linux-tutorial/docker/docker-cheat-sheet.html

<!DOCTYPE html>
<html lang="en-US">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>Docker Cheat Sheet | LINUX-TUTORIAL</title>
    <meta name="generator" content="VuePress 1.8.2">
    <link rel="icon" href="/linux-tutorial/favicon.ico">
    <meta name="description" content="数据库教程">
    
    <link rel="preload" href="/linux-tutorial/assets/css/0.styles.45d9d031.css" as="style"><link rel="preload" href="/linux-tutorial/assets/js/app.79a38eea.js" as="script"><link rel="preload" href="/linux-tutorial/assets/js/4.fb6e0f89.js" as="script"><link rel="preload" href="/linux-tutorial/assets/js/12.70a5dba8.js" as="script"><link rel="preload" href="/linux-tutorial/assets/js/5.cb43ecfb.js" as="script"><link rel="prefetch" href="/linux-tutorial/assets/js/10.7933187b.js"><link rel="prefetch" href="/linux-tutorial/assets/js/11.b9b41530.js"><link rel="prefetch" href="/linux-tutorial/assets/js/13.857dcc43.js"><link rel="prefetch" href="/linux-tutorial/assets/js/14.5a603a55.js"><link rel="prefetch" href="/linux-tutorial/assets/js/15.d217acb7.js"><link rel="prefetch" href="/linux-tutorial/assets/js/16.ad565eae.js"><link rel="prefetch" href="/linux-tutorial/assets/js/17.d43e9f56.js"><link rel="prefetch" href="/linux-tutorial/assets/js/18.aa00ff43.js"><link rel="prefetch" href="/linux-tutorial/assets/js/19.43ce44b3.js"><link rel="prefetch" href="/linux-tutorial/assets/js/20.5618e1ff.js"><link rel="prefetch" href="/linux-tutorial/assets/js/21.1c5a41d7.js"><link rel="prefetch" href="/linux-tutorial/assets/js/22.fbe9fdf1.js"><link rel="prefetch" href="/linux-tutorial/assets/js/23.a4fb0e74.js"><link rel="prefetch" href="/linux-tutorial/assets/js/24.e3a23b69.js"><link rel="prefetch" href="/linux-tutorial/assets/js/25.9896afe9.js"><link rel="prefetch" href="/linux-tutorial/assets/js/26.96164082.js"><link rel="prefetch" href="/linux-tutorial/assets/js/27.391033bb.js"><link rel="prefetch" href="/linux-tutorial/assets/js/28.703f74c2.js"><link rel="prefetch" href="/linux-tutorial/assets/js/29.02a952cb.js"><link rel="prefetch" href="/linux-tutorial/assets/js/30.7e13628f.js"><link rel="prefetch" href="/linux-tutorial/assets/js/31.c4652f75.js"><link rel="prefetch" href="/linux-tutorial/assets/js/32.05d2cbec.js"><link rel="prefetch" href="/linux-tutorial/assets/js/33.3b265df8.js"><link rel="prefetch" href="/linux-tutorial/assets/js/34.26330a03.js"><link rel="prefetch" href="/linux-tutorial/assets/js/35.417d706d.js"><link rel="prefetch" href="/linux-tutorial/assets/js/36.0ed775e0.js"><link rel="prefetch" href="/linux-tutorial/assets/js/37.34430c74.js"><link rel="prefetch" href="/linux-tutorial/assets/js/38.87d5e0ff.js"><link rel="prefetch" href="/linux-tutorial/assets/js/39.7b648b3e.js"><link rel="prefetch" href="/linux-tutorial/assets/js/40.3b7a219e.js"><link rel="prefetch" href="/linux-tutorial/assets/js/41.e727eee9.js"><link rel="prefetch" href="/linux-tutorial/assets/js/42.0134c187.js"><link rel="prefetch" href="/linux-tutorial/assets/js/43.175e982f.js"><link rel="prefetch" href="/linux-tutorial/assets/js/44.72d90888.js"><link rel="prefetch" href="/linux-tutorial/assets/js/45.d49955bd.js"><link rel="prefetch" href="/linux-tutorial/assets/js/46.a9c290ec.js"><link rel="prefetch" href="/linux-tutorial/assets/js/47.cc639f04.js"><link rel="prefetch" href="/linux-tutorial/assets/js/48.98c78321.js"><link rel="prefetch" href="/linux-tutorial/assets/js/49.a7c3afed.js"><link rel="prefetch" href="/linux-tutorial/assets/js/50.22d8c542.js"><link rel="prefetch" href="/linux-tutorial/assets/js/51.28055fcd.js"><link rel="prefetch" href="/linux-tutorial/assets/js/52.f8103df5.js"><link rel="prefetch" href="/linux-tutorial/assets/js/53.76541550.js"><link rel="prefetch" href="/linux-tutorial/assets/js/54.e78d2776.js"><link rel="prefetch" href="/linux-tutorial/assets/js/55.3ce3079c.js"><link rel="prefetch" href="/linux-tutorial/assets/js/56.832958c9.js"><link rel="prefetch" href="/linux-tutorial/assets/js/57.961ce896.js"><link rel="prefetch" href="/linux-tutorial/assets/js/58.6d6fbc82.js"><link rel="prefetch" href="/linux-tutorial/assets/js/59.d5e48112.js"><link rel="prefetch" href="/linux-tutorial/assets/js/6.c8f4721c.js"><link rel="prefetch" href="/linux-tutorial/assets/js/60.7927b23b.js"><link rel="prefetch" href="/linux-tutorial/assets/js/61.ee233f24.js"><link rel="prefetch" href="/linux-tutorial/assets/js/62.6ba50cc7.js"><link rel="prefetch" href="/l
    <link rel="stylesheet" href="/linux-tutorial/assets/css/0.styles.45d9d031.css">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/linux-tutorial/" class="home-link router-link-active"><img src="images/dunwu-logo-100.png" alt="LINUX-TUTORIAL" class="logo"> <span class="site-name can-hide">LINUX-TUTORIAL</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/linux-tutorial/linux/cli/" class="nav-link">
