d mongo \
-p 27017:27017 \
mongo ## 单机版etcd-使用host网络, 监控四个0
export NODE1=0.0.0.0
docker run \
-d \
--net=host \
--restart=always \
--volume=${DATA_DIR}:/etcd-data \
--name etcd quay.io/coreos/etcd:latest \
/usr/local/bin/etcd \
--data-dir=/etcd-data --name node1 \
--initial-advertise-peer-urls http://${NODE1}:2380 --listen-peer-urls http://${NODE1}:2380 \
--advertise-client-urls http://${NODE1}:2379 --listen-client-urls http://${NODE1}:2379 \
--initial-cluster node1=http://${NODE1}:2380 etcdctl --endpoints=http://${NODE1}:2379 member list ## 设置容器的TZ另一种办法
参考: https://github.com/spujadas/elk-docker/blob/master/start.sh

override default time zone (Etc/UTC) if TZ variable is set

if [ ! -z "$TZ" ]; then

ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

fi

## 带ssh的centos

docker run -d -p 0.0.0.0:2222:22 tutum/centos6

docker run -d -p 0.0.0.0:2222:22 tutum/centos

docker run -d -p 0.0.0.0:2222:22 -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro tutum/centos6

docker run -d -p 0.0.0.0:2222:22 -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro tutum/centos

支持两种验证方式:

docker run -d -p 0.0.0.0:2222:22 -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro -e ROOT_PASS="mypass" tutum/centos

docker run -d -p 2222:22 -e AUTHORIZED_KEYS="cat ~/.ssh/id_rsa.pub" tutum/centos

docker logs <CONTAINER_ID>

ssh -p root@

参考: https://hub.docker.com/r/tutum/centos/

## 带ping/curl/nslookup的busybox

docker run -itd --name=test1 --net=test-network radial/busyboxplus /bin/sh

## nginx

mkdir -p /data/nginx-html

echo "maotai" > /data/nginx-html/index.html

docker run -d

--net=host

--restart=always

-v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro

-v /etc/localtime:/etc/localtime:ro

-v /data/nginx-html:/usr/share/nginx/html

--name nginx

nginx


## portainer多单节点管理界面的部署

cp /etc/docker/daemon.json /etc/docker/daemon.json.bak.$(date +%F)

cat >/etc/docker/daemon.json<<EOF

{

"registry-mirrors": ["https://registry.docker-cn.com"],

"hosts": [

"tcp://0.0.0.0:2375",

"unix:///var/run/docker.sock"

]

