debian 12 系统容器更换阿里源和用户权限

背景：镜像 emqx/emqx:5.8.4 用户为 emqx 无权限 系统为 debian 12

使用 root 用户创建容器登录即可

发现时间不对，换阿里源之后无法更新

更换上海时区

echo "Asia/Shanghai" > /etc/timezone
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

更换阿里源

该方式在阿里源只更新到 debian 11 的文档

www-data@emqx-75dc55f996-tnczp:/opt/emqx$ cat /etc/apt/sources.list

deb https://mirrors.aliyun.com/debian/ bookworm main non-free non-free-firmware contrib
deb-src https://mirrors.aliyun.com/debian/ bookworm main non-free non-free-firmware contrib
deb https://mirrors.aliyun.com/debian-security/ bookworm-security main
deb-src https://mirrors.aliyun.com/debian-security/ bookworm-security main
deb https://mirrors.aliyun.com/debian/ bookworm-updates main non-free non-free-firmware contrib
deb-src https://mirrors.aliyun.com/debian/ bookworm-updates main non-free non-free-firmware contrib
deb https://mirrors.aliyun.com/debian/ bookworm-backports main non-free non-free-firmware contrib
deb-src https://mirrors.aliyun.com/debian/ bookworm-backports main non-free non-free-firmware contrib

apt update 即可，所花费时间较久

完成之后安装测试

apt install -y vim curl net-tools

该镜像的项目存放在 /opt/emqx 下

如需更换权限如下

chown -R www-data:www-data /opt/emqx
vim /etc/passwd 将33 uid 的www-data 用户改成 /bin/bash 即可

注意其下的 /opt/emqx/data 和 /opt/emqx/log 是volume

我们在创建容器的时候还是会改变权限为 emqx 或 root

所以需要创建的时候先复制目录到宿主机，更改宿主机目录为 www-data 权限

然后在进行挂载进去持久化

docker cp emqx:/opt/emqx/data .
docker cp emqx:/opt/emqx/log .
chmod www-data:www-data -R data
chmod www-data:www-data -R log

届时创建容器才能正常写入内容成功启动服务

换成Dockerfile如下 减少了阿里源配置

FROM emqx/emqx:5.8.4

USER root

RUN date \
&& echo "Asia/Shanghai" > /etc/timezone \
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
&& date \
&& echo "deb https://mirrors.aliyun.com/debian/ bookworm main non-free non-free-firmware contrib" > /etc/apt/sources.list \
&& echo "deb https://mirrors.aliyun.com/debian-security/ bookworm-security main" >> /etc/apt/sources.list \
&& echo "deb https://mirrors.aliyun.com/debian/ bookworm-updates main non-free non-free-firmware contrib" >> /etc/apt/sources.list \
&& apt update
RUN apt install -y net-tools \
&& chown -R www-data:www-data /opt/emqx

USER www-data

注意这里构建不一定成功，因为阿里源可能还是会显示超时更新源不了

可手动启动镜像进去执行对应命令，通过 docker commit emqx emqx:test01 保存即可

启动镜像如下

docker run -d \
  --name emqx \
  --cap-add=SYS_PTRACE \
  --security-opt seccomp=unconfined \
  -p 1883:1883 \
  -p 8083:8083 \
  -p 8084:8084 \
  -p 8883:8883 \
  -p 18083:18083 \
  -v /var/www/test01/emqx/data:/opt/emqx/data \
  -v /var/www/test01/emqx/log:/opt/emqx/log \
  emqx:test01