Docker officially encapsulates the warehouse as an image. You can deploy the warehouse directly by starting the container
Experimental environment
Physical machine 172.25.41.250
I. warehouse authentication mechanism
1. certificate
[root@foundation41 docker]# docker run -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -p 443:443 registry:2
[root@foundation41 docker]# docker ps -a
[root@foundation41 ~]# iptables -t nat -nL
[root@foundation41 certs.d]# mkdir westos.org
[root@foundation41 certs.d]# cd westos.org/
[root@foundation41 westos.org]# ls
[root@foundation41 westos.org]# cp /tmp/docker/certs/domain.crt .
[root@foundation41 westos.org]# ls
domain.crt
[root@foundation41 westos.org]# mv domain.crt ca.crt
[root@foundation41 westos.org]# ls
ca.crt
[root@foundation41 westos.org]# cd
[root@foundation41 ~]# docker push westos.org/nginx
2. warehouse
[root@foundation41 docker]# docker ps
[root@foundation41 docker]# docker rm -f registry
[root@foundation41 docker]# docker run -it --name vm1 -v /data1 ubuntu
root@55b40438a21b:/# mount
[root@foundation41 docker]# docker inspect vm1
[root@foundation41 docker]# docker inspect vm1 |grep vol
"Type": "volume",
"Source": "/var/lib/docker/volumes/17dd941ce05d840b5b0b94c973835a538cf72a674c10b25660f8e742052aa77a/_data",
[root@foundation41 docker]# cd /var/lib/docker/volumes/17dd941ce05d840b5b0b94c973835a538cf72a674c10b25660f8e742052aa77a/_data
[root@foundation41 _data]# ls
[root@foundation41 _data]# cp /etc/passwd .
[root@foundation41 _data]# ls
passwd
[root@foundation41 ~]# docker container attach vm1
root@55b40438a21b:/data1# ls
passwd
root@55b40438a21b:/data1# pwd
/data1
II. Independent volume
1. Add independent volume
root@foundation41 ~]# docker run -d --name vm2 -v /usr/share/nginx/html nginx
[root@foundation41 ~]# docker inspect vm2 |grep vol
"Type": "volume",
"Source": "/var/lib/docker/volumes/25032c212664fb0aed24a48088e09839a06f734a4d12d157994ea3eaaff4345b/_data", #source
[root@foundation41 ~]# cd /var/lib/docker/volumes/25032c212664fb0aed24a48088e09839a06f734a4d12d157994ea3eaaff4345b/_data
[root@foundation41 _data]# ls
50x.html index.html
2. Delete independent volume
vm2
[root@foundation41 ~]# docker ps -a
[root@foundation41 ~]# docker stop vm2
[root@foundation41 ~]# docker rm vm2
[root@foundation41 ~]# docker volume rm 25032c212664fb0aed24a48088e09839a06f734a4d12d157994ea3eaaff4345b #Delete vm2 standalone volume
[root@foundation41 ~]# cd -
vm1
[root@foundation41 ~]# docker stop vm1
[root@foundation41 ~]# docker rm vm1
[root@foundation41 ~]# docker volume rm 17dd941ce05d840b5b0b94c973835a538cf72a674c10b25660f8e742052aa77a #Delete vm1 standalone volume
[root@foundation41 ~]# docker volume ls #View stand-alone volumes
[root@foundation41 ~]# docker volume rm `docker volume ls -q` #Delete standalone volume
[root@foundation41 ~]# docker volume ls
[root@foundation41 test]# mkdir nginx/html -p
[root@foundation41 test]# cd ..
[root@foundation41 test]# vim Dockerfile
[root@foundation41 test]# cat Dockerfile
FROM rhel7
ADD html.tar /usr/share
VOLUME ["/usr/share/nginx/html"]
[root@foundation41 docker]# cd web/
[root@foundation41 web]# ls
index.html nginx.tar
[root@foundation41 web]# mv index.html /tmp/docker/test/nginx/html/
[root@foundation41 web]# ls
nginx.tar
[root@foundation41 web]# cd ..