  Linux 命令
</a></div><div class="nav-item"><a href="/linux-tutorial/linux/ops/" class="nav-link">
  Linux 运维
</a></div><div class="nav-item"><a href="/linux-tutorial/linux/soft/" class="nav-link">
  Linux 软件运维
</a></div><div class="nav-item"><a href="/linux-tutorial/docker/" class="nav-link router-link-active">
  Docker 教程
</a></div><div class="nav-item"><a href="https://github.com/dunwu/blog" target="_blank" rel="noopener noreferrer" class="nav-link external">
  🎯 博客
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <a href="https://github.com/dunwu/linux-tutorial" target="_blank" rel="noopener noreferrer" class="repo-link">
    Github
    <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="/linux-tutorial/linux/cli/" class="nav-link">
  Linux 命令
</a></div><div class="nav-item"><a href="/linux-tutorial/linux/ops/" class="nav-link">
  Linux 运维
</a></div><div class="nav-item"><a href="/linux-tutorial/linux/soft/" class="nav-link">
  Linux 软件运维
</a></div><div class="nav-item"><a href="/linux-tutorial/docker/" class="nav-link router-link-active">
  Docker 教程
</a></div><div class="nav-item"><a href="https://github.com/dunwu/blog" target="_blank" rel="noopener noreferrer" class="nav-link external">
  🎯 博客
  <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <a href="https://github.com/dunwu/linux-tutorial" target="_blank" rel="noopener noreferrer" class="repo-link">
    Github
    <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></nav>  <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>Docker Cheat Sheet</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/linux-tutorial/docker/docker-cheat-sheet.html#为何使用-docker" class="sidebar-link">为何使用 Docker</a><ul class="sidebar-sub-headers"></ul></li><li><a href="/linux-tutorial/docker/docker-cheat-sheet.html#运维" class="sidebar-link">运维</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#安装" class="sidebar-link">安装</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#检查版本" class="sidebar-link">检查版本</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#docker-加速" class="sidebar-link">Docker 加速</a></li></ul></li><li><a href="/linux-tutorial/docker/docker-cheat-sheet.html#容器-container" class="sidebar-link">容器(Container)</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#生命周期" class="sidebar-link">生命周期</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#启动和停止" class="sidebar-link">启动和停止</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#信息" class="sidebar-link">信息</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#导入-导出" class="sidebar-link">导入 / 导出</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#执行命令" class="sidebar-link">执行命令</a></li></ul></li><li><a href="/linux-tutorial/docker/docker-cheat-sheet.html#镜像-images" class="sidebar-link">镜像(Images)</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#生命周期-2" class="sidebar-link">生命周期</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#其它信息" class="sidebar-link">其它信息</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#清理" class="sidebar-link">清理</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#加载-保存镜像" class="sidebar-link">加载 / 保存镜像</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#导入-导出容器" class="sidebar-link">导入 / 导出容器</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#加载已保存的镜像-与-导入已导出为镜像的容器-的不同" class="sidebar-link">加载已保存的镜像 与 导入已导出为镜像的容器 的不同</a></li></ul></li><li><a href="/linux-tutorial/docker/docker-cheat-sheet.html#网络-networks" class="sidebar-link">网络(Networks)</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#生命周期-3" class="sidebar-link">生命周期</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#其它信息-2" class="sidebar-link">其它信息</a></li><li class="sidebar-sub-header"><a href="/linux-tutorial/docker/docker-cheat-sheet.html#建立连接" class="sidebar-link">建立连接</a></li></ul></li><li><a href="/lin
</code></pre></div><p>你也可以输出原始的 JSON 数据：</p> <div class="language- extra-class"><pre class="language-text"><code>docker version --format '{{json .}}'