}

EOF

systemctl daemon-reload

systemctl restart docker && systemctl enable docker

docker run -d

-p 9000:9000

--restart=always

-v /etc/localtime:/etc/localtime:ro

-v /var/run/docker.sock:/var/run/docker.sock

portainer/portainer


#### nginx配置
```bash
mv /etc/nginx /etc/nginx_$(date +%F)
mkdir -p /etc/nginx/conf.d/ mkdir -p /data/nginx-html
echo "maotai" > /data/nginx-html/index.html cat >> /etc/nginx/nginx.conf<<EOF
user nginx;
worker_processes 1; error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid; events {
worker_connections 1024;
} http {
include mime.types;
default_type application/octet-stream;
server_name_in_redirect off;
client_max_body_size 20m;
client_header_buffer_size 16k;
large_client_header_buffers 4 16k;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_tokens off;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_proxied any;
gzip_http_version 1.1;
gzip_comp_level 3;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on; log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; log_format json '{"@timestamp": "$time_iso8601",'
'"@version": "1",'
'"client": "$remote_addr",'
'"url": "$uri", '
'"status": $status, '
'"domain": "$host", '
'"host": "$server_addr",'
'"size":"$body_bytes_sent", '
'"response_time": $request_time, '
'"referer": "$http_referer", '
'"http_x_forwarded_for": "$http_x_forwarded_for", '
'"ua": "$http_user_agent" } ';
access_log /var/log/nginx/access.log json; include /etc/nginx/conf.d/*.conf;
}
EOF
tree /etc/nginx/ cat >> /etc/nginx/conf.d/default.conf <<EOF
server {
listen 80;
server_name localhost; #charset koi8-r;
#access_log /var/log/nginx/host.access.log json; location / {
root /usr/share/nginx/html;
index index.html index.htm;
} #error_page 404 /404.html; # redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
} # proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#} # deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
EOF
tree /etc/nginx/

nginx-lb

docker run --name nginx-lb \
-d \
-v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
--net=host \
--restart=always \
-v /etc/localtime:/etc/localtime \
nginx:1.13.3-alpine

lnmp(每个组件独立)

参考: https://github.com/micooz/docker-lnmp

docker-compose up

启动一个mysql

cat /root/dockerfile/mysql/start.sh

docker run  -p 3306:3306 -v /data/mysql:/var/lib/mysql -v /etc/localtime:/etc/localtime --name mysql5 --restart=always -d mysql:5.6.23 --character-set-server=utf8 --collation-server=utf8_general_ci
docker run  \
-p 3306:3306 \
-v /data/mysql:/var/lib/mysql \
-v /etc/localtime:/etc/localtime \
--name mysql5 \
--restart=always \
-e MYSQL_ROOT_PASSWORD=123456 \
-d mysql:5.6.23 --character-set-server=utf8 --collation-server=utf8_general_ci
show VARIABLES like '%max_allowed_packet%';

show variables like '%storage_engine%';
show variables like 'collation_%';
show variables like 'character_set_%';

mysql主从库

#+++++++++++++++++++++++++++
# mysql主从库
#+++++++++++++++++++++++++++
docker run -d -e REPLICATION_MASTER=true -e REPLICATION_PASS=mypass -p 3306:3306 --name mysql tutum/mysql
docker run -d -e REPLICATION_SLAVE=true -p 3307:3306 --link mysql:mysql tutum/mysql

gogs安装(不过建议用gitlab)

docker run -itd \
-p 53000:3000 -p 50022:22 \
-v /data/gogs:/data \
-v /etc/localtime:/etc/localtime \
--restart=always \
gogs/gogs

cowcloud

docker run -v /data/owncloud-data:/var/www/html -v /etc/localtime:/etc/localtime -v :/var/www/html/config --restart=always -itd -p 8000:80 owncloud

nextcloud(和owncloud一样,据说这个支持在线md记录笔记,总之感觉功能更强大)

参考: https://hub.docker.com/_/nextcloud/

docker run -d \
-p 8080:80
-v nextcloud:/var/www/html \
nextcloud

安装confluence

docker run \
-v /data/confluence/conflu_data:/var/atlassian/application-data/confluence \
-v /etc/localtime:/etc/localtime \
-v /data/confluence/server.xml:/opt/atlassian/confluence/conf/server.xml \
--restart=always \
--link mysql5:db \
--name="confluence" -d \
-p 8090:8090 \
-p 8091:8091 \
cptactionhank/atlassian-confluence

参考:http://wuyijun.cn/shi-yong-dockerfang-shi-an-zhuang-he-yun-xing-confluence/

  • 配置confluence

    • 创建数据库
create database confluence default character set utf8 collate utf8_bin;
grant all on confluence.* to 'confluence'@"172.17.0.%" identified by "confluenceman";
grant all on confluence.* to 'confluence'@"192.168.6.%";
grant all on confluence.* to 'confluence'@"192.168.8.%";
  • 安装破解
1.导出后用破机器破解
docker cp confluence:/opt/atlassian/confluence/confluence/WEB-INF/lib/atlassian-extras-decoder-v2-3.2.jar ./
mv atlassian-extras-decoder-v2-3.2.jar atlassian-extras-2.4.jar 2. 将破解文件导入系统
mv atlassian-extras-2.4.jar atlassian-extras-decoder-v2-3.2.jar
docker cp ./atlassian-extras-decoder-v2-3.2.jar confluence:/opt/atlassian/confluence/confluence/WEB-INF/lib/ 3.重启confluence
docker stop confluence
docker start confluence
  • 1.贴上破机器的序列号
  • 2.选jdbc连mysql url写:
jdbc:mysql://db:3306/confluence?sessionVariables=storage_engine%3DInnoDB&amp;amp;useUnicode=true&amp;amp;characterEncoding=utf8
管理员帐号密码登陆 http://192.168.x.x:8090
admin
xxxxx
  • 5.配置邮箱

    这里我没用server.xml里配置(配了测试有问题),直接smtp用新浪邮箱配的
smtp.sina.com
mt@sina.com
123456

phabricator审计系统(客服给开发提bug)

docker run -d \
-p 9080:80 -p 9443:443 -p 9022:22 \
--env PHABRICATOR_HOST=sj.pp100.net \
--env MYSQL_HOST=192.168.x.x \
--env MYSQL_USER=root \
--env MYSQL_PASS=elc123 \
--env PHABRICATOR_REPOSITORY_PATH=/repos \
