文章目录
1、docker镜像
Docker镜像是Docker容器的静态模板,包含了运行应用所需的完整文件系统,包括代码、运行时环境、库文件、环境变量和配置文件等。它采用分层存储机制,每层仅保存与上一层的差异,既节省存储空间又便于版本管理和快速分发。镜像本身是只读的,当基于镜像创建容器时,Docker会在镜像顶层添加一个可写层,容器的所有修改都在该层进行,不影响原始镜像。这种特性使得镜像可以被多次复用,确保了应用在不同环境中运行的一致性,是Docker实现“一次构建,到处运行”的核心基础。
1.1 dcker镜像的基本操作
| 命令 | 作用 |
|---|---|
| docker images | 查看镜像的相关信息 |
| docker search 镜像 | 在仓库中搜索相关的镜像 |
| docker pull 镜像 | 拉取相关镜像 |
| docker inspect + ID | 查看镜像详细信息 |
| docker tag | 添加镜像标签 |
| docker rmi -f + ID | 完全删除镜像 |
| docker rmi + 镜像名字 | 通过标签删除镜像 |
| docker save -o + 文件名+ 镜像 | 镜像的导出 |
| docker load < 存入的文件 | 镜像的导入 |
| docker load -i 存入的文件 | 镜像的导入 |
#查看镜像的相关信息
[root@localhost sha256]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 9592f5595f2b 13 days ago 192MB
hello-world latest 74cc54e27dc4 5 months ago 10.1kB
centos 7 eeb6ee3f44bd 3 years ago 204MB
#在仓库中搜索相关的镜像
[root@localhost sha256]# docker search nginx
Error response from daemon: Get "https://index.docker.io/v1/search?q=nginx&n=25": read tcp 192.168.107.186:60116->3.94.224.37:443: read: connection reset by peer
[root@localhost sha256]#
#由于是向官方仓库中查找,所以会报错
#拉取相关镜像
[root@localhost sha256]# docker pull tomcat
Using default tag: latest
latest: Pulling from library/tomcat
b08e2ff4391e: Pull complete
557e9a4b3bae: Pull complete
d200a8b65c11: Pull complete
fc45b7d52de5: Pull complete
4ab0fa3d848a: Pull complete
e3ae9dfad7a3: Pull complete
4f4fb700ef54: Pull complete
c1bc010d93f4: Pull complete
Digest: sha256:5cfc7100fef1f6f7a07c527524cdc99cd2c8af171a93e34c1c3eb513bd42e93e
Status: Downloaded newer image for tomcat:latest
docker.io/library/tomcat:latest
[root@localhost sha256]#
#查看镜像详细信息
[root@localhost sha256]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 2a7d7fc4d2f8 3 days ago 476MB
nginx latest 9592f5595f2b 13 days ago 192MB
hello-world latest 74cc54e27dc4 5 months ago 10.1kB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@localhost sha256]# docker inspect 2a7d7fc4d2f8
...
],
"Cmd": [
"catalina.sh",
"run"
],
...
