1. 容器网络管理
Bridge 网络管理
bash
# 1. 安装epel
[root@localhost ~]# dnf install -y https://mirrors.aliyun.com/epel/epel-release-latest-9.noarch.rpm
# 2. 安装工具
[root@localhost ~]# dnf install -y bridge-utils
# 3. 查看bridge网络
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.920bf364e96c no veth4fc6117
veth645d9ec
[root@localhost ~]# 模式演示
bash
# 1. 查看本机镜像
[root@localhost ~]# docker images
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
mysql:8.4.3 106d5197fd8e 824MB 186MB
mysql:8.4.8 63e8ae20eaef 1.09GB 249MB U
nginx:1.28.1 0a1f2fb3231e 237MB 65.7MB U
tomcat:11.0.15 5331fbfae41c 582MB 157MB U
# 2. 创建一个busybox容器
[root@localhost ~]# docker run --name bx1 -it --network bridge --rm busybox:latest
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
61dfb50712f5: Pull complete
96cfb76e59bd: Download complete
Digest: sha256:e226d6308690dbe282443c8c7e57365c96b5228f0fe7f40731b5d84d37a06839
Status: Downloaded newer image for busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 26:68:61:c1:73:34 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 26:68:61:C1:73:34
inet addr:172.17.0.2 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1016 (1016.0 B) TX bytes:126 (126.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
/ # ping 192.168.72.169
PING 192.168.72.169 (192.168.72.169): 56 data bytes
64 bytes from 192.168.72.169: seq=0 ttl=64 time=0.194 ms
64 bytes from 192.168.72.169: seq=1 ttl=64 time=0.139 ms
64 bytes from 192.168.72.169: seq=2 ttl=64 time=0.074 ms
^C
--- 192.168.72.169 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.074/0.135/0.194 msHost 网络管理
bash
# 1. 查看本地镜像
[root@localhost ~]# docker images
IMAGE ID DISK USAGE CONTENT SIZE EXTRA
busybox:latest e226d6308690 6.7MB 2.22MB
mysql:8.4.3 106d5197fd8e 824MB 186MB
mysql:8.4.8 63e8ae20eaef 1.09GB 249MB U
nginx:1.28.1 0a1f2fb3231e 237MB 65.7MB U
tomcat:11.0.15 5331fbfae41c 582MB 157MB U
# 2. 创建一个容器,并把它的网络模式设置为 host 模式
[root@localhost ~]# docker run --name bx2 -it --rm --network host busybox:latest
/ #
# 3. 查看网络信息
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:0c:29:03:20:89 brd ff:ff:ff:ff:ff:ff
inet 192.168.72.169/24 brd 192.168.72.255 scope global dynamic noprefixroute ens160
valid_lft 1571sec preferred_lft 1571sec
inet6 fe80::20c:29ff:fe03:2089/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 92:0b:f3:64:e9:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::900b:f3ff:fe64:e96c/64 scope link
valid_lft forever preferred_lft forever
/ #
# 4. 查看宿主机的网络
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:03:20:89 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 192.168.72.169/24 brd 192.168.72.255 scope global dynamic noprefixroute ens160
valid_lft 1550sec preferred_lft 1550sec
inet6 fe80::20c:29ff:fe03:2089/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 92:0b:f3:64:e9:6c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::900b:f3ff:fe64:e96c/64 scope link
valid_lft forever preferred_lft forever可以发现,它们是一样的。
bash
/ # ping -c 3 192.168.72.169
PING 192.168.72.169 (192.168.72.169): 56 data bytes
64 bytes from 192.168.72.169: seq=0 ttl=64 time=0.106 ms
64 bytes from 192.168.72.169: seq=1 ttl=64 time=0.063 ms
64 bytes from 192.168.72.169: seq=2 ttl=64 time=0.067 ms
--- 192.168.72.169 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.063/0.078/0.106 ms
/ # ping -c 3 www.baidu.com
PING www.baidu.com (183.2.172.17): 56 data bytes
64 bytes from 183.2.172.17: seq=0 ttl=128 time=68.033 ms
64 bytes from 183.2.172.17: seq=1 ttl=128 time=101.226 ms
64 bytes from 183.2.172.17: seq=2 ttl=128 time=54.535 ms
--- www.baidu.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 54.535/74.598/101.226 msContainer 网络模式
1)创建一个可运行的容器,如叫 bx1
bash