</code></pre></div><h3 id="docker-加速"><a href="#docker-加速" class="header-anchor">#</a> Docker 加速</h3> <p>国内访问 Docker Hub 很慢，所以，推荐配置 Docker 镜像仓库来提速。</p> <p>镜像仓库清单：</p> <table><thead><tr><th>镜像仓库</th> <th>镜像仓库地址</th> <th>说明</th></tr></thead> <tbody><tr><td><a href="https://daocloud.io/mirror" target="_blank" rel="noopener noreferrer">DaoCloud 镜像站<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></td> <td><code>http://f1361db2.m.daocloud.io</code></td> <td>开发者需要开通 DaoCloud 账户，然后可以得到专属加速器。</td></tr> <tr><td><a href="https://cr.console.aliyun.com" target="_blank" rel="noopener noreferrer">阿里云<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></td> <td><code>https://yourcode.mirror.aliyuncs.com</code></td> <td>开发者需要开通阿里开发者帐户，再使用阿里的加速服务。登录后阿里开发者帐户后，<code>https://cr.console.aliyun.com/undefined/instances/mirrors</code> 中查看你的您的专属加速器地址。</td></tr> <tr><td><a href="https://c.163yun.com/hub" target="_blank" rel="noopener noreferrer">网易云<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></td> <td><code>https://hub-mirror.c.163.com</code></td> <td>直接配置即可，亲测较为稳定。</td></tr></tbody></table> <p>配置镜像仓库方法（以 CentOS 为例）：</p> <blockquote><p>下面的示例为在 CentOS 环境中，指定镜像仓库为 <code>https://hub-mirror.c.163.com</code></p></blockquote> <p>（1）修改配置文件</p> <p>修改 <code>/etc/docker/daemon.json</code> ，如果不存在则新建。执行以下 Shell：</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token function">sudo</span> <span class="token function">mkdir</span> -p /etc/docker
<span class="token function">cat</span> <span class="token operator">&gt;&gt;</span> /etc/docker/daemon.json <span class="token operator">&lt;&lt;</span> <span class="token string">EOF
{
    &quot;registry-mirrors&quot;: [
        &quot;https://hub-mirror.c.163.com&quot;
    ]
}
EOF</span>
</code></pre></div><p>重启 docker 以生效：</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token function">sudo</span> systemctl daemon-reload
<span class="token function">sudo</span> systemctl restart docker
</code></pre></div><p>执行 <code>docker info</code> 命令，查看 <code>Registry Mirrors</code> 是否已被改为 <code>https://hub-mirror.c.163.com</code> ，如果是，则表示配置成功。</p> <h2 id="容器-container"><a href="#容器-container" class="header-anchor">#</a> 容器(Container)</h2> <p><a href="http://etherealmind.com/basics-docker-containers-hypervisors-coreos/" target="_blank" rel="noopener noreferrer">关于 Docker 进程隔离的基础<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>。容器 (Container) 之于虚拟机 (Virtual Machine) 就好比线程之于进程。或者你可以把他们想成是「吃了类固醇的 chroots」。</p> <h3 id="生命周期"><a href="#生命周期" class="header-anchor">#</a> 生命周期</h3> <ul><li><a href="https://docs.docker.com/engine/reference/commandline/create" target="_blank" rel="noopener noreferrer"><code>docker create</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 创建容器但不启动它。</li> <li><a href="https://docs.docker.com/engine/reference/commandline/rename/" target="_blank" rel="noopener noreferrer"><code>docker rename</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 用于重命名容器。</li> <li><a href="https://docs.docker.com/engine/reference/commandline/run" target="_blank" rel="noopener noreferrer"><code>docker run</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 一键创建并同时启动该容器。</li> <li><a href="https://docs.docker.com/engine/reference/commandline/rm" target="_blank" rel="noopener noreferrer"><code>docker rm</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 删除容器。
<ul><li>如果要删除一个运行中的容器，可以添加 <code>-f</code> 参数。Docker 会发送 <code>SIGKILL</code> 信号给容器。</li></ul></li> <li><a href="https://docs.docker.com/engine/reference/commandline/update/" target="_blank" rel="noopener noreferrer"><code>docker update</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 调整容器的资源限制。</li> <li>清理掉所有处于终止状态的容器。</li></ul> <p>通常情况下，不使用任何命令行选项启动一个容器，该容器将会立即启动并停止。若需保持其运行，你可以使用 <code>docker run -td container_id</code> 命令。选项 <code>-t</code> 表示分配一个 pseudo-TTY 会话，<code>-d</code> 表示自动将容器与终端分离（也就是说在后台运行容器，并输出容器 ID）。</p> <p>如果你需要一个临时容器，可使用 <code>docker run --rm</code> 会在容器停止之后删除它。</p> <p>如果你需要映射宿主机 (host) 的目录到 Docker 容器内，可使用 <code>docker run -v $HOSTDIR:$DOCKERDIR</code>。详见 <a href="https://github.com/wsargent/docker-cheat-sheet/tree/master/zh-cn#%E5%8D%B7%E6%A0%87volumes" target="_blank" rel="noopener noreferrer">卷标(Volumes)<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 一节。</p> <p>如果你想同时删除与容器相关联的卷标，那么在删除容器的时候必须包含 <code>-v</code> 选项，像这样 <code>docker rm -v</code>。</p> <p>从 Docker 1.10 起，其内置一套各容器独立的 <a href="https://docs.docker.com/engine/admin/logging/overview/" target="_blank" rel="noopener noreferrer">日志引擎<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>，每个容器可以独立使用。你可以使用 <code>docker run --log-driver=syslog</code> 来自定义日志引擎（例如以上的 <code>syslog</code>）。</p> <h3 id="启动和停止"><a href="#启动和停止" class="header-anchor">#</a> 启动和停止</h3> <ul><li><a href="https://docs.docker.com/engine/reference/commandline/start" target="_blank" rel="noopener noreferrer"><code>docker start</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 启动已存在的容器
</code></pre></div><p>更多信息请参阅 https://goldmann.pl/blog/2014/09/11/resource-management-in-docker/#_cpu。</p> <p>通过 <a href="https://docs.docker.com/engine/reference/run/#/cpuset-constraint" target="_blank" rel="noopener noreferrer"><code>cpuset-cpus</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 可使用特定 CPU 内核。</p> <div class="language- extra-class"><pre class="language-text"><code>docker run -ti --cpuset-cpus=0,4,6 agileek/cpuset-test