#完全删除镜像(通过ID删除镜像)
[root@localhost sha256]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 2a7d7fc4d2f8 3 days ago 476MB
nginx latest 9592f5595f2b 13 days ago 192MB
hello-world latest 74cc54e27dc4 5 months ago 10.1kB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@localhost sha256]# docker rmi -f 74cc54e27dc4
Untagged: hello-world:latest
Untagged: hello-world@sha256:940c619fbd418f9b2b1b63e25d8861f9cc1b46e3fc8b018ccfe8b78f19b8cc4f
Deleted: sha256:74cc54e27dc41bb10dc4b2226072d469509f2f22f1a3ce74f4a59661a1d44602
[root@localhost sha256]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 2a7d7fc4d2f8 3 days ago 476MB
nginx latest 9592f5595f2b 13 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@localhost sha256]#
#给镜像打标签
[root@localhost sha256]# docker tag centos:7 centos:gfy
[root@localhost sha256]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 2a7d7fc4d2f8 3 days ago 476MB
nginx latest 9592f5595f2b 13 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
centos gfy eeb6ee3f44bd 3 years ago 204MB
[root@localhost sha256]#
#通过标签删除镜像
[root@localhost sha256]# docker rmi centos:gfy
Untagged: centos:gfy
[root@localhost sha256]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 2a7d7fc4d2f8 3 days ago 476MB
nginx latest 9592f5595f2b 13 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@localhost sha256]#
#镜像的导出
[root@localhost sha256]# docker save -o centos_gfy centos:7
[root@localhost sha256]# ls
2a7d7fc4d2f8d989b48d6f4c6aac65aa988f7bf214b063a377e431d8ada4596c
9592f5595f2b12c2ede5d2ce9ec936b33fc328225a00b3901b96019e3dd83528
centos_gfy
eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9
[root@localhost sha256]#
#镜像的导入(先删除,再导入)
[root@localhost sha256]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 2a7d7fc4d2f8 3 days ago 476MB
nginx latest 9592f5595f2b 13 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@localhost sha256]# docker save -o centos_gfy centos:7
[root@localhost sha256]# ls
2a7d7fc4d2f8d989b48d6f4c6aac65aa988f7bf214b063a377e431d8ada4596c
9592f5595f2b12c2ede5d2ce9ec936b33fc328225a00b3901b96019e3dd83528
centos_gfy
eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9
[root@localhost sha256]# docker rmi centos:7
Untagged: centos:7
Untagged: centos@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4
Deleted: sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9
Deleted: sha256:174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02
[root@localhost sha256]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 2a7d7fc4d2f8 3 days ago 476MB
nginx latest 9592f5595f2b 13 days ago 192MB
[root@localhost sha256]# ls
2a7d7fc4d2f8d989b48d6f4c6aac65aa988f7bf214b063a377e431d8ada4596c centos_gfy
9592f5595f2b12c2ede5d2ce9ec936b33fc328225a00b3901b96019e3dd83528
[root@localhost sha256]# docker load -i centos_gfy
174f56854903: Loading layer 211.7MB/211.7MB
Loaded image: centos:7
[root@localhost sha256]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 2a7d7fc4d2f8 3 days ago 476MB
nginx latest 9592f5595f2b 13 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@localhost sha256]#