--env PHABRICATOR_HOST_KEYS_PATH=/hostkeys/persisted \
-v /data/phabricator/hostkeys:/hostkeys \
-v /data/phabricator/repo:/repos \
redpointgames/phabricator

hackmarkdown安装(内网markdown服务器,支持贴图权限,还有专门的客户端等)

https://github.com/hackmdio/docker-hackmd/blob/master/docker-compose.yml

docker-compose up -d

参考: 数据的备份等都有.

https://github.com/hackmdio/docker-hackmd

https://hub.docker.com/r/hackmdio/hackmd/

容器启动常用选项

  • 1, 时区
  • 2, 自动重启
  • 3, 日志
docker run \
-v /etc/localtime:/etc/localtime:ro
-v /etc/timezone:/etc/timezone:ro
--restart=always \ docker run \
-v /etc/localtime:/etc/localtime:ro
-v /etc/timezone:/etc/timezone:ro -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro 记录两份 一份是前台输出,另一份
docker run -it --rm -p 80:80 nginx
ll /var/lib/docker/containers/*/*.log

针对容器的日志切割(不然日志越滚越大)

容器日志目录: /var/lib/docker/containers//.log.*

docker run -d -v /var/lib/docker/containers:/var/lib/docker/containers:rw \
-v /etc/localtime:/etc/localtime:ro \
--restart=always \
tutum/logrotate
  • 原理(logrotated的一个copytruncate选项很好,不截断日志情况下滚动日志)
## 可以进到容器里看看日志滚动策略.
#https://hub.docker.com/r/tutum/logrotate/ / # cat /etc/logrotate.conf
/var/lib/docker/containers/*/*.log {
rotate 0
copytruncate
sharedscripts
maxsize 10M
postrotate
rm -f /var/lib/docker/containers/*/*.log.*
endscript #logrotate说明copytruncate
# http://www.lightxue.com/how-logrotate-works #让我联想起了nginx日志切割
cat > /etc/logrotate.d/nginx
/usr/local/nginx/logs/*.log {
daily
missingok
rotate 7
dateext
compress
delaycompress
notifempty
sharedscripts
postrotate
if [ -f /usr/local/nginx/logs/nginx.pid ]; then
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
fi
endscript
}

清理长时间不用的镜像和volumes

docker run -d \
--privileged \
-v /var/run:/var/run:rw \
-v /var/lib/docker:/var/lib/docker:rw \
-e IMAGE_CLEAN_INTERVAL=1 \
-e IMAGE_CLEAN_DELAYED=1800 \
-e VOLUME_CLEAN_INTERVAL=1800 \
-e IMAGE_LOCKED="ubuntu:trusty, tutum/curl:trusty" \
tutum/cleanup # https://hub.docker.com/r/tutum/cleanup/
# IMAGE_CLEAN_INTERVAL (optional) How long to wait between cleanup runs (in seconds), 1 by default.
# IMAGE_CLEAN_DELAYED (optional) How long to wait to consider an image unused (in seconds), 1800 by default.
# VOLUME_CLEAN_INTERVAL (optional) How long to wait to consider a volume unused (in seconds), 1800 by default.
# IMAGE_LOCKED (optional) A list of images that will not be cleaned by this container, separated by ,
  • 原理:调用二进制程序
/ # cat run.sh
#!/bin/sh if [ ! -e "/var/run/docker.sock" ]; then
echo "=> Cannot find docker socket(/var/run/docker.sock), please check the command!"
exit 1
fi if [ "${IMAGE_LOCKED}" == "**None**" ]; then
exec /cleanup \
-imageCleanInterval ${IMAGE_CLEAN_INTERVAL} \
-imageCleanDelayed ${IMAGE_CLEAN_DELAYED}
else
exec /cleanup \
-imageCleanInterval ${IMAGE_CLEAN_INTERVAL} \
-imageCleanDelayed ${IMAGE_CLEAN_DELAYED} \
-imageLocked "${IMAGE_LOCKED}"
fi

zk集群

参考: https://segmentfault.com/a/1190000006907443

version: '2'
services:
zoo1:
image: zookeeper
restart: always
container_name: zoo1
volumes:
- /etc/localtime:/etc/localtime
ports:
- "2181:2181"
environment:
ZOO_MY_ID: 1
ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888 zoo2:
image: zookeeper
restart: always
container_name: zoo2
volumes:
- /etc/localtime:/etc/localtime
ports:
- "2182:2181"
environment:
ZOO_MY_ID: 2
ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888 zoo3:
image: zookeeper
restart: always
volumes:
- /etc/localtime:/etc/localtime
container_name: zoo3
ports:
- "2183:2181"
environment:
ZOO_MY_ID: 3
ZOO_SERVERS: server.1=zoo1:2888:3888 server.2=zoo2:2888:3888 server.3=zoo3:2888:3888

检查:

echo stat|nc127.0.0.1 2181

或者进入到容器去看
#docker exec zoo1 /zookeeper-3.4.10/bin/zkCli.sh -server 127.0.0.1:2181
#/zookeeper-3.4.10/bin/zkCli.sh -server 127.0.0.1:2181

zabbix(monitoringartist这小伙把组件搞在一个镜像了)

docker run \
-d \
--name dockbix-db \
-v /backups:/backups \
-v /etc/localtime:/etc/localtime:ro \
--volumes-from dockbix-db-storage \
--env="MARIADB_USER=zabbix" \
--env="MARIADB_PASS=my_password" \
monitoringartist/zabbix-db-mariadb # Start Dockbix linked to the started DB
docker run \
-d \
--name dockbix \
-p 80:80 \
-p 10051:10051 \
-v /etc/localtime:/etc/localtime:ro \
--link dockbix-db:dockbix.db \
--env="ZS_DBHost=dockbix.db" \
--env="ZS_DBUser=zabbix" \
--env="ZS_DBPassword=my_password" \
--env="XXL_zapix=true" \
--env="XXL_grapher=true" \
monitoringartist/dockbix-xxl:latest

分开的zabbix,这个我没测

docker run --name zabbix-server-mysql -t \
-v /etc/localtime:/etc/localtime:ro \
-v /data/zabbix-alertscripts:/usr/lib/zabbix/alertscripts \
-v /etc/zabbix/zabbix_server.conf:/etc/zabbix/zabbix_server.conf \
-e DB_SERVER_HOST="192.168.14.132" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="Tx66sup" \
-e MYSQL_ROOT_PASSWORD="Tinsu" \
-e ZBX_JAVAGATEWAY="127.0.0.1" \
--network=host \
-d registry.docker-cn.com/zabbix/zabbix-server-mysql:ubuntu-3.4.0 docker run --name mysql-server -t \
-v /etc/localtime:/etc/localtime:ro \
-v /etc/my.cnf:/etc/my.cnf \
-v /data/mysql-data:/var/lib/mysql \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="bix66sup" \
-e MYSQL_ROOT_PASSWORD="adminsu" \
-p 3306:3306 \
-d registry.docker-cn.com/mysql/mysql-server:5.7 docker run --name zabbix-java-gateway -t \
-v /etc/localtime:/etc/localtime:ro \
--network=host \
-d registry.docker-cn.com/zabbix/zabbix-java-gateway:latest bdocker run --name zabbix-web-nginx-mysql -t \