</code></pre></div><p>请参阅 https://agileek.github.io/docker/2014/08/06/docker-cpuset/ 获取更多细节以及一些不错的视频。</p> <p>注意，Docker 在容器内仍然能够 <strong>看到</strong> 全部 CPU -- 它仅仅是不使用全部而已。请参阅 https://github.com/docker/docker/issues/20770 获取更多细节。</p> <h4 id="内存限制"><a href="#内存限制" class="header-anchor">#</a> 内存限制</h4> <p>同样，亦可给 Docker 设置 <a href="https://docs.docker.com/engine/reference/run/#/user-memory-constraints" target="_blank" rel="noopener noreferrer">内存限制<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>：</p> <div class="language- extra-class"><pre class="language-text"><code>docker run -it -m 300M ubuntu:14.04 /bin/bash
</code></pre></div><h4 id="能力-capabilities"><a href="#能力-capabilities" class="header-anchor">#</a> 能力(Capabilities)</h4> <p>Linux 的 Capability 可以通过使用 <code>cap-add</code> 和 <code>cap-drop</code> 设置。请参阅 https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities 获取更多细节。这有助于提高安全性。</p> <p>如需要挂载基于 FUSE 的文件系统，你需要结合 <code>--cap-add</code> 和 <code>--device</code> 使用：</p> <div class="language- extra-class"><pre class="language-text"><code>docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs
</code></pre></div><p>授予对某个设备的访问权限：</p> <div class="language- extra-class"><pre class="language-text"><code>docker run -it --device=/dev/ttyUSB0 debian bash
</code></pre></div><p>授予对所有设备的访问权限：</p> <div class="language- extra-class"><pre class="language-text"><code>docker run -it --privileged -v /dev/bus/usb:/dev/bus/usb debian bash
</code></pre></div><p>有关容器特权的更多信息请参阅 <a href="https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities" target="_blank" rel="noopener noreferrer">本文<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>。</p> <h3 id="信息"><a href="#信息" class="header-anchor">#</a> 信息</h3> <ul><li><a href="https://docs.docker.com/engine/reference/commandline/ps" target="_blank" rel="noopener noreferrer"><code>docker ps</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 查看运行中的所有容器。</li> <li><a href="https://docs.docker.com/engine/reference/commandline/logs" target="_blank" rel="noopener noreferrer"><code>docker logs</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 从容器中读取日志。（你也可以使用自定义日志驱动，不过在 1.10 中，它只支持 <code>json-file</code> 和 <code>journald</code>）。</li> <li><a href="https://docs.docker.com/engine/reference/commandline/inspect" target="_blank" rel="noopener noreferrer"><code>docker inspect</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 查看某个容器的所有信息（包括 IP 地址）。</li> <li><a href="https://docs.docker.com/engine/reference/commandline/events" target="_blank" rel="noopener noreferrer"><code>docker events</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 从容器中获取事件 (events)。</li> <li><a href="https://docs.docker.com/engine/reference/commandline/port" target="_blank" rel="noopener noreferrer"><code>docker port</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><
</code></pre></div><p>保存既有镜像：</p> <div class="language- extra-class"><pre class="language-text"><code>docker save my_image:my_tag | gzip &gt; my_image.tar.gz
</code></pre></div><h3 id="导入-导出容器"><a href="#导入-导出容器" class="header-anchor">#</a> 导入 / 导出容器</h3> <p>从文件中导入容器镜像：</p> <div class="language- extra-class"><pre class="language-text"><code>cat my_container.tar.gz | docker import - my_image:my_tag
</code></pre></div><p>导出既有容器：</p> <div class="language- extra-class"><pre class="language-text"><code>docker export my_container | gzip &gt; my_container.tar.gz
</code></pre></div><h3 id="加载已保存的镜像-与-导入已导出为镜像的容器-的不同"><a href="#加载已保存的镜像-与-导入已导出为镜像的容器-的不同" class="header-anchor">#</a> 加载已保存的镜像 与 导入已导出为镜像的容器 的不同</h3> <p>通过 <code>load</code> 命令来加载镜像，会创建一个新的镜像，并继承原镜像的所有历史。 通过 <code>import</code> 将容器作为镜像导入，也会创建一个新的镜像，但并不包含原镜像的历史，因此会比使用 <code>load</code> 方式生成的镜像更小。</p> <h2 id="网络-networks"><a href="#网络-networks" class="header-anchor">#</a> 网络(Networks)</h2> <p>Docker 具备 <a href="https://docs.docker.com/engine/userguide/networking/" target="_blank" rel="noopener noreferrer">网络<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 功能。我并不是很了解它，所以这是一个扩展本文的好地方。文档 <a href="https://docs.docker.com/engine/userguide/networking/work-with-networks/" target="_blank" rel="noopener noreferrer">使用网络<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 指出，这是一种无需暴露端口即可实现 Docker 容器间通信的好方法。</p> <h3 id="生命周期-3"><a href="#生命周期-3" class="header-anchor">#</a> 生命周期</h3> <ul><li><a href="https://docs.docker.com/engine/reference/commandline/network_create/" target="_blank" rel="noopener noreferrer"><code>docker network create</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li> <li><a href="https://docs.docker.com/engine/reference/commandline/network_rm/" target="_blank" rel="noopener noreferrer"><code>docker network rm</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul> <h3 id="其它信息-2"><a href="#其它信息-2" class="header-anchor">#</a> 其它信息</h3> <ul><li><a href="https://docs.docker.com/engine/reference/commandline/network_ls/" target="_blank" rel="noopener noreferrer"><code>docker network ls</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outboun