#查看容器的详细信息
[root@localhost sha256]# docker inspect ddee20933c38
[
{
"Id": "ddee20933c38f7d19c3ebef48a130bdbf360c0ffe080dd4b51ffe6a8c8c050af",
"Created": "2025-07-08T09:08:59.985203821Z",
"Path": "/bin/bash",
"Args": [],
....
#启动容器
2、docker容器
Docker容器是基于Docker镜像创建的可运行实例,是镜像的动态表现形式。它在镜像只读层之上添加了一个可写层,使得容器能够对文件系统进行修改,同时保持底层镜像的完整性。容器包含了应用运行所需的完整环境,具有独立的网络空间、进程空间和资源限制,能够实现与宿主机及其他容器的隔离,确保应用在不同环境中以一致的方式运行。通过Docker引擎的管理,容器可以被快速创建、启动、停止、删除和迁移,是轻量级虚拟化的核心载体,极大简化了应用的部署、扩展和运维流程。
2.1 docker容器的基本操作
| 命令 | 作用 |
|---|---|
| docker ps -a | 查看容器的相关信息和状态 |
| docker run | 容器的创建 |
| docker inspect + ID | 查看容器的详细信息 |
| docker run -i | 开启标准输入 |
| docker run -t | 开启一个伪终端 |
| docker run -it | 实现和容器的交互,运行一个交互式的对话环境 |
| exit | 退出与容器的交互终端- |
| docker start + ID | 启动容器 |
| docker run -d | 后台持续运行容器 |
| docker exec -itd 容器名字 /bin/bash (sh) | 容器持续存活 |
| docker exec -it 容器名字 bash环境 -c + 命令 | 在终端界面不进入容器,但运行命令 |
| docker cp 文件名 容器名称:+路径 | 远程复制相关文件到容器中 |
| docker export +ID > 文件名 | 容器的导出 |
| cat 文件名 | docker import - 新的名字 | 导入文件为新的镜像模板 |
| docker rm 容器名称 | 删除容器 |
| docker rm -f 容器名 | 强制删除容器(不管在不在运行) |
docker rm docker ps -aq |
批量删除不在运行的容器,对于正在运行的容器 |
#查看已有的容器
[root@localhost sha256]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
93f5b8971767 nginx:latest "/docker-entrypoint.…" 20 seconds ago Up 18 seconds 80/tcp my-nginx
ddee20933c38 centos:7 "/bin/bash" 5 minutes ago Up 5 minutes relaxed_yalow
[root@localhost sha256]#
#查看容器的相关信息和状态
[root@localhost sha256]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8ed087225dee nginx:latest "/docker-entrypoint.…" 52 minutes ago Up 47 minutes 80/tcp zealous_golick
8d11348f0132 nginx:latest "/docker-entrypoint.…" 2 hours ago Exited (0) 2 hours ago recursing_shannon
8f1465861622 74cc54e27dc4 "/hello" 7 hours ago Exited (0) 7 hours ago hopeful_swanson
[root@localhost sha256]#
#docker run -itd image_name:tag [/bin/bash.....]下载并将镜像运行为容器(-i 让容器可以接受宿主机的指令、-t 为容器分配一个伪终端,让用户可以"登录"进容器,-d 分配一个守护进程,这样可以让容器运行时不占用前台终端)
[root@localhost sha256]# docker run -itd centos:7
ddee20933c38f7d19c3ebef48a130bdbf360c0ffe080dd4b51ffe6a8c8c050af
[root@localhost sha256]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ddee20933c38 centos:7 "/bin/bash" 15 seconds ago Up 14 seconds relaxed_yalow
#启动容器
[root@localhost sha256]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
93f5b8971767 nginx:latest "/docker-entrypoint.…" 20 seconds ago Up 18 seconds 80/tcp my-nginx
ddee20933c38 centos:7 "/bin/bash" 5 minutes ago Up 5 minutes relaxed_yalow
[root@localhost sha256]# docker start 93f5b8971767
93f5b8971767
[root@localhost sha256]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
93f5b8971767 nginx:latest "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp my-nginx
ddee20933c38 centos:7 "/bin/bash" 6 minutes ago Up 6 minutes relaxed_yalow
8d11348f0132 nginx:latest "/docker-entrypoint.…" 2 hours ago Exited (0) 2 hours ago recursing_shannon
8f1465861622 74cc54e27dc4 "/hello" 7 hours ago Exited (0) 7 hours ago hopeful_swanson
[root@localhost sha256]#