-v /etc/localtime:/etc/localtime:ro \
-e DB_SERVER_HOST="192.168.14.132" \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="TCzp" \
-e MYSQL_ROOT_PASSWORD="TC6u" \
-e PHP_TZ="Asia/Shanghai" \
--network=host \
-d registry.docker-cn.com/zabbix/zabbix-web-nginx-mysql:ubuntu-3.4.0

docker监控advisor

docker run  \
--volume=/:/rootfs:ro \
--volume=/var/run:/var/run:rw \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:ro \
--publish=8080:8080 \
--detach=true \
--name=cadvisor \
google/cadvisor:latest http://192.168.14.133:8080/

centos7跑cAdvisor-InfluxDB-Grafana

  • 参考
http://www.pangxie.space/docker/456
https://www.brianchristner.io/how-to-setup-docker-monitoring/
https://github.com/vegasbrianc/docker-monitoring/blob/master/docker-monitoring-0.9.json
  • 启动influxdb(使用最新的发现不好使)
docker run -d -p 8083:8083 -p 8086:8086 --expose 8090 --expose 8099 --name influxsrv tutum/influxdb:0.10
  • 创建db
docker exec -it influxsrv bash
use cadvisor
CREATE USER "root" WITH PASSWORD 'root' WITH ALL PRIVILEGES
CREATE DATABASE cadvisor
show users
  • 启动cadvisor
docker run --volume=/:/rootfs:ro --volume=/var/run:/var/run:rw --volume=/sys:/sys:ro --volume=/var/lib/docker/:/var/lib/docker:ro --publish=8080:8080 --detach=true --link influxsrv:influxsrv --name=cadvisor google/cadvisor:latest -storage_driver=influxdb -storage_driver_db=cadvisor -storage_driver_host=influxsrv:8086
  • 启动grafna, 加db源.导入dashboard
docker run -d -p 3000:3000 -e INFLUXDB_HOST=192.168.14.133 -e INFLUXDB_PORT=8086 -e INFLUXDB_NAME=cadvisor -e INFLUXDB_USER=root -e INFLUXDB_PASS=root --link influxsrv:influxsrv --name grafana grafana/grafana

Prometheus+Grafana(这个比cAdvisor-InfluxDB-Grafana展示效果更好一些)

A Prometheus & Grafana docker-compose stack

参考: https://github.com/vegasbrianc/prometheus

docker-compose up -d

elk

elk容器要占2g内存,vm分配至少给2g

参考:http://elk-docker.readthedocs.io/#installation

https://github.com/gregbkr/elk-dashboard-v5-docker

sysctl -w vm.max_map_count=262144

docker run -d -v /etc/localtime:/etc/localtime --restart=always -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk

docker run -d -v /etc/localtime:/etc/localtime --restart=always -p 9100:9100 mobz/elasticsearch-head:5

或
docker-compose up -d

纯手动安装elastic+kibana(elk)

useradd elk
cd /usr/local/src/
tar xf elasticsearch-5.6.4.tar.gz -C /usr/local/
tar xf kibana-5.6.4-linux-x86_64.tar.gz -C /usr/local/ ln -s /usr/local/elasticsearch-5.6.4 /usr/local/elasticsearch
ln -s /usr/local/kibana-5.6.4-linux-x86_64 /usr/local/kibana chown -R elk. /usr/local/elasticsearch
chown -R elk. /usr/local/elasticsearch/
chown -R elk. /usr/local/kibana
chown -R elk. /usr/local/kibana/ mkdir /data/es/{data,logs} -p
chown -R elk. /data 修改es配置
0.0.0.0
http.cors.enabled: true
http.cors.allow-origin: "*" 修改内核:
vim /etc/security/limits.conf
* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 65536 sysctl -w vm.max_map_count=262144
sysctl -p nohup /bin/su - elk -c "/usr/local/elasticsearch/bin/elasticsearch" > /data/es/es-start.log 2>&1 &
nohup /bin/su - elk -c "/usr/local/kibana/bin/kibana" > /data/es/kibana-start.log 2>&1 & docker run -d -v /etc/localtime:/etc/localtime --restart=always -p 9100:9100 mobz/elasticsearch-head:5

安装elk的head插件

先修改es的配置文件: elasticsearch.yml追加
http.cors.enabled: true
http.cors.allow-origin: "*" docker run -d -v /etc/localtime:/etc/localtime --restart=always -p 9100:9100 mobz/elasticsearch-head:5
物理机安装elk之前的优化操作
sudo sysctl -w vm.max_map_count=262144 make it persistent:
$ vim /etc/sysctl.conf
vm.max_map_count=262144

es常用操作参考: http://www.cnblogs.com/lishouguang/p/4560930.html

## 备份,扩容等脚本,有点老,但是思路可以参考,https://github.com/gregbkr/docker-elk-cadvisor-dashboards

http://192.168.14.133:9200/_cat/health?v   #查看集群状态
http://192.168.14.133:9200/_cat/nodes?v #查看节点状态
http://192.168.14.133:9200/_cat/indices?v #查看index列表 #创建index
curl -XPUT http://vm1:9200/customer?pretty #添加一个document
[es@vm1 ~]$ curl -XPUT vm1:9200/customer/external/1?pretty -d '{"name":"lisg"}' #检索一个document
[es@vm1 ~]$ curl -XGET vm1:9200/customer/external/1?pretty #删除一个document
[es@vm1 ~]$ curl -XDELETE vm1:9200/customer/external/1?pretty #删除一个type
[es@vm1 ~]$ curl -XDELETE vm1:9200/customer/external?pretty #删除一个index
[es@vm1 ~]$ curl -XDELETE vm1:9200/customer?pretty #POST方式可以添加一个document,不用指定ID
[es@vm1 ~]$ curl -XPOST vm1:9200/customer/external?pretty -d '{"name":"zhangsan"}' #使用doc更新document
[es@vm1 ~]$ curl -XPUT vm1:9200/customer/external/1?pretty -d '{"name":"lisg4", "age":28}' #使用script更新document(1.4.3版本动态脚本是被禁止的)
[es@vm1 ~]$ curl -XPOST vm1:9200/customer/external/1/_update?pretty -d '{"script":"ctx._source.age += 5"}'

启动jenkins

docker run -d -u root \
-p 8080:8080 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(which docker):/bin/docker \
-v /var/jenkins_home:/var/jenkins_home \
jenkins

带ssh的tomcat

之前一直使用单个app的容器,如tomcat,我只需要catalina.sh run来启动前台容器.其中方法:我可以CMD ['run.sh'],其中run.sh有了我想执行的命令.

我也可以通过ENTRYPOINT ["docker-entrypoint.sh"],这样更加灵活了.可以通过CMD往这个脚本传参了.

后台tomcat容器需要ssh进去管理.这就意味着必须sshd也要同时前台启动,只能用supervisor来管理了.

参考:http://blog.csdn.net/iiiiher/article/details/70918045,其中包含了,

但是我感觉还是不太完善.

  • 1,熟悉dockerfile语法
  • 2,手动构建centos7
  • 3,使用官网centos7
  • 4,系统层--基于官网cenos7 添加 supervisor+ssh,启动后即启动ssh
  • 5,运行层—安装jdk
  • 6,app层安装tomcat,暴露8080.—supervisor接管.

新总结下supervisord.conf的配置(tomcat+ssh镜像)