docker network create --subnet 203.0.113.0/24 --gateway 203.0.113.254 iptastic

# 基于以上创建的网络，运行一个 Nginx 容器并指定 IP
$ docker run --rm -it --net iptastic --ip 203.0.113.2 nginx

# 在其他地方使用 CURL 访问这个 IP（假设该 IP 为公网）
$ curl 203.0.113.2
</code></pre></div><h2 id="暴露端口-exposing-ports"><a href="#暴露端口-exposing-ports" class="header-anchor">#</a> 暴露端口(Exposing ports)</h2> <p>通过宿主容器暴露输入端口相当 <a href="https://docs.docker.com/engine/reference/run/#expose-incoming-ports" target="_blank" rel="noopener noreferrer">繁琐但有效的<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>。</p> <p>例如使用 <code>-p</code> 将容器端口映射到宿主端口上（只使用本地主机 (localhost) 接口）：</p> <div class="language- extra-class"><pre class="language-text"><code>docker run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage
</code></pre></div><p>你可以使用 <a href="https://docs.docker.com/engine/reference/builder/#expose" target="_blank" rel="noopener noreferrer">EXPOSE<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 告知 Docker，该容器在运行时监听指定的端口：</p> <div class="language- extra-class"><pre class="language-text"><code>EXPOSE &lt;CONTAINERPORT&gt;
</code></pre></div><p>但是注意 EXPOSE 并不会直接暴露端口，你需要用参数 <code>-p</code> 。比如说你要在 localhost 上暴露容器的端口:</p> <div class="language- extra-class"><pre class="language-text"><code>iptables -t nat -A DOCKER -p tcp --dport &lt;LOCALHOSTPORT&gt; -j DNAT --to-destination &lt;CONTAINERIP&gt;:&lt;PORT&gt;
</code></pre></div><p>如果你是在 Virtualbox 中运行 Docker，那么你需要配置端口转发 (forward the port)。使用 <a href="https://docs.vagrantup.com/v2/networking/forwarded_ports.html" target="_blank" rel="noopener noreferrer">forwarded_port<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 在 Vagrantfile 上配置暴露的端口范围，这样你就可以动态地映射了：</p> <div class="language- extra-class"><pre class="language-text"><code>Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  ...

  (49000..49900).each do |port|
    config.vm.network :forwarded_port, :host =&gt; port, :guest =&gt; port
  end

  ...
end
</code></pre></div><p>如果你忘记了将什么端口映射到宿主机上的话，可使用 <code>docker port</code> 查看：</p> <div class="language- extra-class"><pre class="language-text"><code>docker port CONTAINER $CONTAINERPORT
</code></pre></div><h2 id="仓管中心和仓库-registry-repository"><a href="#仓管中心和仓库-registry-repository" class="header-anchor">#</a> 仓管中心和仓库(Registry &amp; Repository)</h2> <p>仓库 (repository) 是 <em>被托管(hosted)</em> 的已命名镜像 (tagged images) 的集合，这组镜像用于构建容器文件系统。</p> <p>仓管中心 (registry) 则是 <em>托管服务(host)</em> -- 用于存储仓库并提供 HTTP API，以便 <a href="https://docs.docker.com/engine/tutorials/dockerrepos/" target="_blank" rel="noopener noreferrer">管理仓库的上传和下载<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>。</p> <p>Docker 官方托管着自己的 <a href="https://hub.docker.com/" target="_blank" rel="noopener noreferrer">仓管中心<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>，包含着数量众多的仓库。不过话虽如此，这个仓管中心 <a href="https://titanous.com/posts/docker-insecurity" target="_blank" rel="noopener noreferrer">并没有很好地验证镜像<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>，所以如果你担心安全问题的话，请尽量避免使用它。</p> <ul><li><a href="https://docs.docker.com/engine/reference/commandline/login" target="_blank" rel="noopener noreferrer"><code>docker login</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 登入仓管中心。</li> <li><a href="https://docs.docker.com/engine/reference/commandline/logout" target="_blank" rel="noopener noreferrer"><code>docker logout</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 登出仓管中心。</li> <li><a href="https://docs.docker.com/engine/reference/commandline/search" target="_blank" rel="noopener noreferrer"><co
</code></pre></div><p>然后，我们创建另外一个名为 LINKED 的容器:</p> <div class="language- extra-class"><pre class="language-text"><code>docker run -d --link CONTAINER:ALIAS --name LINKED user/wordpress
</code></pre></div><p>然后 CONTAINER 暴露的端口和别名将会以如下的环境变量出现在 LINKED 中:</p> <div class="language- extra-class"><pre class="language-text"><code>$ALIAS_PORT_1337_TCP_PORT
$ALIAS_PORT_1337_TCP_ADDR
</code></pre></div><p>那么你便可以通过这种方式来连接它了。</p> <p>使用 <code>docker rm --link</code> 即可删除链接。</p> <p>通常，Docker 容器（亦可理解为「服务」）之间的链接，是「服务发现」的一个子集。如果你打算在生产中大规模使用 Docker，这将是一个很大的问题。请参阅<a href="https://www.digitalocean.com/community/tutorials/the-docker-ecosystem-service-discovery-and-distributed-configuration-stores" target="_blank" rel="noopener noreferrer">The Docker Ecosystem: Service Discovery and Distributed Configuration Stores<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 获取更多信息。</p> <h2 id="卷标-volumes-和挂载"><a href="#卷标-volumes-和挂载" class="header-anchor">#</a> 卷标(Volumes)和挂载</h2> <h3 id="卷标"><a href="#卷标" class="header-anchor">#</a> 卷标</h3> <p>Docker 的卷标 (volumes) 是 <a href="https://docs.docker.com/engine/tutorials/dockervolumes/" target="_blank" rel="noopener noreferrer">独立的文件系统<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>。