#进入容器
[root@localhost sha256]# docker exec -it 93f5b8971767 bash
root@93f5b8971767:/# ls
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
boot docker-entrypoint.d etc lib media opt root sbin sys usr
root@93f5b8971767:/#
#在终端界面不进入容器,但运行命令
[root@localhost sha256]# docker exec -it 93f5b8971767 bash -c "touch abc.txt"
[root@localhost sha256]# docker exec -it 93f5b8971767 bash
root@93f5b8971767:/# ls
abc.txt boot docker-entrypoint.d etc lib media opt root sbin sys usr
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
root@93f5b8971767:/#
#远程复制相关文件到容器中
[root@localhost sha256]# docker cp gfy.txt 93f5b8971767:/etc
Successfully copied 1.54kB to 93f5b8971767:/etc
[root@localhost sha256]# docker exec -it 93f5b8971767 bash
root@93f5b8971767:/# ls
abc.txt boot docker-entrypoint.d etc lib media opt root sbin sys usr
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
root@93f5b8971767:/# ls /etc/
adduser.conf dpkg hostname mke2fs.conf rc0.d shadow-
alternatives e2scrub.conf hosts motd rc1.d shells
apt environment init.d mtab rc2.d skel
bash.bashrc fonts issue nginx rc3.d ssl
bindresvport.blacklist fstab issue.net nsswitch.conf rc4.d subgid
ca-certificates gai.conf kernel opt rc5.d subuid
ca-certificates.conf gfy.txt ld.so.cache os-release rc6.d systemd
cron.d group ld.so.conf pam.conf rcS.d terminfo
cron.daily group- ld.so.conf.d pam.d resolv.conf timezone
debconf.conf gshadow libaudit.conf passwd rmt update-motd.d
debian_version gshadow- localtime passwd- security xattr.conf
default gss login.defs profile selinux
deluser.conf host.conf logrotate.d profile.d shadow
root@93f5b8971767:/#
#容器的导出
[root@localhost ~]# docker run -itd nginx:latest bash
74d8aaf2e39d5e960f9f5825ba9fcc4fade925b62946b2a13d2ff425a3d8510c
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
74d8aaf2e39d nginx:latest "/docker-entrypoint.…" 8 seconds ago Up 6 seconds 80/tcp gallant_murdock
93f5b8971767 nginx:latest "/docker-entrypoint.…" 4 hours ago Exited (0) 3 hours ago my-nginx
ddee20933c38 centos:7 "/bin/bash" 4 hours ago Exited (137) 3 hours ago relaxed_yalow
8d11348f0132 nginx:latest "/docker-entrypoint.…" 6 hours ago Exited (0) 6 hours ago recursing_shannon
8f1465861622 74cc54e27dc4 "/hello" 11 hours ago Exited (0) 11 hours ago hopeful_swanson
[root@localhost ~]# docker export 74d8aaf2e39d > nginx-new
[root@localhost ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg nginx-new 公共 模板 视频 图片 文档 下载 音乐 桌面
[root@localhost ~]#
#导入文件为新的镜像模板
[root@localhost ~]# cat nginx-new | docker import - nginx_latest
sha256:d9a0c03a9908cd79cb48b343d71fbc6dac93fe9de95d7b7ad1b0e67f4c157c31
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx_latest latest d9a0c03a9908 5 seconds ago 191MB
tomcat latest 2a7d7fc4d2f8 3 days ago 476MB
nginx latest 9592f5595f2b 13 days ago 192MB
centos 7 eeb6ee3f44bd 3 years ago 204MB
[root@localhost ~]#
#展示所有容器的ID
[root@localhost ~]# docker ps -aq
74d8aaf2e39d
93f5b8971767
ddee20933c38
8d11348f0132
8f1465861622
[root@localhost ~]#
#删除容器
[root@localhost ~]# docker ps -aq