[root@localhost ~]# docker run --name bx1 -it --rm busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 26:c5:25:e2:b4:bd brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
/ # echo "hello world bx1" >> /tmp/index.html
/ # httpd -h /tmp/ # 启动httpd服务
/ # netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::80 :::* LISTEN 9/httpd
/ # 2)创建一个新的容器,并指定这个容器的网络模式为前面创建的容器。
bash
[root@localhost ~]# docker run --name bx2 -it --rm --network container:bx1 busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 26:c5:25:e2:b4:bd brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # wget -O - -q 127.0.0.1 # bx1启动的httpd服务,在bx2上直接访问
hello world bx1
/ # ls /tmp/ # 但是文件系统并不共享,只共享网络
/ # None 网络模式
bash
[root@localhost ~]# docker run --name bx3 --rm -it --network none busybox:latest
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
/ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
/ # ping -c 3 192.168.72.169
PING 192.168.72.169 (192.168.72.169): 56 data bytes
ping: sendto: Network is unreachable
/ # ping -c 3 127.0.0.1
PING 127.0.0.1 (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.071 ms
64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.067 ms
64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.088 ms
--- 127.0.0.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.067/0.075/0.088 ms
/ #
/ # exit外部访问容器
bash
[root@localhost ~]# docker run --name nginx -P -d nginx:1.28.1
3d376d156c99d46450c0b4e0e0b11a53a5f89c9459f5afeab05ce5ad17167323
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3d376d156c99 nginx:1.28.1 "/docker-entrypoint...." 3 seconds ago Up 3 seconds 0.0.0.0:32768->80/tcp, [::]:32768->80/tcp nginx
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3d376d156c99 nginx:1.28.1 "/docker-entrypoint...." 14 seconds ago Up 14 seconds 0.0.0.0:32768->80/tcp, [::]:32768->80/tcp nginx映射所有端口地址
配置格式:hostPort:containerPort
bash
[root@localhost ~]# docker run --name nginx -d --network bridge -p 80:80 nginx:1.28.1
d9f557551134ba94a2a1796b467e7de1ad6a9cae4a5c8d9468b7b8a7de1e7c74
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d9f557551134 nginx:1.28.1 "/docker-entrypoint...." 3 seconds ago Up 3 seconds 0.0.0.0:80->80/tcp, [::]:80->80/tcp nginx
[root@localhost ~]# curl 192.168.72.169
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
[root@localhost ~]# curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>映射到指定地址的指定端口
配置格式:IP:hostPort:containerPort
bash
[root@localhost ~]# docker rm -f nginx
nginx
[root@localhost ~]#
[root@localhost ~]# docker run --name nginx -d -p 127.0.0.1:8080:80 nginx:1.28.1
5f2a71bec335518a614ea5d2824a7e34fb6e9437f8087bcb0e61cb072e1c9b74
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5f2a71bec335 nginx:1.28.1 "/docker-entrypoint...." 2 seconds ago Up 2 seconds 127.0.0.1:8080->80/tcp nginx
[root@localhost ~]# curl 192.168.72.169:8080
curl: (7) Failed to connect to 192.168.72.169 port 8080: Connection refused
[root@localhost ~]# curl 127.0.0.1:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>映射指定地址的任意端口
配置格式:IP::containerPort
bash
[root@localhost ~]# docker rm -f nginx
nginx
[root@localhost ~]# docker run --rm -d -p 127.0.0.1::80 nginx:1.28.1
d8671d2ebf48d0090d3a280fceb46f0a2f7852673a1beb5651424b1d65e0c561
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d8671d2ebf48 nginx:1.28.1 "/docker-entrypoint...." 3 seconds ago Up 2 seconds 127.0.0.1:32768->80/tcp friendly_elgamal
[root@localhost ~]# curl 127.0.0.1:32768
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>容器互联
新建网络
新建网络需要使用 docker network 命令,语法如下:
bash
[root@localhost ~]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network 连接一个容器到一个网络
create Create a network 创建一个网络
disconnect Disconnect a container from a network 关闭一个网络连接