参考: https://github.com/zabbix/zabbix-docker/blob/3.4/web-apache-mysql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf

[supervisord]
nodaemon = true [program:sshd]
command=/usr/sbin/sshd -D
process_name=%(program_name)s
auto_start = true
autorestart = true [program:tomcat]
command=/data/tomcat/bin/catalina.sh run
process_name=%(program_name)s
auto_start = true
autorestart = true stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0
stderr_logfile = /dev/stderr
stderr_logfile_maxbytes = 0 这是tomcat的dockerfile[tomcat+ssh镜像],
其中要准备,下载解压这些目录到Dockerfile所在目录, jdk, tomcat,tomcat的server.xml(后期我k8s集群使用cm来覆盖)

Dockerfile

FROM centos:6.8

# Init centos
ENV TERM="linux"
ENV TERMINFO="/etc/terminfo"
ENV LANG="en_US.UTF-8"
ENV LANGUAGE="en_US.UTF-8"
ENV LC_ALL="en_US.UTF-8"
ENV TZ="PRC"
COPY localtime /etc/localtime #ssh
RUN yum -y install openssh-server epel-release && \
rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_rsa_key && \
ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key && \
ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key && \
sed -i "s/#UsePrivilegeSeparation.*/UsePrivilegeSeparation no/g" /etc/ssh/sshd_config && \
sed -i "s/UsePAM.*/UsePAM yes/g" /etc/ssh/sshd_config && \
sed -i 's#\#UseDNS yes#UseDNS no#g' /etc/ssh/sshd_config && \
sed -i 's#GSSAPIAuthentication yes#GSSAPIAuthentication no#g' /etc/ssh/sshd_config && \
echo "root:123456" | chpasswd && \
yum clean all #supervisor
RUN yum -y install supervisor && \
mkdir -p /etc/supervisor/
COPY supervisord.conf /etc/supervisor/ # Prepare jdk and tomcat environment
ENV JAVA_HOME /usr/local/jdk
ENV CLASSPATH .:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar
ENV TOMCAT_HOME /data/tomcat
ENV PATH $JAVA_HOME/bin:$TOMCAT_HOME/bin:$PATH
ENV CATALINA_HOME=/data/tomcat
ENV ENVCATALINA_BASE=/data/tomcat
#RUN export JAVA_HOME CLASSPATH TOMCAT_HOME PATH CATALINA_HOME ENVCATALINA_BASE # Install Oracle jdk-8u25
COPY jdk /usr/local/jdk # Install apache-tomcat-7.0.62
RUN mkdir -p /data/tomcat && mkdir -p /data/web/elc/ && \
ulimit -SHn 65535 && \
echo '* - nofile 65536' >>/etc/security/limits.conf
COPY tomcat /data/tomcat
COPY server.xml /tmp/server.xml
RUN ln -s /tmp/server.xml /data/tomcat/conf/server.xml WORKDIR /data/tomcat EXPOSE 8080 22 CMD ["supervisord","-c","/etc/supervisor/supervisord.conf"]

其中centos的dockerfile参考: https://github.com/tutumcloud/tutum-centos/blob/master/centos6/Dockerfile

这里可以指定ssh的密码,你也可以使用pwdgen(yum install)工具随机生成密码,打印在console口通过docker logs -f来查看到密码,后期直接自己改密码.参考那个github吧.

docker容器volume从容器里挂文件到宿主机

参考: 这几篇Dockerfile最佳实践很有必要去读一读.

http://blog.csdn.net/shanyongxu/article/details/51456444

http://blog.csdn.net/shanyongxu/article/details/51456592

http://blog.csdn.net/shanyongxu/article/details/51460930

http://blog.csdn.net/shanyongxu/article/details/51476997

后来发现,-v选项 之前是把容器外的数据挂容器里用 刚想把容器里的某个文件挂到宿主机用,

只能挂出 run之后容器产生的数据,

如nginx: 可以获取到nginx的access日志和error日志,因为这些日志都是容器启动后生成的

 docker run -itd -v /tmp/nginx/:/var/log/nginx/ -p 80:80 nginx

在比如centos: 我只在宿主机/tmp下发现hostname hosts resolv.conf这三个文件,这些文件是容器run之后产生的文件.

docker run -itd -v /tmp/etc/:/tmp/etc/ centos

nginx基于centos的dockerfile

参考: https://github.com/nginxinc/docker-nginx/blob/3ba04e37d8f9ed7709fd30bf4dc6c36554e578ac/mainline/stretch/Dockerfile

FROM centos:6.8

ENV NGINX_VERSION 1.13.6

RUN CONFIG="\
--user=nginx \
--group=nginx \
--prefix=/usr/local/nginx \
--with-http_stub_status_module \
--with-http_ssl_module \
" \
&& useradd nginx -s /sbin/nologin \
&& yum install openssl openssl-devel pcre pcre-devel gcc c++ -y \
&& curl -fSL http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz -o /usr/local/src/nginx-${NGINX_VERSION}.tar.gz \
&& tar -xvf /usr/local/src/nginx-$NGINX_VERSION.tar.gz -C /usr/local/src \
&& cd /usr/local/src/nginx-$NGINX_VERSION \
&& ./configure $CONFIG \
&& make \
&& make install \
&& rm -rf /usr/local/src/* RUN ln -sf /dev/stdout /usr/local/nginx/log/access.log \
&& ln -sf /dev/stderr /usr/local/nginx/log/error.log EXPOSE 80 443
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]

linux一键初始化linux

#!/bin/bash

# 近400行shell脚本分享:一键优化系统,安全设置、安装、配置常见服务lnmp,redis,mongodb,vpn,帮助开发迅速搭建开发环境,也可用于单机版生产环境。
echo "This script is for centos7"
function check {
if [ $? -ne 0 ];then
echo -e "\033[31m\n the last command exec failed,please check it \033[0m \n"
sleep 1
exit -1
fi
}
function initialize_system {
echo -e "\033[32m 1.关闭selinux \033[0m"
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
echo -e "\033[32m 2.开启时间同步 \033[0m"
cat /var/spool/cron/root|grep -w "/usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1"
[ $? -ne 0 ] && echo "0 0 * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null 2>&1" >>/var/spool/cron/root
echo -e "\033[32m crontab has been added successfully \033[0m"
echo -e "\033[32m 3.修改最大连接数unlimt=102400 \033[0m"
ulimit -n 102400
cat /etc/security/limits.conf |grep -w "* soft nofile 102400"
[ $? -ne 0 ] && echo "* soft nofile 102400" >>/etc/security/limits.conf
cat /etc/security/limits.conf |grep -w "* hard nofile 102400"
[ $? -ne 0 ] && echo "* hard nofile 102400" >>/etc/security/limits.conf
echo -e "\033[32m file handel has been successfully changed \033[0m"
echo -e "\033[32m 4.增加114.114.114.114的dns \033[0m"
cat /etc/resolv.conf|grep -w "nameserver=114.114.114.114"
[ $? -ne 0 ] && echo "nameserver=114.114.114.114" >>/etc/resolv.conf
