Docker
常用容器服务
为知笔记
docker run --name wiz \
--restart=always \
-d \
-v $PWD/wiz:/wiz/storage \
-p 8085:80 \
-p 9269:9269/udp \
wiznote/wizserver
## 升级最新版本的话, 只需要把之前启动的容器删除, 拉取最新镜像, 再次执行上面的 run 命令即可
docker stop wiz
docker rm wiz
docker pull wiznote/wizserver:latest # 拉取最新镜像完成之后, 再次执行上面的 docker run ... 命令, 注意目录路径
note
默认管理员账号: admin@wiz.cn
, 密码: 123456
。请在部署完成后,使用这个账号,登录网页版,然后修改管理员密码。其他用户,请自行注册。免费版本可以注册5个用户(不包含管理员账号).
Bitwarden
Bitwarden - 密码服务的第三方开源实现 vaultwarden
docker run -d \
--name vaultwarden \
-e DOMAIN=https://your-domain.com \
-v $PWD/vw-data/:/data/ \
-p 8082:80 \
--restart=unless-stopped \
vaultwarden/server:latest
Portainer
容器管理服务, portainer/portainer-ce, 官网
docker run -d -p 8083:8000 -p 8084:9000 --name portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $PWD/portainer:/data \
portainer/portainer-ce:2.11.1-alpine
code-server
# 显示帮助
docker run -it --rm alanway/code-server --help
# 运行一个在线编辑器
docker run --name blog-editor -d \
-p 8086:80 \
-v $PWD:/app \
--restart=unless-stopped \
alanway/code-server
下面是我的博客项目使用示例:
Dockerfile
FROM alanway/code-server:latest
# code server 监听的端口号
EXPOSE 80
WORKDIR /usr/local
# 下载 node.js
ADD https://registry.npmmirror.com/-/binary/node/v16.14.0/node-v16.14.0-linux-x64.tar.gz ./
# 解压node
RUN tar xvf node-v16.14.0-linux-x64.tar.gz
# 设置账号名和UID, 可以使用 --build-arg 参数修改
ARG USER=alan
ARG USER_ID=1000
# 添加账号, 并把 node 的解压目录所有人改成新建的账号
RUN useradd --create-home --uid $USER_ID --user-group --shell /bin/bash $USER \
&& chown -hR $USER:$USER node-v16.14.0-linux-x64
# 设置容器默认账号为新账号
USER $USER
# 添加环境变量
RUN echo 'export PATH="$PATH:/usr/local/node-v16.14.0-linux-x64/bin/"' >> ~/.bashrc
# 以下资源会被拷贝一份新的到容器里
# 防止使用code editor是修改这些文件
WORKDIR /app
COPY --chown=$USER ./.vscode ./.vscode
COPY --chown=$USER ./scripts/utils.js ./scripts/utils.js
COPY --chown=$USER ./*.js ./
COPY --chown=$USER ./*.json ./
执行以下脚本创建容器并运行
docker build --file Dockerfile --tag blog-editor ./ # 在本地构建镜像
# 运行容器, 运行成功之后访问 localhost:8086 即可 访问在线版vsc了
# 将物理机的 8086 端口号映射到容器里的80端口
# 把当前文件夹的 src 目录映射到容器里的 /app/src 这样访问 localhost:8086 就可以修改物理机上src目录下的文件了
docker run --name blog-editor-container -d \
-p 8086:80 \
-v $PWD/src:/app/src \
-v $PWD/static:/app/static \
--restart=unless-stopped \
blog-editor
wireguard
docker run -d \
--name=wireguard \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
-e SERVERURL=172.105.199.140 \
-e SERVERPORT=51820 \
-e PEERS=1 \
-e PEERDNS=auto \
-e INTERNAL_SUBNET=10.13.13.0 \
-p 51820:51820/udp \
-v $PWD/config:/config \
-v /lib/modules:/lib/modules \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
linuxserver/wireguard
注意上述命令中的 SERVERURL=172.105.199.140
IP指的是你服务器的公网IP
transmission
docker run -d \
--name=transmission \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Asia/Shanghai \
-e USER=alan \
-e PASS=123456 \
-p 9091:9091 \
-p 51413:51413 \
-p 51413:51413/udp \
-v $PWD/conofig:/config \
-v $PWD/downloads:/downloads \
-v $PWD/watch:/watch \
--restart unless-stopped \
lscr.io/linuxserver/transmission
docker run -d -p 3090:3000 -v $PWD/downloads:/downloads jpillora/cloud-torrent
qBittorrent
docker run -d \
--name=qbittorrent \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Asia/Shanghai \
-e WEBUI_PORT=8090 \
-p 8090:8090 \
-p 8091:6881/tcp \
-p 8091:6881/udp \
-v $PWD/qbittorrent/config:/config \
-v $PWD/qbittorrent/downloads:/downloads \
--restart unless-stopped \
linuxserver/qbittorrent
# OR lscr.io/linuxserver/qbittorrent:latest
启动之后访问 http://localhost:8090
, 默认账号密码为 admin/adminadmin
.
