1.准备构建上下文
[root@host1 ~]# mkdir dockerfile-test && cd dockerfile-test
[root@host1 dockerfile-test]# touch nginx.repo
[root@host1 dockerfile-test]# touch Dockerfile
[root@host1 dockerfile-test]# vi nginx.repo
[root@host1 dockerfile-test]# cat nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/9Stream/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/9Stream/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key2.编写 Dockerfile
[root@host1 dockerfile-test]# vi Dockerfile
[root@host1 dockerfile-test]# cat Dockerfile
# 1. 基础镜像:使用 CentOS Stream 9 官方镜像(匹配目标源版本)
FROM centos/stream9:latest
# 2. 维护者信息(可选,标注镜像归属)
LABEL maintainer="your-name <your-email@example.com>" \
os.version="CentOS-Stream-9-20250903.0" \
nginx.repo.version="stable"
# 3. 复制本地适配 Stream 9 的 nginx.repo 到容器 YUM 源目录
# 路径 /etc/yum.repos.d/ 是 CentOS Stream 9 标准 YUM 源目录
COPY nginx.repo /etc/yum.repos.d/
# 4. 安装 Nginx(适配 Stream 9 的 YUM 操作)
RUN set -eux; \
# 1. 导入 Nginx GPG 密钥(避免 Stream 9 下校验失败)
rpm --import https://nginx.org/keys/nginx_signing.key; \
# 2. 清理旧缓存,生成新缓存(Stream 9 推荐用 dnf,兼容 yum)
dnf clean all; \
dnf makecache fast; \
# 3. 安装 Nginx(--setopt=tsflags=nodocs 减少镜像体积,不安装文档)
dnf install -y nginx --setopt=tsflags=nodocs; \
# 4. 清理缓存(进一步减小镜像体积)
dnf clean all; \
# 5. 确保 Nginx 运行目录权限(Stream 9 下默认权限可能更严格)
chown -R nginx:nginx /var/log/nginx /var/run/nginx; \
chmod 755 /var/log/nginx /var/run/nginx
# 5. 暴露 Nginx 默认端口(80/tcp,与配置一致)
EXPOSE 80/tcp
# 6. 配置 Nginx 前台运行(关键:避免容器启动后立即退出)
# Stream 9 下 Nginx 二进制路径与传统 CentOS 一致,无需调整
CMD ["nginx", "-g", "daemon off;"]3.使用 docker build 命令构建镜像
注意:访问不了外网改用本地部署
4.离线环境下基于 CentOS 构建 Nginx Docker 镜像
1.本地 CentOS 基础镜像制作(核心:替代在线镜像)
# 打包系统根目录(排除动态目录与设备文件,避免镜像异常)
sudo tar -czf centos-local-rootfs.tar.gz \
--exclude=/proc --exclude=/sys --exclude=/dev --exclude=/tmp --exclude=/var/tmp \
/# 导入打包文件为Docker基础镜像
sudo docker import centos-local-rootfs.tar.gz centos-local:base[root@host1 ~]# sudo tar -czf centos-local-rootfs.tar.gz \
--exclude=/proc --exclude=/sys --exclude=/dev --exclude=/tmp --exclude=/var/tmp \
/
tar: 从成员名中删除开头的“/”
tar: /run/docker.sock: 忽略套接字(socket)
tar: /run/docker/metrics.sock: 忽略套接字(socket)
tar: /run/docker/libnetwork/1d7343f57de7.sock: 忽略套接字(socket)
tar: /run/containerd/s/9084af067cbc0fd363a366468af18f682023e35e8d8440d8ee65311f80a1febb: 忽略套接字(socket)
tar: /run/containerd/containerd.sock: 忽略套接字(socket)
tar: /run/containerd/containerd.sock.ttrpc: 忽略套接字(socket)
tar: /run/vmware/guestServicePipe: 忽略套接字(socket)
tar: /run/chrony/chronyd.sock: 忽略套接字(socket)
tar: /run/mcelog-client: 忽略套接字(socket)
tar: /run/irqbalance/irqbalance995.sock: 忽略套接字(socket)
tar: /run/.heim_org.h5l.kcm-socket: 忽略套接字(socket)
tar: /run/avahi-daemon/socket: 忽略套接字(socket)
tar: /run/setroubleshoot/setroubleshoot_server: 忽略套接字(socket)
tar: /run/lsm/ipc/simc: 忽略套接字(socket)
tar: /run/lsm/ipc/sim: 忽略套接字(socket)
tar: /run/cups/cups.sock: 忽略套接字(socket)
tar: /run/lvm/lvmpolld.socket: 忽略套接字(socket)
tar: /run/user/0/pipewire-0-manager: 忽略套接字(socket)
tar: /run/user/0/pipewire-0: 忽略套接字(socket)