echo -e "\033[32m dns successful \033[0m"
echo -e "\033[32m 5.设置ts=4 \033[0m"
cat /etc/vimrc|grep -w "set ts=4"
[ $? -ne 0 ] && echo "set ts=4" >>/etc/vimrc echo "install software dos2unix,telnet,lrzsz,wget,git,unzip,zip, crontabs openssl-devel gcc gcc-c++"
yum install dos2unix vim telnet lrzsz wget git unzip zip openssl-devel gcc gcc-c++ -y
}
function install_nginx {
echo "\033[36m\n 安装nginx \033[0 \n"
rpm -qa|grep nginx-release-centos-7-0.el7.ngx.noarch
if [ $? -ne 0 ];then
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
check;
fi
yum install -y nginx
check;
sed -i 's/user nginx nginx/user www www/g' /etc/nginx/nginx.conf
sed -i 's/worker_connections 1024/worker_connections 51024/g' /etc/nginx/nginx.conf
sed -i 's/worker_processes 1/worker_processes auto/g' /etc/nginx/nginx.conf
cat /etc/nginx/nginx.conf |grep -w "fastcgi_buffers 8 128k"
[ $? -ne 0 ] && sed -i '25ifastcgi_buffers 8 128k;' /etc/nginx/nginx.conf
cat /etc/nginx/nginx.conf |grep -w "client_max_body_size 8M;"
[ $? -ne 0 ] && sed -i '26iclient_max_body_size 8M;' /etc/nginx/nginx.conf
mv /etc/nginx/conf.d/default.conf{,.bak}
useradd www
service nginx restart
echo -e "\033[36m nginx install finished for the latest!配置文件位于/etc/nginx/ \033[0m "
echo -e "\033[36m\n ---请自行配置nginx--- \033[0m \n"
}
function install_php71 {
echo -e "\033[36m\n安装php7.1和php7.1的全部扩展\033[0m \n"
rpm -qa|grep epel-release-7
if [ $? -ne 0 ];then
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
check;
fi
rpm -qa|grep webtatic-release
if [ $? -ne 0 ];then
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
check;
fi
yum install -y php71w* --skip-broken
check;
echo -e "\033[36m\n 修改session权限 \033[0m \n"
useradd www
chown -R www.www /var/lib/php/
sed -i 's/user = apache/user = www/g' /etc/php-fpm.d/www.conf
sed -i 's/group = apache/group = www/g' /etc/php-fpm.d/www.conf
sed -i 's/pm.max_children = 50/pm.max_children = 1500/g' /etc/php-fpm.d/www.conf
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 10M/g' /etc/php.ini
echo -e "\033[36m user=www,group=www \033[0m"
echo -e "\033[36m php7.1 install finished!配置文件位于/etc/php.ini,/etc/php-fpm.conf \033[0m "
echo -e "\033[36m\n ---请自行配置php--- \033[0m \n"
service php-fpm restart
}
function install_php72 {
echo -e "\033[36m\n安装php7.2和php7.2的全部扩展\033[0m \n"
rpm -qa|grep epel-release-7
if [ $? -ne 0 ];then
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
check;
fi
rpm -qa|grep webtatic-release
if [ $? -ne 0 ];then
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
check;
fi
yum install -y php72w* --skip-broken
check;
echo -e "\033[36m\n 修改session权限 \033[0m \n"
useradd www
chown -R www.www /var/lib/php/
sed -i 's/user = apache/user = www/g' /etc/php-fpm.d/www.conf
sed -i 's/group = apache/group = www/g' /etc/php-fpm.d/www.conf
sed -i 's/pm.max_children = 50/pm.max_children = 1500/g' /etc/php-fpm.d/www.conf
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 10M/g' /etc/php.ini
echo -e "\033[36m user=www,group=www \033[0m"
echo -e "\033[36m php7.1 install finished!配置文件位于/etc/php.ini,/etc/php-fpm.conf \033[0m "
echo -e "\033[36m\n ---请自行配置php--- \033[0m \n"
service php-fpm restart
}
function install_mysql57 {
echo " 安装mysql5.7"
rpm -qa|grep mysql-community-release-el7-5.noarch
if [ $? -ne 0 ];then
rpm -Uvh https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
check;
fi
yum install -y mysql-community-server
check;
service mysqld start
check; # 配置mysql
mkdir -p /data/mysqllog
mkdir -p /data/mysqldata
chown -R mysql.mysql /data/mysqldata
chown -R mysql.mysql /data/mysqllog
echo "优化参数:最大连接数,设置编码utf8"
cat /etc/my.cnf |grep -w "max_connections = 1000"
[ $? -ne 0 ] && sed -i '/\[mysqld\]/a\max_connections = 1000' /etc/my.cnf
cat /etc/my.cnf |grep -w "character_set_server=utf8"
[ $? -ne 0 ] && sed -i '/\[mysqld\]/a\character_set_server=utf8' /etc/my.cnf
echo -e "\033[36m mysql install finished!配置文件位于/etc/my.cnf,密码为空\033[0m"
echo -e "\033[36m ---请自行配置mysql,如字符集utf8--- \033[0m"
}
function install_mysql56 {
echo " 安装mysql5.6"
rpm -qa|grep mysql-community-release-el7-5.noarch
if [ $? -ne 0 ];then
rpm -Uvh http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm
check;
fi
yum install -y mysql-community-server
check;
# 创建mysql数据,日志目录
mkdir -p /data/mysqllog
mkdir -p /data/mysqldata
chown -R mysql.mysql /data/mysqldata
chown -R mysql.mysql /data/mysqllog echo "创建mysql初始用户root 密码b9LdPvwyZEW>=o"
mysql -e "grant all privileges on *.* to root@'localhost' identified by 'b9LdPvwyZEW>=o'"; service mysqld start
check;
echo "优化参数:最大连接数,设置编码utf8"
cat /etc/my.cnf |grep -w "max_connections = 1000"
[ $? -ne 0 ] && sed -i '/\[mysqld\]/a\max_connections = 1000' /etc/my.cnf
cat /etc/my.cnf |grep -w "character_set_server=utf8"
[ $? -ne 0 ] && sed -i '/\[mysqld\]/a\character_set_server=utf8' /etc/my.cnf
echo -e "\033[36m mysql install finished!配置文件位于/etc/my.cnf,密码为空\033[0m"
echo -e "\033[36m ---请自行配置mysql,如字符集utf8--- \033[0m"
}
function modify_ssh {
echo " 修改ssh默认端口为8622"
sed -i 's/#Port 22/Port 8622/g' /etc/ssh/sshd_config
echo -e "\033[36m 关闭iptables/firewalld\033[0m"
service firewalld stop
checkconfig firewalld off
service sshd restart
service iptables restart
}
function add_ssh_key {
echo "add user of www ssh-key"
useradd www