它们并非必须连接到特定的容器上。</p> <p><code>数据卷</code> 是一个可供一个或多个容器使用的特殊目录，它绕过 UFS，可以提供很多有用的特性：</p> <ul><li><code>数据卷</code> 可以在容器之间共享和重用</li> <li>对 <code>数据卷</code> 的修改会立马生效</li> <li>对 <code>数据卷</code> 的更新，不会影响镜像</li> <li><code>数据卷</code> 默认会一直存在，即使容器被删除</li></ul> <p>卷标相关命令：</p> <ul><li><p><a href="https://docs.docker.com/engine/reference/commandline/volume_create/" target="_blank" rel="noopener noreferrer"><code>docker volume create</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> - 创建卷标</p></li> <li><p><a href="https://docs.docker.com/engine/reference/commandline/volume_rm/" target="_blank" rel="noopener noreferrer"><code>docker volume rm</code><span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> - 删除卷标</p></li> <li><p><a href="https://docs.docker.com/engine/reference/commandline/volume_ls/" target="_blank" rel="noopener noreferre
</code></pre></div><p>你也可以用远程 NFS 卷标，如果你觉得你 <a href="https://docs.docker.com/engine/tutorials/dockervolumes/#/mount-a-shared-storage-volume-as-a-data-volume" target="_blank" rel="noopener noreferrer">有足够勇气<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>。</p> <p>还可以考虑运行一个纯数据容器，像 <a href="http://container42.com/2013/12/16/persistent-volumes-with-docker-container-as-volume-pattern/" target="_blank" rel="noopener noreferrer">这里<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 所说的那样，提供可移植数据。</p> <p>记得，<a href="https://github.com/wsargent/docker-cheat-sheet/tree/master/zh-cn#%E5%B0%86%E6%96%87%E4%BB%B6%E6%8C%82%E8%BD%BD%E4%B8%BA%E5%8D%B7%E6%A0%87" target="_blank" rel="noopener noreferrer">文件也可以被挂载为卷标<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>。</p> <h3 id="挂载"><a href="#挂载" class="header-anchor">#</a> 挂载</h3> <p>使用 <code>--mount</code> 标记可以指定挂载一个本地主机的目录到容器中去。</p> <p>在用 <code>docker run</code> 命令的时候，使用 <code>--mount</code> 标记来将 <code>数据卷</code> 挂载到容器里。在一次 <code>docker run</code> 中可以挂载多个 <code>数据卷</code>。</p> <h2 id="最佳实践"><a href="#最佳实践" class="header-anchor">#</a> 最佳实践</h2> <p>这里有一些最佳实践，以及争论焦点：</p> <ul><li><a href="http://gregoryszorc.com/blog/2014/10/16/the-rabbit-hole-of-using-docker-in-automated-tests/" target="_blank" rel="noopener noreferrer">The Rabbit Hole of Using Docker in Automated Tests<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li> <li><a href="https://twitter.com/bridgetkromhout" target="_blank" rel="noopener noreferrer">Bridget Kromhout<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77
</code></pre></div><p>同时，你也可以限制进程再获取新权限。该功能是 Linux 内核从 3.5 版本开始就拥有的。你可以从 <a href="http://www.projectatomic.io/blog/2016/03/no-new-privs-docker/" target="_blank" rel="noopener noreferrer">这篇博客<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 中阅读到更多关于这方面的内容。</p> <div class="language- extra-class"><pre class="language-text"><code>docker run --security-opt=no-new-privileges
</code></pre></div><p>以下内容摘选自 <a href="http://container-solutions.com/is-docker-safe-for-production/" target="_blank" rel="noopener noreferrer">Container Solutions<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 的 <a href="http://container-solutions.com/content/uploads/2015/06/15.06.15_DockerCheatSheet_A2.pdf" target="_blank" rel="noopener noreferrer">Docker Security Cheat Sheet<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>（PDF 版本，难以使用，故复制至此）：</p> <p>关闭内部进程通讯：</p> <div class="language- extra-class"><pre class="language-text"><code>docker -d --icc=false --iptables
</code></pre></div><p>设置容器为只读：</p> <div class="language- extra-class"><pre class="language-text"><code>docker run --read-only
</code></pre></div><p>通过 hashsum 来验证卷标：</p> <div class="language- extra-class"><pre class="language-text"><code>docker pull debian@sha256:a25306f3850e1bd44541976aa7b5fd0a29be
</code></pre></div><p>设置卷标为只读：</p> <div class="language- extra-class"><pre class="language-text"><code>docker run -v $(pwd)/secrets:/secrets:ro debian
</code></pre></div><p>在 Dockerfile 中定义用户并以该用户运行，避免在容器中以 ROOT 身份操作：</p> <div class="language- extra-class"><pre class="language-text"><code>RUN groupadd -r user &amp;&amp; useradd -r -g user user
USER user