tar: /run/user/0/bus: 忽略套接字(socket)
tar: /run/user/0/systemd/private: 忽略套接字(socket)
tar: /run/user/0/systemd/notify: 忽略套接字(socket)
tar: /run/user/0/systemd/inaccessible/sock: 忽略套接字(socket)
tar: /run/user/42/wayland-0: 忽略套接字(socket)
tar: /run/user/42/pipewire-0-manager: 忽略套接字(socket)
tar: /run/user/42/pipewire-0: 忽略套接字(socket)
tar: /run/user/42/pulse/native: 忽略套接字(socket)
tar: /run/user/42/bus: 忽略套接字(socket)
tar: /run/user/42/systemd/private: 忽略套接字(socket)
tar: /run/user/42/systemd/notify: 忽略套接字(socket)
tar: /run/user/42/systemd/inaccessible/sock: 忽略套接字(socket)
tar: /run/udev/control: 忽略套接字(socket)
tar: /run/dbus/system_bus_socket: 忽略套接字(socket)
tar: /run/systemd/coredump: 忽略套接字(socket)
tar: /run/systemd/private: 忽略套接字(socket)
tar: /run/systemd/journal/io.systemd.journal: 忽略套接字(socket)
tar: /run/systemd/journal/stdout: 忽略套接字(socket)
tar: /run/systemd/journal/socket: 忽略套接字(socket)
tar: /run/systemd/journal/dev-log: 忽略套接字(socket)
tar: /run/systemd/io.system.ManagedOOM: 忽略套接字(socket)
tar: /run/systemd/userdb/io.systemd.DynamicUser: 忽略套接字(socket)
tar: /run/systemd/notify: 忽略套接字(socket)
tar: /run/systemd/inaccessible/sock: 忽略套接字(socket)
tar: /root/centos-local-rootfs.tar.gz: 在我们读入文件时文件发生了变化
tar: 从硬连接目标中删除开头的“/”
[root@host1 ~]# sudo docker import centos-local-rootfs.tar.gz centos-local:base
sha256:e34186ee4bfa2e4b483206b0c4f9c26b329a7d900c5bf090f151010076210e1b验证镜像
[root@host1 ~]# docker images | grep centos-local
centos-local base e34186ee4bfa 12 seconds ago 6.43GB2.Nginx 离线 RPM 包下载(依赖本地 YUM 源)
[root@host1 ~]# yum install -y yum-utils
上次元数据过期检查:7:51:09 前,执行于 2025年09月10日 星期三 15时04分04秒。
软件包 yum-utils-4.3.0-22.el9.noarch 已安装。
依赖关系解决。
无需任何处理。
完毕!
[root@host1 ~]# yumdownloader --resolve --destdir=nginx-rpms nginx
上次元数据过期检查:7:51:15 前,执行于 2025年09月10日 星期三 15时04分04秒。
(1/4): nginx-filesystem-1.20.1-24.el9.noarch.rpm 26 kB/s | 9.3 kB 00:00
(2/4): nginx-1.20.1-24.el9.x86_64.rpm 74 kB/s | 36 kB 00:00
(3/4): nginx-core-1.20.1-24.el9.x86_64.rpm 856 kB/s | 570 kB 00:00
(4/4): centos-logos-httpd-90.8-3.el9.noarch.rpm 1.3 MB/s | 1.5 MB 00:01 验证
[root@host1 ~]# ls -l nginx-rpms/
总用量 2168
-rw-r--r--. 1 root root 1579851 9月 10 22:55 centos-logos-httpd-90.8-3.el9.noarch.rpm
-rw-r--r--. 1 root root 37053 9月 10 22:55 nginx-1.20.1-24.el9.x86_64.rpm
-rw-r--r--. 1 root root 583889 9月 10 22:55 nginx-core-1.20.1-24.el9.x86_64.rpm
-rw-r--r--. 1 root root 9479 9月 10 22:55 nginx-filesystem-1.20.1-24.el9.noarch.rpm3.修正Dockerfile
FROM centos-local:base
LABEL maintainer="tester@abc.com"
# 复制离线RPM包到容器内
COPY ./nginx-rpms /tmp/nginx-rpms
# 离线安装Nginx(禁用外网源+忽略GPG校验)
RUN yum localinstall -y /tmp/nginx-rpms/*.rpm \
--nogpgcheck \
--disablerepo=* \ # 新增反斜杠,确保命令连续性
&& yum clean all \
&& rm -rf /tmp/nginx-rpms # 清理RPM包,减小镜像体积
# 自定义Nginx首页内容
RUN echo "Hello! This is nginx server (offline build)" > /usr/share/nginx/html/index.html
# 暴露Nginx默认端口
EXPOSE 80
# 前台启动Nginx(避免容器退出)
CMD ["nginx", "-g", "daemon off;"]4.镜像构建与问题排查
[root@host1 dockerfile-test]# docker build -t centos-with-nginx:1.0 .