mkdir -p /home/www/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqtBbOblU3zGch5MxJWFEJWneX3n6nSzZ1ii4c1JilgsbtfqaAVTh4IL6rVYZlJaKSAtQBy2fQ6HRhhGjghbVvfIRbV1nj1NiOMz9u0aEdq4NaSyehNAzFT2w2BZ7t6jYNavOkOm4ieO3lKO+hH5PIZNAcBvdCWn1FdSAB2NhfhazXVIHQGUSpuYuKR17bwsJjxlwI8tLm+6E1bt7OzxMalCBPre13RbxN1aJt9MZqQOkFopuIBcbhOj0v2E+8B1rYFx4QYazl3U8HEq6tWJxpEOLCTqMeD0YkjOik8kKjGxR+B57nhepidsIz1rUlnsc/2lCXv1mSKKAfUtl8wtmbaL" >/home/www/.ssh/authorized_keys
chown -R www.www /home/www/
chmod 600 /home/www/.ssh/authorized_keys
echo -e "\033[36m ---www用户的公钥添加到服务器成功,可以用证书登陆---\033[0m"
}
function install_mongodb4 {
echo "
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc">/etc/yum.repos.d/mongodb-org-4.0.repo
yum install -y mongodb-org
sed -i 's/^#security:/security:/g' /etc/mongod.conf cat /etc/mongod.conf |grep "authorization: enabled"
[ $? -ne 0 ] && sed -i '/^security:/a\ authorization: enabled' /etc/mongod.conf
systemctl start mongod
}
function install_redis50() {
echo “获取服务器eth0网口IP”
host=`/usr/sbin/ip addr |grep inet |grep -v inet6 |grep eth0|awk '{print $2}' |awk -F "/" '{print $1}'` echo "redis相关系统优化"
cat /etc/sysctl.conf |grep "^net.core.somaxconn="
[ $? -ne 0 ] && echo "net.core.somaxconn=5000" >> /etc/sysctl.conf cat /etc/sysctl.conf |grep "^vm.overcommit_memory="
[ $? -ne 0 ] && echo "vm.overcommit_memory=1" >> /etc/sysctl.conf
sysctl -p
echo never > /sys/kernel/mm/transparent_hugepage/enabled
cat /etc/rc.local |grep -w "echo never > /sys/kernel/mm/transparent_hugepage/enabled"
[ $? -ne 0 ] && echo "echo never > /sys/kernel/mm/transparent_hugepage/enabled" >>/etc/rc.local echo ""1.安装redis依赖
yum install -y gcc tcl echo "2.下载redis安装包"
cd /usr/local/src/ if [ ! -f ./redis-5.0.0.tar.gz ];then
wget http://download.redis.io/releases/redis-5.0.0.tar.gz
mkdir /usr/local/redis
tar -zxvf redis-5.0.0.tar.gz -C /usr/local/
mv /usr/local/redis-5.0.0 /usr/local/redis
cd /usr/local/redis
make
make install echo "创建redis配置文件"
mkdir /etc/redis/
cp /usr/local/redis/redis.conf /etc/redis/ echo "修改bind ip,"
sed -i "s/^bind 127.0.0.1/bind $host/g" /etc/redis/redis.conf
sed -i "s/^daemonize no/daemonize yes/g" /etc/redis/redis.conf
sed -i "s/^protected-mode yes/protected-mode no/g" /etc/redis/redis.conf cat /etc/redis/redis.conf |grep -w "^requirepass weqFcx12fds"
[ $? -ne 0 ] && echo "requirepass weqFcx12fds" >> /etc/redis/redis.conf
echo "启动redis"
/usr/local/redis/src/redis-server /etc/redis/redis.conf else
echo "安装包已存在,只修改配置"
echo "修改bind ip,"
sed -i "s/^bind 127.0.0.1/bind $host/g" /etc/redis/redis.conf
sed -i "s/^daemonize no/daemonize yes/g" /etc/redis/redis.conf
sed -i "s/^protected-mode yes/protected-mode no/g" /etc/redis/redis.conf
cat /etc/redis/redis.conf |grep -w "^requirepass dsf3#fs"
[ $? -ne 0 ] && echo "requirepass dsf3#fs" >> /etc/redis/redis.conf
fi
}
function install_openvpn(){
echo "1.安装openvpn依赖"
yum install openssl* gcc -y echo "2.安装lzo库"
cd /usr/local/src
if [ ! -f ./lzo-2.09.tar.gz ];then
wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.09.tar.gz
tar xf lzo-2.09.tar.gz
cd zo-2.09
./configure -prefix=/usr/local/lzo
make && make install
fi
echo "3.下载openvpn"
cd /usr/local/src
if [ ! -f ./openvpn-2.2.2.tar.gz ];then
wget http://oss.aliyuncs.com/aliyunecs/openvpn-2.2.2.tar.gz
tar xf openvpn-2.2.2.tar.gz
cd openvpn-2.2.2
./configure --prefix=/usr/local/openvpn --with-lzo-headers=/usr/local/lzo/include --with-lzo-lib=/usr/local/lzo/lib --with-ssl-headers=/usr/include/openssl --with-ssl-lib=/usr/lib64/openssl
make && make install echo "配置openvpn,初始化证书"
mkdir /etc/openvpn
cp /usr/local/openvpn/easy-rsa /etc/openvpn
cd /etc/openvpn/easy-rsa/2.0 echo "生成服务器证书,dh,ca证书"
source ./vars
./clean-all
./build-dh
echo -e "\033[32m 开始生成ca证书 \033[0m"
./build-ca
echo -e "\033[32m 开始生成server证书 \033[0m"
./build-key-server server
echo "拷贝证书文件到/etc/openvpn"
cd keys
cp ca.* server.* dh1024.pem /etc/openvpn
echo "获取内网地址段"
host=`/usr/sbin/ip addr |grep inet |grep -v inet6 |grep eth0|awk '{print $2}' |awk -F "/" '{print $1}'`
intranet=`echo $host|awk -F [.] '{print $1 "." $2 ".0.0"}'`
echo "生成服务端配置文件server.conf"
echo -e "port 1194 \nproto udp \ndev tuni \nca /etc/openvpn/ca.crt \ncert /etc/openvpn/server.crt \nkey /etc/openvpn/server.key \ndh /etc/openvpn/dh1024.pem \nserver 10.10.0.0 255.255.255.0 \nifconfig-pool-persist ipp.txt \npush 'route $intranet 255.255.0.0' \npush 'dhcp-option DNS 8.8.8.8' \npush 'dhcp-option DNS 114.114.114.114' \npush 'dhcp-option DNS 74.207.242.5' \nclient-to-client \nduplicate-cn \nkeepalive 10 120 \ncomp-lzo \nuser nobody \ngroup nobody \npersist-key \npersist-tun \nstatus /var/log/openvpn-status.log \nlog /var/log/openvpn.log \nlog-append /var/log/openvpn.log \n#crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem \n" >/etc/openvpn/server.conf # 创建openvpn客户端证书
create_openvpn_client_key
echo "开启ip转发"
cat /etc/sysctl.conf|grep -w "net.ipv4.ip_forward = 1"
[ $? -ne 0 ] && echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
sysctl -p echo "iptables开启vpn流量转发"
echo "禁止firewall"
systemctl stop firewalld.service
systemctl disable firewalld.service
yum install iptables-services -y
sed -i 's/^-A INPUT -j REJECT --reject-with icmp-host-prohibited/#-A INPUT -j REJECT --reject-with icmp-host-prohibited/g' /etc/sysconfig/iptables
sed -i 's/^-A FORWARD -j REJECT --reject-with icmp-host-prohibited/#-A FORWARD -j REJECT --reject-with icmp-host-prohibited/g' /etc/sysconfig/iptables
cat /etc/sysconfig/iptables |grep -w "A POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE"
if [ $? -ne 0 ];then