</code></pre></div><h3 id="用户命名空间-user-namespaces"><a href="#用户命名空间-user-namespaces" class="header-anchor">#</a> 用户命名空间(User Namespaces)</h3> <p>还可以通过使用 <a href="https://s3hh.wordpress.com/2013/07/19/creating-and-using-containers-without-privilege/" target="_blank" rel="noopener noreferrer">用户命名空间<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> -- 自 1.10 版本起已内置，但默认并未启用。</p> <p>要在 Ubuntu 15.10 中启用用户命名空间 (remap the userns)，请 <a href="https://raesene.github.io/blog/2016/02/04/Docker-User-Namespaces/" target="_blank" rel="noopener noreferrer">跟着这篇博客的例子<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a> 来做。</p> <h3 id="安全相关视频"><a href="#安全相关视频" class="header-anchor">#</a> 安全相关视频</h3> <ul><li><a href="https://youtu.be/04LOuMgNj9U" target="_blank" rel="noopener noreferrer">Using Docker Safely<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li> <li><a href="https://youtu.be/KmxOXmPhZbk" target="_blank" rel="noopener noreferrer">Securing your applications using Docker<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li> <li><a href="https://youtu.be/a9lE9Urr6AQ" target="_blank" rel="noopener noreferrer">Container security: Do containers actually contain?<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li> <li><a href="https://www.youtube.com/watch?v=iN6QbszB1R8" target="_blank" rel="noopener noreferrer">Linux Containers: Future or Fantasy?<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="curren
FROM alpine
RUN apk --no-cache add htop
EOF
</code></pre></div><h3 id="最近一次的容器-id"><a href="#最近一次的容器-id" class="header-anchor">#</a> 最近一次的容器 ID</h3> <div class="language- extra-class"><pre class="language-text"><code>alias dl='docker ps -l -q'
docker run ubuntu echo hello world
docker commit $(dl) helloworld
</code></pre></div><h3 id="带命令的提交-需要-dockerfile"><a href="#带命令的提交-需要-dockerfile" class="header-anchor">#</a> 带命令的提交（需要 Dockerfile）</h3> <div class="language- extra-class"><pre class="language-text"><code>docker commit -run='{&quot;Cmd&quot;:[&quot;postgres&quot;, &quot;-too -many -opts&quot;]}' $(dl) postgres
</code></pre></div><h3 id="获取-ip-地址"><a href="#获取-ip-地址" class="header-anchor">#</a> 获取 IP 地址</h3> <div class="language- extra-class"><pre class="language-text"><code>docker inspect $(dl) | grep -wm1 IPAddress | cut -d '&quot;' -f 4
</code></pre></div><p>或使用 <a href="https://stedolan.github.io/jq/" target="_blank" rel="noopener noreferrer">jq<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>:</p> <div class="language- extra-class"><pre class="language-text"><code>docker inspect $(dl) | jq -r '.[0].NetworkSettings.IPAddress'
</code></pre></div><p>或使用 <a href="https://docs.docker.com/engine/reference/commandline/inspect" target="_blank" rel="noopener noreferrer">go 模板<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a>：</p> <div class="language- extra-class"><pre class="language-text"><code>docker inspect -f '{{ .NetworkSettings.IPAddress }}' &lt;container_name&gt;
</code></pre></div><p>或在通过 Dockerfile 构建镜像时，通过构建参数 (build argument) 传入：</p> <div class="language- extra-class"><pre class="language-text"><code>DOCKER_HOST_IP=`ifconfig | grep -E &quot;([0-9]{1,3}\.){3}[0-9]{1,3}&quot; | grep -v 127.0.0.1 | awk '{ print $2 }' | cut -f2 -d: | head -n1`
echo DOCKER_HOST_IP = $DOCKER_HOST_IP
docker build \
  --build-arg ARTIFACTORY_ADDRESS=$DOCKER_HOST_IP
  -t sometag \
  some-directory/
</code></pre></div><h3 id="获取端口映射"><a href="#获取端口映射" class="header-anchor">#</a> 获取端口映射</h3> <div class="language- extra-class"><pre class="language-text"><code>docker inspect -f '{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -&gt; {{(index $conf 0).HostPort}} {{end}}' &lt;containername&gt;
</code></pre></div><h3 id="通过正则匹配容器"><a href="#通过正则匹配容器" class="header-anchor">#</a> 通过正则匹配容器</h3> <div class="language- extra-class"><pre class="language-text"><code>for i in $(docker ps -a | grep &quot;REGEXP_PATTERN&quot; | cut -f1 -d&quot; &quot;); do echo $i; done`
</code></pre></div><h3 id="获取环境变量配置"><a href="#获取环境变量配置" class="header-anchor">#</a> 获取环境变量配置</h3> <div class="language- extra-class"><pre class="language-text"><code>docker run --rm ubuntu env
</code></pre></div><h3 id="强行终止运行中的容器"><a href="#强行终止运行中的容器" class="header-anchor">#</a> 强行终止运行中的容器</h3> <div class="language- extra-class"><pre class="language-text"><code>docker kill $(docker ps -q)
</code></pre></div><h3 id="删除所有容器-强行删除-无论容器运行或停止"><a href="#删除所有容器-强行删除-无论容器运行或停止" class="header-anchor">#</a> 删除所有容器（强行删除！无论容器运行或停止）</h3> <div class="language- extra-class"><pre class="language-text"><code>docker rm -f $(docker ps -qa)
</code></pre></div><h3 id="删除旧容器"><a href="#删除旧容器" class="header-anchor">#</a> 删除旧容器</h3> <div class="language- extra-class"><pre class="language-text"><code>docker ps -a | grep 'weeks ago' | awk '{print $1}' | xargs docker rm
</code></pre></div><h3 id="删除已停止的容器"><a href="#删除已停止的容器" class="header-anchor">#</a> 删除已停止的容器</h3> <div class="language- extra-class"><pre class="language-text"><code>docker rm -v `docker ps -a -q -f status=exited`
</code></pre></div><h3 id="停止并删除容器"><a href="#停止并删除容器" class="header-anchor">#</a> 停止并删除容器</h3> <div class="language- extra-class"><pre class="language-text"><code>docker stop $(docker ps -aq) &amp;&amp; docker rm -v $(docker ps -aq)
</code></pre></div><h3 id="删除无用-dangling-的镜像"><a href="#删除无用-dangling-的镜像" class="header-anchor">#</a> 删除无用 (dangling) 的镜像</h3> <div class="language- extra-class"><pre class="language-text"><code>docker rmi $(docker images -q -f dangling=true)