aria2 pro
Docker CLI
via Aria2 Pro - 更好用的 Aria2 Docker 容器镜像
Docker CLI
docker run -d \
--name aria2-pro \
--restart unless-stopped \
--log-opt max-size=1m \
--network host \
-e PUID=$UID \
-e PGID=$GID \
-e UMASK_SET=022 \
-e RPC_SECRET=password \
-e RPC_PORT=6800 \
-p 8100:6800 \
-e LISTEN_PORT=6888 \
-p 8101:6888 \
-p 8102:6888/udp \
-v $PWD/aria2/config:/config \
-v $PWD/aria2/downloads:/downloads \
p3terx/aria2-pro && \
docker run -d \
--name ariang \
--log-opt max-size=1m \
--restart unless-stopped \
-p 8103:6880 \
p3terx/ariang
清理脚本
docker stop aria2-pro && \
docker rm aria2-pro && \
docker stop ariang && \
docker rm ariang
Docker Compose
docker-compose.yml
version: "3.3"
services:
Aria2-Pro:
container_name: aria2-pro
image: p3terx/aria2-pro
environment:
- PUID=65534
- PGID=65534
- UMASK_SET=022
- RPC_SECRET=P3TERX
- RPC_PORT=6800
- LISTEN_PORT=6888
- DISK_CACHE=64M
- IPV6_MODE=false
- UPDATE_TRACKERS=true
- CUSTOM_TRACKER_URL=
- TZ=Asia/Shanghai
volumes:
- ${PWD}/aria2/config:/config
- ${PWD}/aria2/downloads:/downloads
# If you use host network mode, then no port mapping is required.
# This is the easiest way to use IPv6 networks.
network_mode: host
# network_mode: bridge
# ports:
# - 6800:6800
# - 6888:6888
# - 6888:6888/udp
restart: unless-stopped
# Since Aria2 will continue to generate logs, limit the log size to 1M to prevent your hard disk from running out of space.
logging:
driver: json-file
options:
max-size: 1m
# AriaNg is just a static web page, usually you only need to deploy on a single host.
AriaNg:
container_name: ariang
image: p3terx/ariang
command: --port 6880 --ipv6
network_mode: host
# network_mode: bridge
# ports:
# - 6880:6880
restart: unless-stopped
logging:
driver: json-file
options:
max-size: 1m
文件传输
基于 mozilla/send 制作的镜像:
docker run -d -p 8090:1443 --name firefox-send-pod alanway/firefox-send
阿里云盘 WebDAV
将阿里云盘挂载成 WebDAV 服务:
docker run -d --name=aliyundrive-webdav --restart=unless-stopped -p 8091:8080 \
-v $PWD/aliyundrive-webdav/:/etc/aliyundrive-webdav/ \
-e REFRESH_TOKEN='your refresh token' \
-e WEBDAV_AUTH_USER=admin \
-e WEBDAV_AUTH_PASSWORD=admin \
messense/aliyundrive-webdav
上面的参数 REFRESH_TOKEN
值是阿里云盘的token, 打开并登录阿里云盘, 在控制台执行 JSON.parse(localStorage.token).refresh_token
即可看到.
Jetbrains Projector
基于Docker的 Projector
docker pull registry.jetbrains.team/p/prj/containers/projector-clion
docker pull registry.jetbrains.team/p/prj/containers/projector-datagrip
docker pull registry.jetbrains.team/p/prj/containers/projector-goland
docker pull registry.jetbrains.team/p/prj/containers/projector-idea-c
docker pull registry.jetbrains.team/p/prj/containers/projector-idea-u
docker pull registry.jetbrains.team/p/prj/containers/projector-phpstorm
docker pull registry.jetbrains.team/p/prj/containers/projector-pycharm-c
docker pull registry.jetbrains.team/p/prj/containers/projector-pycharm-p
docker pull registry.jetbrains.team/p/prj/containers/projector-webstorm
docker run --rm -p 8887:8887 -it IMAGE_NAME
RabbitMQ
启动一个RabbitMQ服务:
docker run -d --hostname rabbit-svr \
--name rabbit-svr \
-e RABBITMQ_DEFAULT_USER=admin \
-e RABBITMQ_DEFAULT_PASS=xxxxxx \
-e RABBITMQ_DEFAULT_VHOST=default \
-p 5672:5672 \
-p 15672:15672 \
--restart unless-stopped \
rabbitmq:3.10-management
Redis
docker run -d --name redis-svr \
--restart unless-stopped \
-v $PWD:/data \
-p 6379:6379 \
redis:7
# ref https://developer.redis.com/create/docker/redis-on-docker/
docker run -d \
--name redis-stack \
-p 6379:6379 \
-p 8001:8001 \
--restart unless-stopped \
-v $PWD/redis/:/data \
redis/redis-stack:latest
Plex 流媒体服务
docker run -d \
--name=plex \
--net=host \
-e PUID=1000 \
-e PGID=1000 \
-e VERSION=docker \
-p 32400:32400 \
-v $PWD/plex/library:/config \
-v $PWD/plex/tvseries:/tv \
-v $PWD/plex/movies:/movies \
--restart unless-stopped \
lscr.io/linuxserver/plex:latest
然后访问 http://localhost:32400
, 使用命令 sudo ufw allow 32400
开放外网访问.