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE
service iptables save
chkconfig iptables on
service iptables restart
fi echo -e "\033[32m 启动openvpn \033[0m"
/usr/local/openvpn/sbin/openvpn --daemon --config /etc/openvpn/server.conf
cat /etc/rc.local |grep -w "/usr/local/openvpn/sbin/openvpn --daemon --config /etc/openvpn/server.conf"
[ $? -ne 0 ] && echo "/usr/local/openvpn/sbin/openvpn --daemon --config /etc/openvpn/server.conf" >>/etc/rc.local echo -e "\033[31m\n 防火墙开启udp:1194端口 \033[0m \n"
else
echo "安装文件已存在" fi }
function create_openvpn_client_key(){
#获取公网IP
public_ip=`curl http://members.3322.org/dyndns/getip` echo -e "\033[32m 开始创建openvpn客户端证书 \033[0m"
read -p "请输入你的key名: " keyname
cd /etc/openvpn/easy-rsa/2.0
source ./vars
./build-key $keyname echo "生成windows客户端client.ovpn文件"
cd /etc/openvpn/easy-rsa/2.0/keys
echo -e "client \ndev tun \nproto udp \nremote $public_ip 1194 \nresolv-retry infinite \nnobind \npersist-key \npersist-tun \nca ca.crt \ncert ${keyname}.crt \nkey ${keyname}.key \nremote-cert-tls server \ncomp-lzo \nverb 3" > client.ovpn
echo -e "\033[32m 打包证书 \033[0m"
tar -zcvf ${keyname}.tar.gz ca.* ${keyname}.crt ${keyname}.key client.ovpn echo -e "\033[32m 下载证书 \033[0m"
sz ${keyname}.tar.gz
}
echo -e "\033[31m\n----选择你想安装的软件----\033[0m \n"
echo -e "\033[32m \"0. initialize_system(优化系统)\" input \"0\" \033[0m \n"
echo -e "\033[32m \"1. Nginx for latest\" input \"1\" \033[0m \n"
echo -e "\033[32m \"2. php7.1\" input \"2\" \033[0m \n"
echo -e "\033[32m \"3. mysql5.7\" input \"3\" \033[0m \n"
echo -e "\033[32m \"4. modify ssh port to 8622\" input \"4\" \033[0m \n"
echo -e "\033[32m \"5. add ssh-key\" input \"5\" \033[0m \n"
echo -e "\033[32m \"6. install mongodb4\" input \"6\" \033[0m \n"
echo -e "\033[32m \"7. install mysql5.6\" input \"7\" \033[0m \n"
echo -e "\033[32m \"8. install php7.2\" input \"8\" \033[0m \n"
echo -e "\033[32m \"9. install redis5.0\" input \"9\" \033[0m \n"
echo -e "\033[32m \"10. install openvpn2.2\" input \"10\" \033[0m \n"
echo -e "\033[32m \"11. create openvpn客户端证书\" input \"11\" \033[0m \n"
read -p "please choice which software do you want to install ?" input case "$input" in
0) initialize_system;
;;
1) install_nginx;
;;
2) install_php71;
;;
3) install_mysql57;
;;
4) modify_ssh;
;;
5) add_ssh_key;
;;
6) install_mongodb4;
;;
7) install_mysql56;
;;
8) install_php72;
;;
9) install_redis50;
;;
10) install_openvpn;
;;
11) create_openvpn_client_key;
;;
*) echo -e "\033[31m Input Error! \033[0m" && exit -1;;
esac

[docker]一些经常或不经常用到的镜像启动方法-一些常用的docker启动方式的更多相关文章

  1. 一步步搭建docker私有仓库并从私有仓库中下载镜像

    一步步搭建docker私有仓库 #下载镜像 docker pull registry#查看镜像 docker images #运行私有仓库,指定端口和数据卷 docker run -d -p : -v ...

  2. 如何启动一个已经创建的docker 容器,并进入SHELL 对其操作

    腾讯云使用自己的docker镜像安装后无法启动,下边这个亲测是可用的 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A ...

  3. 阿里云部署Docker(6)----解决删除&lt;none&gt;镜像问题

    转载请注明来源,本博客原创作者为:http://blog.csdn.net/minimicall?viewmode=contents 在Docker使用中,常常会碰到删除镜像不成功.反而让镜像变成了& ...

  4. Docker系列(四)Centos6.5 搭建私人镜像仓库 v2

    .下载.运行registry 下载registry镜像: $ docker pull hub.c.163.com/library/registry 这个下载的过程有点长,耐心等待一下.O(∩_∩)O哈 ...

  5. docker Dockerfile指令ADD和COPY的区别,添加目录方法

    docker Dockerfile指令ADD和COPY的区别,添加目录方法 ADD指令的功能是将主机构建环境(上下文)目录中的文件和目录.以及一个URL标记的文件 拷贝到镜像中.其格式是: ADD 源 ...

  6. Docker学习笔记之常用的 Docker Compose 配置项

    0x00 概述 与 Dockerfile 一样,编写 Docker Compose 的配置文件是掌握和使用好 Docker Compose 的前提.编写 Docker Compose 配置文件,其本质 ...

  7. docker(三)docker镜像和镜像发布方法

    一.从公网docker hub 拉取image ~ # 搜索docker search centos~ » docker pull centos admin@steven- Using default ...

  8. Docker技术入门与实战 第二版-学习笔记-4-Dockerfile外其他生成镜像的方法

    其它生成镜像的方法 即除了标准地使用Dockerfile来生成镜像外,还有一些其他的方法 1)从 rootfs 压缩包导入 格式:docker import [选项] <文件>|<U ...

  9. docker之创建MariaDB镜像的方法

    一.基于commit命令方式创建 docker的安装 ? 1 2 3 [root@test01 ~]# yum install docker [root@test01 ~]# systemctl en ...

随机推荐

  1. 关于XUtils框架细解

    感谢关注xUitls的网友最近一段时间给予的热心反馈,xUtils近期做了很多细节优化之后,功能和api已经稳定. 1.9.6主要更新内容:Bitmap加载动画有时重复出现的问题修复,加载过程优化; ...

  2. nodejs调试利器:supervisor

    测试多了,是不是感觉每次要重新node一次app.js,很烦恼? 用supervisor,只有有改动,页面刷新就可以看到效果,不用重启node.js 安装: npm -g install superv ...

  3. WinCE5.0开发环境的建立

    目前WinCE5.0的开发工具主要有以下几种:Platform Builder5.0.EVC4.0+SP4.Visual Studio2005.其中Platform Builder主要用于定制WinC ...

  4. Go -- php 中的pack("H*", $string) 转换成go

    pack("H*", $string) 转化成这样: //16进制字符串转[]byte func HexToByte(hex string) []byte { length := ...

  5. Jenkins的slave异常:Exception in thread "main" java.lang.ClassNotFoundException: hudson.remoting.Launcher

    当任务分配到slave上执行时,报如下错误: Parsing POMs Established TCP socket on 38257 maven33-agent.jar already up to ...

  6. VMware Workstation 重启服务脚本 解决连不上ssh问题

    解决虚拟机,每次启动连不上ssh问题,需要关闭虚拟机,再执行脚本.执行完后,再启动虚拟机就可以连上ssh啦! 脚本名称:vmware_server_restart.bat (请以管理员身份运行,否则可 ...

  7. 流畅的python第一章python数据模型学习记录

    python中有些特殊的方法,以双上下划线开头,并以双下划线结束的方法.如__getitem__,这些方法是特殊的方法,供python解释权内部使用,一般来说不需要调用 还有一种是以双下划线开头的,如 ...

  8. VB6.0中数组的定义实測

    作者:iamlasong 1.环境 Visual Basic 6.0精简版,由于仅仅做一些小工具,认为这个已经够了.我认为.编程语言.数据库等东西,不一定要用最新的,适合.够用就好,比方Win8都出来 ...

  9. 抓取网页图片的脚本(javascript)

    抓取网页图片的脚本(javascript) 本文地址: http://blog.csdn.net/caroline_wendy/article/details/24172223 脚本内容 (没有换行) ...

  10. 几个免费的DNS地址

    百度CDN 180.76.76.76 114.114.114.114 阿里CDN 223.5.5.5 223.6.6.6 googleCDN 8.8.8.8 国内外DNSserver地址列表 http ...