inspect Display detailed information on one or more networks 查看网络详细信息
ls List networks 显示所有网络
prune Remove all unused networks 删除悬空网络
rm Remove one or more networks 删除一个或多个网络
Run 'docker network COMMAND --help' for more information on a command.1. 查看所有网络
bash
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
b37f6fb7f93b bridge bridge local
d57d29c3a22a host host local
f492b39da3cd none null local2. 新建网络
使用 docker network create 命令,语法如下:
bash
[root@localhost ~]# docker network create --help
Usage: docker network create [OPTIONS] NETWORK
Create a network
Options:
--attachable Enable manual container attachment
--aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])
--config-from string The network from which to copy the configuration
--config-only Create a configuration only network
-d, --driver string Driver to manage the Network (default "bridge")
--gateway ipSlice IPv4 or IPv6 Gateway for the master subnet (default [])
--ingress Create swarm routing-mesh network
--internal Restrict external access to the network
--ip-range ipNetSlice Allocate container ip from a sub-range (default [])
--ipam-driver string IP Address Management Driver (default "default")
--ipam-opt map Set IPAM driver specific options (default map[])
--ipv4 Enable or disable IPv4 address assignment (default true)
--ipv6 Enable or disable IPv6 address assignment
--label list Set metadata on a network
-o, --opt map Set driver specific options (default map[])
--scope string Control the network's scope
--subnet strings Subnet in CIDR format that represents a network segment使用示例:创建一个名为 my-net 的网络,它的类型是 bridge。
bash
[root@localhost ~]# docker network create -d bridge my-net
83f7b0b9c839594a9f909fefde91bf0808f42a29fdaab6690b27e726f7aa782a
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
b37f6fb7f93b bridge bridge local
d57d29c3a22a host host local
83f7b0b9c839 my-net bridge local
f492b39da3cd none null local3. 查看网络的详细信息
使用 docker network inspect 命令,语法如下:
bash
[root@localhost ~]# docker network inspect my-net
[
{
"Name": "my-net",
"Id": "83f7b0b9c839594a9f909fefde91bf0808f42a29fdaab6690b27e726f7aa782a",
"Created": "2026-01-26T14:40:24.125687312+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv4": true,
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"IPRange": "",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Options": {},
"Labels": {},
"Containers": {},
"Status": {
"IPAM": {
"Subnets": {
"172.18.0.0/16": {
"IPsInUse": 3,
"DynamicIPsAvailable": 65533
}
}
}
}
}
]连接容器
接下来创建两个容器,并使用我们创建的网络。
bash
# 1. 在会话1中创建容器
[root@localhost ~]# docker run --name bx1 -it --rm --network my-net busybox:latest sh
/ #
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if45: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 7e:72:e7:fb:e7:77 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
# 2. 在会话2中创建容器
[root@localhost ~]# docker run -it --rm --name bx2 --network my-net busybox:latest sh
/ #
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if46: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 7e:7a:8c:4a:81:16 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.3/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #
# 3. 在会话3中查看所有容器
[root@localhost ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37bcb9baadbc busybox:latest "sh" 24 seconds ago Up 24 seconds bx2
0e4ab64082c4 busybox:latest "sh" About a minute ago Up About a minute bx1
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37bcb9baadbc busybox:latest "sh" About a minute ago Up About a minute bx2
0e4ab64082c4 busybox:latest "sh" About a minute ago Up About a minute bx1由于是在同一个网络设置中(my-net),因此我们可以在容器内部通过容器名称的方式来进行访问。
bash
# 1. 在容器 bx1 中测试是否能够访问 bx2 容器
/ # ping -c 3 bx2