74d8aaf2e39d
93f5b8971767
ddee20933c38
8d11348f0132
8f1465861622
[root@localhost ~]# docker rm 93f5b8971767
93f5b8971767
[root@localhost ~]# docker ps -aq
74d8aaf2e39d
ddee20933c38
8d11348f0132
8f1465861622
[root@localhost ~]#
#强制删除容器(不管在不在运行)
docker rm -f 容器名
#批量删除不在运行的容器,对于正在运行的容器
#对于正在运行的docker容器rm 命令并不能将他删除,所以我们可以使用这个命令来删除不在运行的docker容器
[root@localhost ~]# docker rm `docker ps -aq`
ddee20933c38
8d11348f0132
8f1465861622
Error response from daemon: cannot remove container "/gallant_murdock": container is running: stop the container before removing or force remove
[root@localhost ~]# docker ps -aq
74d8aaf2e39d
[root@localhost ~]#
3、docker工作流程
3.1 docker的整体流程
- 开发者编写应用代码,并创建描述依赖环境的
Dockerfile(如基础镜像、运行命令)。 - 构建镜像:使用
docker build命令将Dockerfile和应用文件打包为二进制镜像,镜像分层存储且不可变。 - 存储镜像:将镜像推送到 Docker Hub 或私有 Registry,便于跨环境分发。
- 运行容器:通过
docker run命令从镜像创建容器,利用 Linux 内核的 Namespace 和 Cgroup 实现资源隔离。 - 容器生命周期管理:使用
docker start/stop/restart等命令控制容器状态,容器退出时保留变更(可提交为新镜像)。 - 服务编排(可选):复杂应用通过 Docker Compose(单机多容器)或 Kubernetes(集群管理)定义服务关系,实现自动部署、扩缩容等。
3.2 docker拉取镜像的流程
- 先找需要pull的镜像本地是否存在
- 再找
/etc/docker/daemon.json中指定的仓库位置 - 找dockerhub官网(一般连接不上)
图示
4、docker的服务暴露
4.1 docker的网络模式
命令:docker network ls
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3621b2f4e7e7 bridge bridge local
16b1bfc3551a host host local
871c93b3c1b2 none null local
[root@localhost ~]#
4.2 docker bridge模式
# 网卡配置
[root@localhost ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:2eff:feea:6991 prefixlen 64 scopeid 0x20<link>
ether 02:42:2e:ea:69:91 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1768 (1.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth0dbee12: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::1cfe:43ff:fedc:f7b2 prefixlen 64 scopeid 0x20<link>
ether 1e:fe:43:dc:f7:b2 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21 bytes 2424 (2.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#容器开启情况
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
74d8aaf2e39d nginx:latest "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp gallant_murdock
[root@localhost ~]#
查看容器的详细信息
[root@localhost ~]# docker inspect 74d8aaf2e39d
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "02:42:ac:11:00:02",
"NetworkID": "3621b2f4e7e74caf4ed38194f890f2fdc630ab78f3e7175e9d6f6279c1d87e4c",
"EndpointID": "7f6f717bf7c73d234cf8378601551465af5b725538e8878460aedf12f2966f9f",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": null,
"DNSNames": null
bridge模式详解
4.2.1 随机端口映射
[root@localhost ~]# docker run -d --name test1 -P nginx:latest
09819fd5293b3871d29c304d261f38312937d80047dddaf53adadf3c195df083
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
09819fd5293b nginx:latest "/docker-entrypoint.…" 30 seconds ago Up 29 seconds 0.0.0.0:32768->80/tcp, :::32768->80/tcp test1
74d8aaf2e39d nginx:latest "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp gallant_murdock
[root@localhost ~]#
4.2.2 指定端口映射
[root@localhost ~]# docker run -d --name test2 -p 33768:80 nginx:latest
f7ad0314165fd84fbdd4b834fd74fea39560a7831f1cc2f2147cd4a4fb1db5a4