[+] Building 0.0s (6/8) docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 475B 0.0s
=> [internal] load metadata for docker.io/library/centos-local:base 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 2B 0.0s
=> [1/4] FROM docker.io/library/centos-local:base 0.0s
=> ERROR [2/4] COPY ./nginx-rpms /tmp/nginx-rpms 0.0s
------
> [2/4] COPY ./nginx-rpms /tmp/nginx-rpms:
------
Dockerfile:5
--------------------
3 | LABEL maintainer="tester@abc.com"
4 |
5 | >>> COPY ./nginx-rpms /tmp/nginx-rpms
6 |
7 | RUN yum localinstall -y /tmp/nginx-rpms/*.rpm \
--------------------
ERROR: failed to build: failed to solve: failed to compute cache key: failed to calculate checksum of ref af1a50fb-c1e8-4693-96ea-aea71e06623b::ox2260dtgoy01masgivj3hc3a: "/nginx-rpms": not found
[root@host1 dockerfile-test]# sudo find / -name "nginx-rpms" -type d
/root/nginx-rpms
[root@host1 dockerfile-test]# mv /root/nginx-rpms /root/dockerfile-test/
[root@host1 dockerfile-test]# cd /root/dockerfile-test
[root@host1 dockerfile-test]# ls -l
总用量 4
-rw-r--r--. 1 root root 376 9月 10 23:08 Dockerfile
drwxr-xr-x. 2 root root 184 9月 10 22:55 nginx-rpms
[root@host1 dockerfile-test]# docker build -t centos-with-nginx:1.0 .
[+] Building 1.8s (9/9) FINISHED docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 475B 0.0s
=> [internal] load metadata for docker.io/library/centos-local:base 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 2.21MB 0.0s
=> CACHED [1/4] FROM docker.io/library/centos-local:base 0.0s
=> [2/4] COPY ./nginx-rpms /tmp/nginx-rpms 0.0s
=> [3/4] RUN yum localinstall -y /tmp/nginx-rpms/*.rpm --nogpgcheck --disablerepo=* 1.4s
=> [4/4] RUN echo "Hello! This is nginx server (offline build)" > /usr/share/nginx/html/index 0.2s
=> exporting to image 0.2s
=> => exporting layers 0.2s
=> => writing image sha256:7c5315069664141b331877afb32716dc6f0a9918731e8717a449ff564560fc20 0.0s
=> => naming to docker.io/library/centos-with-nginx:1.0 5.镜像功能验证
[root@host1 dockerfile-test]# docker images | grep centos-with-nginx
centos-with-nginx 1.0 7c5315069664 6 minutes ago 6.54GB
[root@host1 dockerfile-test]# docker run -d -p 8080:80 --name test-nginx centos-with-nginx:1.0
7ecac05c7dac295bd2d80a68dd540ae8cf7b19174609dfb614c11722b525e7a4
[root@host1 dockerfile-test]# docker ps | grep test-nginx
7ecac05c7dac centos-with-nginx:1.0 "nginx -g 'daemon of…" 11 seconds ago Up 11 seconds 0.0.
0.0:8080->80/tcp, [::]:8080->80/tcp test-nginx
[root@host1 dockerfile-test]# curl http://localhost:8080
Hello! This is nginx server (offline build)