Live Stream Server 直播服务
docker run -d \
-p 1935:1935 \
--name nginx-rtmp \
--restart unless-stopped \
tiangolo/nginx-rtmp
更多细节参考 Live Stream Server
webtop
Linux Web版远程桌面
docker run -d \
--name=webtop \
--security-opt seccomp=unconfined \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Asia/Shanghai \
-e SUBFOLDER=/ \
-e KEYBOARD=en-us-qwerty \
-e TITLE=Webtop \
-p 8095:3000 \
-v $PWD/webtop/config:/config \
--shm-size="1gb" \
--restart unless-stopped \
lscr.io/linuxserver/webtop:latest
Ubuntu Web桌面版本
docker run -d --name ubuntu-desktop \
--shm-size=8g \
-m 8GB \
-p 6901:6901 \
-e VNC_UN=ubuntu \
-e VNC_PW=ubuntu \
--restart unless-stopped \
registry.cn-hangzhou.aliyuncs.com/alanwei/ubuntu-desktop:22.04-chrome-104
Next Cloud
简单版本
docker run -d \
--name nextcloud \
-p 8096:80 \
-v $PWD/nextcloud:/var/www/html \
-e NEXTCLOUD_ADMIN_USER=alan \
-e NEXTCLOUD_ADMIN_PASSWORD=123456 \
-e SQLITE_DATABASE=db \
--restart unless-stopped \
nextcloud
完整版本
compose.yml
version: "3"
services:
webservice:
image: nextcloud:25.0.3
container_name: nextcloud-web
volumes:
- ./web:/var/www/html
environment:
- TZ=Asia/Shanghai
# - NEXTCLOUD_ADMIN_USER=your_name # 可选参数
# - NEXTCLOUD_ADMIN_PASSWORD=your_password # 可选参数
# - NEXTCLOUD_TRUSTED_DOMAINS=your_domain # 可选参数
- REDIS_HOST=redis
- MYSQL_HOST=db
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=dbuser
- MYSQL_PASSWORD=dbpassword
ports:
- 8096:80
restart: unless-stopped
networks:
- redisnet
- dbnet
redis:
image: redis:alpine
container_name: nextcloud-redis
restart: unless-stopped
networks:
- redisnet
expose:
- 6379
db:
image: mariadb:10.5
container_name: nextcloud-db
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
environment:
- TZ=Asia/Shanghai
- MARIADB_DATABASE=nextcloud
- MARIADB_USER=dbuser
- MARIADB_PASSWORD=dbpassword
- MARIADB_ROOT_PASSWORD=dbpassword
volumes:
- ./db:/var/lib/mysql
restart: unless-stopped
networks:
- dbnet
expose:
- 3306
networks:
dbnet:
redisnet:
然后执行 docker-compose up -d
.
daemon.json 常用配置
参考:
/etc/docker/daemon.json
{
"registry-mirrors": ["https://xxxx.mirror.aliyuncs.com"],
"hosts": ["unix:///var/run/docker.sock", "tcp://127.0.0.1:2375"]
}
修改文件之后, 执行以下命令重启 Docker 使之生效:
systemctl restart docker
常用命令
删除 none 镜像
# via https://stackoverflow.com/questions/33913020/docker-remove-none-tag-images
docker image prune
发布镜像到阿里云
构建镜像
构建目录为当前目录
docker build --file ./Dockerfile.local --tag code-server:latest ./
--file
指定Dockerfile文件路径--tag
格式为 name:tag, 其中 :tag 可以省略
关联标记镜像
下面将本地镜像关联到阿里云账号下:
docker tag code-server:latest registry.cn-hangzhou.aliyuncs.com/alanwei/code-server:latest
docker对镜像名字解析规则如下:
name:tag
使用本地镜像或者官方维护的镜像, 比如上述的 code-server:latest 就是本地镜像, 而 nginx:latest 就是官方镜像, 其中 tag 可以省略, 默认为 latestuser/name:tag
使用的是 docker hub 上的个人镜像, 比如 alanway/code-server:4.0.2 就是 docker hub 用户alanway发布的镜像domain-host/user/name:tag
使用的就是 domain-host 私服提供的镜像, 而 user 一般指的是私服上的用户id, 比如上面提到的阿里云的镜像私服就是registry.cn-hangzhou.aliyuncs.com, 而alanwei就是阿里云账号id
推送到阿里云
docker login --username=[email] registry.cn-hangzhou.aliyuncs.com # 登陆阿里云账号
docker push registry.cn-hangzhou.aliyuncs.com/alanwei/code-server:latest # 推送第二步骤关联的阿里云镜像