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7ad0314165f nginx:latest "/docker-entrypoint.…" 2 seconds ago Up 1 second 0.0.0.0:33768->80/tcp, :::33768->80/tcp test2
09819fd5293b nginx:latest "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:32768->80/tcp, :::32768->80/tcp test1
74d8aaf2e39d nginx:latest "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp gallant_murdock
[root@localhost ~]#
4.3 host模式
Docker的host网络模式是一种特殊的网络配置,它允许容器直接使用宿主机的网络栈而非通过Docker默认的网络隔离机制。在这种模式下,容器不会获得独立的IP地址、端口空间或网络接口,而是与宿主机共享这些网络资源,容器内的网络行为与宿主机完全一致,例如容器监听0.0.0.0:80会直接占用宿主机的80端口。使用时只需在运行容器时通过–net=host参数指定即可,这种模式的优势在于简化了网络配置,无需配置端口映射,容器内服务可直接通过宿主机IP和端口被外部访问,同时避免了Docker网络虚拟化带来的转发延迟,实现了接近原生宿主机水平的高性能网络,还能让容器内直接访问宿主机的本地网络服务而无需额外配置网络互通。不过它也存在局限性,容器内服务使用的端口必须与宿主机及其他host模式容器的端口不冲突,否则会启动失败,且由于容器与宿主机共享网络栈,容器内的网络行为可能影响宿主机,安全性降低,同时依赖宿主机IP和端口的服务在迁移到其他主机时需要重新配置,跨主机移植性差,也不支持Docker的自定义网络插件,限制了跨主机容器通信的灵活性。该模式适用于对网络性能要求极高的服务、需要直接访问宿主机本地服务以及简单的单机服务部署等场景,与桥接模式和Overlay模式相比,它在性能上具有优势,但在网络隔离和跨主机通信方面存在不足。
特点
- 使用参数–network host 指定
- 共享主机网络
- 网络性能无损耗
- 网络故障排障相对简单
- 容器之间网络无隔离
- 网络资源无法分别统计
- 端口管理困难,容易产生端口冲突
- 不支持端口映射
[root@localhost ~]# docker run -d --network host --name web3 nginx:latest
f5b6204b69a66925b968a056aa2ae4a627f19006b4289eae99d4a7bf72fc9936
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f5b6204b69a6 nginx:latest "/docker-entrypoint.…" 11 seconds ago Up 11 seconds web3
f7ad0314165f nginx:latest "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 0.0.0.0:33768->80/tcp, :::33768->80/tcp test2
09819fd5293b nginx:latest "/docker-entrypoint.…" 8 minutes ago Up 8 minutes 0.0.0.0:32768->80/tcp, :::32768->80/tcp test1
74d8aaf2e39d nginx:latest "/docker-entrypoint.…" About an hour ago Up About an hour 80/tcp gallant_murdock
[root@localhost ~]#
#查看容器详细内容
[root@localhost ~]# docker inspect f5b6204b69a6
"Networks": {
"host": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "",
"NetworkID": "16b1bfc3551ab5ff4968dc286f76b48936c125f78bf039d97a1d88c36df7d272",
"EndpointID": "bbe937f9887b469ada3ba015b7b635c7fe40e3a0af9d9877170b9d0ac87a86b6",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": null,
"DNSNames": null
}
}
}
}
4.4 container模式
Docker的container网络模式允许容器共享另一个容器的网络栈,而非使用宿主机或独立网络。通过--net=container:<目标容器名>参数指定后,新容器将与目标容器共用IP地址、端口空间和网络接口,两者可通过localhost直接通信,无需端口映射。这种模式提供了轻量级隔离(文件系统、进程空间等仍独立),适合需要紧密协作的服务(如Web应用与缓存服务),但需注意端口冲突和目标容器生命周期依赖问题。性能接近host模式,但网络范围仅限于容器间,不暴露到宿主机外部,常用于提升容器间通信效率并简化网络配置。
container模式特点
- 使用参数–network container 指定
- 与宿主机网络空间间隔
- 容器共享网络空间
- 适合频繁的容器间的网络通信
[root@localhost ~]# docker run -itd --name web1 nginx:latest bash
364c9fd174dd2dd24d784ba6e578605a083c6207f5bece7b473538d0912951cc
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
364c9fd174dd nginx:latest "/docker-entrypoint.…" 10 seconds ago Up 9 seconds 80/tcp web1
[root@localhost ~]# docker run -itd --name web2 --network=container:web1 nginx:latest bash
f58fc14af25523368dedb181aa09abb437dd76d9cad59312ed5014e55e2e1063
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f58fc14af255 nginx:latest "/docker-entrypoint.…" 6 seconds ago Up 5 seconds web2