[root@foundation41 docker]# cd test/
[root@foundation41 test]# ls
Dockerfile html.tar nginx
[root@foundation41 test]# tar cf html.tar nginx/
[root@foundation41 test]# tar tf html.tar
nginx/
nginx/html/
nginx/html/index.html
[root@foundation41 test]# docker build -t rhel7:v4 .
[root@foundation41 test]# docker run -d --name vm1 --volumes-from vol nginx
[root@foundation41 test]# docker inspect vm1
[root@foundation41 test]# curl 172.17.0.2
<h1>hello world </h1>
[root@foundation41 test]# cd /tmp/docker/test/nginx/html/
[root@foundation41 html]# cat index.html
<h1>hello world </h1>
III. authentication password
[root@foundation41 html]# cd /tmp/docker/
[root@foundation41 docker]# mkdir auth
[root@foundation41 docker]# cd auth/
[root@foundation41 auth]# ls
[root@foundation41 auth]# cd ..
[root@foundation41 docker]# docker ps
[root@foundation41 docker]# docker rm -f -v vm1
[root@foundation41 docker]# docker ps -a
[root@foundation41 docker]# docker rm -v vol
[root@foundation41 docker]# docker ps -a
[root@foundation41 docker]# docker volume ls
[root@foundation41 docker]# ls
[root@foundation41 docker]# docker run --entrypoint htpasswd registry:2 -Bbn westos westos > auth/htpasswd
[root@foundation41 docker]# cat auth/htpasswd
westos:$2y$05$3hk/eG.RXBCMvuEOu/DgiehGvzZ87d63O0STH677gPGw/KhTuOkm2
[root@foundation41 docker]# docker run --entrypoint htpasswd registry:2 -Bbn admin admin >> auth/htpasswd
[root@foundation41 docker]# cat auth/htpasswd
westos:$2y$05$3hk/eG.RXBCMvuEOu/DgiehGvzZ87d63O0STH677gPGw/KhTuOkm2
admin:$2y$05$IOv4Dhl5H86YmuGmlv5oCetH9slaU2ks7M0uROxfU7Pzyo8eXpITy
[root@foundation41 docker]# docker ps -a
[root@foundation41 docker]# htpasswd -cm htpaswd westos #-c: creation
[root@foundation41 docker]# cat htpaswd
westos:$apr1$SvhLg279$pNUwxfF9vBfENEVKyh5Jt/
[root@foundation41 docker]# htpasswd -m htpaswd admin #Do not add c for the second time, or it will be covered
[root@foundation41 docker]# cat htpaswd
westos:$apr1$SvhLg279$pNUwxfF9vBfENEVKyh5Jt/
admin:$apr1$V71rZV3j$YkDjFyDOa4POyPnyd.1tY/
[root@foundation41 ~]# cd /tmp/docker/
[root@foundation41 docker]# docker run -d --restart=always --name registry -v `pwd`/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -p 443:443 registry:2 #Authentication
[root@foundation41 docker]# docker ps
[root@foundation41 ~]# docker tag rhel7 westos.org/rhel7
[root@foundation41 ~]# docker push westos.org/rhel7
[root@foundation41 ~]# docker login -u westos -p westos westos.org
[root@foundation41 ~]# ping westos.org
[root@foundation41 ~]# netstat -antlp |grep :443
tcp6 0 0 :::443 :::* LISTEN 16999/docker-proxy
[root@foundation41 ~]# cd .docker/
[root@foundation41 .docker]# ls
config.json
[root@foundation41 .docker]# cat config.json
IV. load balancing
1. Install httpd automatically
[root@foundation41 docker]# vim Dockerfile
FROM rhel7
ENV HOSTNAME server1
MAINTAINER jay@2983088484.com
EXPOSE 80
COPY dvd.repo /etc/yum.repos.d/dvd.repo
RUN rpmdb --rebuilddb && yum install -y httpd && yum clean all
VOLUME ["/var/www/html"]
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
[root@foundation41 docker]# docker build -t rhel7:v1 .