</code></pre></div><h3 id="删除所有镜像"><a href="#删除所有镜像" class="header-anchor">#</a> 删除所有镜像</h3> <div class="language- extra-class"><pre class="language-text"><code>docker rmi $(docker images -q)
</code></pre></div><h3 id="删除无用-dangling-的卷标"><a href="#删除无用-dangling-的卷标" class="header-anchor">#</a> 删除无用 (dangling) 的卷标</h3> <p>Docker 1.9 版本起：</p> <div class="language- extra-class"><pre class="language-text"><code>docker volume rm $(docker volume ls -q -f dangling=true)
</code></pre></div><p>1.9.0 中，参数 <code>dangling=false</code> 居然 <em>没</em> 用 - 它会被忽略然后列出所有的卷标。</p> <h3 id="查看镜像依赖"><a href="#查看镜像依赖" class="header-anchor">#</a> 查看镜像依赖</h3> <div class="language- extra-class"><pre class="language-text"><code>docker images -viz | dot -Tpng -o docker.png
</code></pre></div><h3 id="docker-容器瘦身"><a href="#docker-容器瘦身" class="header-anchor">#</a> Docker 容器瘦身</h3> <ul><li>在某层 (RUN layer) 清理 APT</li></ul> <p>这应当和其他 apt 命令在同一层中完成。 否则，前面的层将会保持原有信息，而你的镜像则依旧臃肿。</p> <div class="language- extra-class"><pre class="language-text"><code>RUN {apt commands} \
  &amp;&amp; apt-get clean \
  &amp;&amp; rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
</code></pre></div><ul><li>压缩镜像</li></ul> <div class="language- extra-class"><pre class="language-text"><code>ID=$(docker run -d image-name /bin/bash)
docker export $ID | docker import – flat-image-name
</code></pre></div><ul><li>备份</li></ul> <div class="language- extra-class"><pre class="language-text"><code>ID=$(docker run -d image-name /bin/bash)
(docker export $ID | gzip -c &gt; image.tgz)
gzip -dc image.tgz | docker import - flat-image-name
</code></pre></div><h3 id="监视运行中容器的系统资源利用率"><a href="#监视运行中容器的系统资源利用率" class="header-anchor">#</a> 监视运行中容器的系统资源利用率</h3> <p>检查某个容器的 CPU、内存以及网络 I/O 使用情况，你可以：</p> <div class="language- extra-class"><pre class="language-text"><code>docker stats &lt;container&gt;
</code></pre></div><p>按 ID 列出所有容器：</p> <div class="language- extra-class"><pre class="language-text"><code>docker stats $(docker ps -q)
</code></pre></div><p>按名称列出所有容器：</p> <div class="language- extra-class"><pre class="language-text"><code>docker stats $(docker ps --format '{{.Names}}')
</code></pre></div><p>按指定镜像名称列出所有容器：</p> <div class="language- extra-class"><pre class="language-text"><code>docker ps -a -f ancestor=ubuntu
</code></pre></div><p>删除所有未标签命名 (untagged) 的容器：</p> <div class="language- extra-class"><pre class="language-text"><code>docker rmi $(docker images | grep “^” | awk '{split($0,a,&quot; &quot;); print a[3]}')
</code></pre></div><p>通过正则匹配删除指定容器：</p> <div class="language- extra-class"><pre class="language-text"><code>docker ps -a | grep wildfly | awk '{print $1}' | xargs docker rm -f
</code></pre></div><p>删除所有已退出 (exited) 的容器：</p> <div class="language- extra-class"><pre class="language-text"><code>docker rm -f $(docker ps -a | grep Exit | awk '{ print $1 }')
</code></pre></div><h3 id="将文件挂载为卷标"><a href="#将文件挂载为卷标" class="header-anchor">#</a> 将文件挂载为卷标</h3> <p>文件也可以被挂载为卷标。例如你可以仅仅注入单个配置文件：</p> <div class="language-bash extra-class"><pre class="language-bash"><code><span class="token comment"># 从容器复制文件</span>
docker run --rm httpd <span class="token function">cat</span> /usr/local/apache2/conf/httpd.conf <span class="token operator">&gt;</span> httpd.conf

<span class="token comment"># 编辑文件</span>
<span class="token function">vim</span> httpd.conf

<span class="token comment"># 挂载修改后的配置启动容器</span>
docker run --rm -ti -v <span class="token string">&quot;<span class="token environment constant">$PWD</span>/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro&quot;</span> -p <span class="token string">&quot;80:80&quot;</span> httpd
</code></pre></div><h2 id="参考资料"><a href="#参考资料" class="header-anchor">#</a> 参考资料</h2> <ul><li><a href="https://github.com/wsargent/docker-cheat-sheet/tree/master/zh-cn" target="_blank" rel="noopener noreferrer">Docker Cheat Sheet<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></li></ul></div> <footer class="page-edit"><div class="edit-link"><a href="https://github.com/dunwu/linux-tutorial/edit/master/docs/docker/docker-cheat-sheet.md" target="_blank" rel="noopener noreferrer">帮助我们改善此页面！</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <div class="last-updated"><span class="prefix">上次更新:</span> <span class="time">a year ago</span></div></footer> <!----> </main></div><div class="global-ui"><!----><!----></div></div>
    <script src="/linux-tutorial/assets/js/app.79a38eea.js" defer></script><script src="/linux-tutorial/assets/js/4.fb6e0f89.js" defer></script><script src="/linux-tutorial/assets/js/12.70a5dba8.js" defer></script><script src="/linux-tutorial/assets/js/5.cb43ecfb.js" defer></script>
  </body>
</html>