364c9fd174dd nginx:latest "/docker-entrypoint.…" About a minute ago Up About a minute 80/tcp web1
[root@localhost ~]#
#查看指定容器的IP地址
[root@localhost ~]# docker inspect 364c9fd174dd
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "02:42:ac:11:00:02",
"NetworkID": "3621b2f4e7e74caf4ed38194f890f2fdc630ab78f3e7175e9d6f6279c1d87e4c",
"EndpointID": "2d10fad21be6132aaccf82c1cfdf88e6b207710be97dc24ce730351e84640e61",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": null,
"DNSNames": null
#查看另一个容器的IP地址
[root@localhost ~]# docker inspect f58fc14af255
"NetworkSettings": {
"Bridge": "",
"SandboxID": "",
"SandboxKey": "",
"Ports": {},
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {}
}
4.5 自定义模式
Docker的自定义网络模式允许用户创建符合特定需求的网络环境,突破默认桥接网络的限制。通过自定义网络(如bridge、overlay、macvlan),可实现容器间的安全隔离与互通(如按项目或职能分组)、自动DNS解析(容器通过名称而非IP通信)、灵活的IP分配与子网划分,以及跨主机集群通信(如overlay网络支持Swarm或Kubernetes)。这种模式还支持网络插件扩展(如Calico、Weave Net),提供高级功能(如网络策略、多租户隔离),使容器网络更贴近生产环境需求,提升可管理性与安全性。
docker 自定义网络的配置思路
- 查询当前网络模式
- 自定义创建网络
- 创建容器、指定自定义网络
- inspect查看网络容器
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3621b2f4e7e7 bridge bridge local
16b1bfc3551a host host local
871c93b3c1b2 none null local
[root@localhost ~]# docker network create gfy_net --driver bridge --subnet 172.20.0.0/16 --gateway 172.20.0.1
67480958bd788db643ed8b5603b9d83aab92bd783efd2745f2e1182acc395a6f
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3621b2f4e7e7 bridge bridge local
67480958bd78 gfy_net bridge local
16b1bfc3551a host host local
871c93b3c1b2 none null local
[root@localhost ~]# docker run -itd --name gfy --network gfy_net nginx:latest
940b182e84bef5efef91d3e9a3775a21cd663269c5842b0f945fc9a19fdd2354
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
940b182e84be nginx:latest "/docker-entrypoint.…" 5 seconds ago Up 4 seconds 80/tcp gfy
f58fc14af255 nginx:latest "/docker-entrypoint.…" 17 minutes ago Up 17 minutes web2
364c9fd174dd nginx:latest "/docker-entrypoint.…" 18 minutes ago Up 18 minutes 80/tcp web1
[root@localhost ~]# docker inspect 940b182e84be
....
gfy_net": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"MacAddress": "02:42:ac:14:00:02",
"NetworkID": "67480958bd788db643ed8b5603b9d83aab92bd783efd2745f2e1182acc395a6f",
"EndpointID": "7526d6ca62eb12b85b4bfdd71f81c5618676bab2beac2fb66ca537813fccdb5f",
"Gateway": "172.20.0.1",
"IPAddress": "172.20.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"DriverOpts": null,
"DNSNames": [
"gfy",
"940b182e84be"
【补充】docker检测现有网络的命令
# docker network inspect $(docker network ls -q) | grep -E '"Subnet"|"Name"'
[root@localhost ~]# docker network inspect $(docker network ls -q) | grep -E '"Subnet"|"Name"'
"Name": "bridge",
"Subnet": "172.17.0.0/16",
"Name": "web1",
"Name": "gfy_net",
"Subnet": "172.20.0.0/16",
"Name": "gfy",
"Name": "host",
"Name": "none",
[root@localhost ~]#
4.6 总结
- Host:容器使用宿主机的 IP 和端口。
- Container:容器与另一个指定容器共享 IP 和端口范围。
- None:关闭容器的网络功能。
- Bridge:默认模式,为每个容器分配 IP 并连接到
docker0虚拟网桥。 - 自定义网络:允许用户自定义网络配置。