2. Write the docker-compose.yml file, which is the main template file used by Compose
[root@foundation41 ~]# cd /tmp/docker/
[root@foundation41 docker]# ls
auth certs Dockerfile dvd.repo ssh supervisord.conf test web
[root@foundation41 docker]# mkdir compose
[root@foundation41 docker]# cd compose/
[root@foundation41 compose]# vim docker-compose.yml
apache:
image: rhel7:v1
expose:
- 80
volumes:
#Volume mount path settings. You can set the host path (HOST:CONTAINER) or add the access mode (HOST:CONTAINER:ro).
- ./web:/var/www/html
nginx:
image: nginx
expose:
- 80
haproxy:
image: haproxy
volumes:
- ./haproxy:/usr/local/etc/haproxy
links:
#Links to containers in other services. Either service name (also as alias) or service name: Service alias (SERVICE:ALIAS) can be used
- apache
- nginx
ports:
- "8080:80"
expose:
- 80
3. The haproxy directory generates a haproxy.cfg file in it
[root@foundation41 compose]# mkdir haproxy
[root@foundation41 compose]# cd haproxy/
[root@foundation41 haproxy]# vim haproxy.cfg
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
stats uri /status
frontend balancer
bind 0.0.0.0:80
default_backend web_backends
backend web_backends
balance roundrobin
server web1 apache:80 check
server web2 nginx:80 check
[root@foundation41 compose]# cd ..
[root@foundation41 docker]# cp -r web/ compose/
[root@foundation41 docker]# cd compose/
4. Make soft connection
[root@foundation41 ~]# cd /usr/local/bin/
[root@foundation41 bin]# ls
docker-compose-Linux-x86_64-1.22.0
[root@foundation41 bin]# chmod +x docker-compose-Linux-x86_64-1.22.0
[root@foundation41 bin]# ls
docker-compose-Linux-x86_64-1.22.0
[root@foundation41 bin]# ln -s docker-compose-Linux-x86_64-1.22.0 docker-compose
[root@foundation41 bin]# ll
Docker compose command
Most commands can run on one or more services. If there is no special explanation,The command is applied to all services in the project. implement docker-compose [COMMAND] –help Check the instructions for a specific command.
//The basic format is docker compose [options] [command] [args ]Options – verbose outputs more debugging information. – version print the version and exit.
-f, –file FILE Use specific compose template file,Default is docker-compose.yml.
-p, –project-name NAME Specify project name,Use directory name by default
kill #Force the service container to stop by sending a SIGKILL signal. Support to specify the signal to be sent through parameters, such as $docker compose kill - s SIGINT
logs #View the output of the service
port #Public port for print binding
ps #List all containers.
pull #Pull the service image.
rm #Delete the stopped service container.
run #Execute a command on a service
start #Start an existing service container.
stop #Stop a container that is already running, but do not delete it. You can start these contents again through docker compose start
//Device.
up #Build, recreate, start, link a service related container. Linked services will start unless they are already running. By default, docker compose up will integrate the output of all containers, and when you exit, all containers will stop. If docker compose up - D is used, all containers will be started and run in the background.
//By default, if the container of the service already exists, docker compose up will stop and try to recreate them (keep the volumes from mounted volumes) to ensure that the changes of docker-compose.yml take effect. If you don't want the container to be stopped and recreated, you can use docker compose up – no recreate. If necessary, this will start the container that has been stopped.
[root@foundation41 compose]# docker-compose -v
[root@foundation41 compose]# docker-compose up
Website: 172.25.41.250:8080
Load balancing
172.25.41.250:8080/status
Health examination
Test:
[root@foundation41 compose]# docker-compose start
[root@foundation41 compose]# docker ps -a
[root@foundation41 compose]# docker stop compose_apache_1 #Stop httpd
No load balancing
[root@foundation41 compose]# docker start compose_apache_1
[root@foundation41 compose]# docker ps -a