PING bx2 (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.257 ms
64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.085 ms
64 bytes from 172.18.0.3: seq=2 ttl=64 time=0.092 ms
--- bx2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.085/0.144/0.257 ms
/ #
# 2. 在容器 bx2 中测试是否能够访问 bx1 容器
/ # ping -c 3 bx1
PING bx1 (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.087 ms
64 bytes from 172.18.0.2: seq=1 ttl=64 time=0.108 ms
64 bytes from 172.18.0.2: seq=2 ttl=64 time=0.092 ms
--- bx1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.087/0.095/0.108 ms
/ # 接下我们再开启一个会话,并在这个会话中创建一个不同 my-net 网络的容器 bx3
bash
[root@localhost ~]# docker run -it --name bx3 --network bridge --rm busybox:latest sh
/ #
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if47: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 26:75:79:e8:45:ad brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # 然后我们在 bx3 中是测试是否能与 bx1 和 bx2 通信。
bash
/ # ping -c 3 bx1
ping: bad address 'bx1'
/ # 可以发现是无法通信。因为它们不是同一个网络,因此是隔离的。
配置DNS
1、在 /etc/docker/daemon.json 文件中配置DNS信息
bash
[root@localhost ~]# vim /etc/docker/daemon.json添加内容如下:
bash
"dns": [
"223.5.5.5",
"8.8.8.8"
],保存退出后,执行如下的命令来让配置生效,然后重启服务:
bash
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker2、创建一个新的容器
bash
[root@localhost ~]# docker run -it --rm busybox:latest cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.
nameserver 223.5.5.5
nameserver 8.8.8.8
search localdomain
# Based on host file: '/etc/resolv.conf' (legacy)
# Overrides: [nameservers]从上面的结果中可以看到,我们 DNS 配置已经生效。
3、自定义主机名
bash
[root@localhost ~]# docker run --name bx -it --rm --hostname busybox busybox:latest
/ #
/ # cat /etc/hostname
busybox
/ #
[root@localhost ~]# docker run --name bx -it --rm -h busybox busybox:latest
/ # hostname
busybox
/ # 可以看到,主机名已经自定义成功。
4、自定义IP地址
bash
[root@localhost ~]# docker run --name bx -it --rm --hostname busybox --dns 172.17.0.9 busybox:latest
/ # cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.
nameserver 172.17.0.9
search localdomain
# Based on host file: '/etc/resolv.conf' (legacy)
# Overrides: [nameservers]
/ # 5、自定义搜索域
bash
[root@localhost ~]# docker run --name bx -it --rm --hostname busybox --dns 172.17.0.9 --dns-search www.example.com busybox:latest
/ # cat /etc/resolv.conf
# Generated by Docker Engine.
# This file can be edited; Docker Engine will not make further changes once it
# has been modified.
nameserver 172.17.0.9
search www.example.com
# Based on host file: '/etc/resolv.conf' (legacy)
# Overrides: [nameservers search]
/ # 删除网络
使用 docker network rm 命令,语法如下:
bash
[root@localhost ~]# docker network rm --help
Usage: docker network rm NETWORK [NETWORK...]
Remove one or more networks
Aliases:
docker network rm, docker network remove
Options:
-f, --force Do not error if the network does not exist使用示例:删除网络名称为 my-net 的网络
bash
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
890f4823dbfc bridge bridge local
d57d29c3a22a host host local
83f7b0b9c839 my-net bridge local
f492b39da3cd none null local
[root@localhost ~]# docker network rm my-net
my-net
[root@localhost ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
890f4823dbfc bridge bridge local
d57d29c3a22a host host local
f492b39da3cd none null local⚠️❌注意:不要去删除原生的三个网络类型。
2. 容器数据管理
2.1 数据管理命令
使用 docker volume 命令,语法如下:
bash
[root@localhost _data]# docker volume --help
Usage: docker volume COMMAND
Manage volumes
Commands:
create Create a volume # 创建一个数据卷
inspect Display detailed information on one or more volumes #查看数据卷详细信息
ls List volumes # 列出所有数据卷
prune Remove unused local volumes # 删除悬空数据卷
rm Remove one or more volumes # 删除数据卷
Run 'docker volume COMMAND --help' for more information on a command.2.2 数据卷操作
使用示例:我们通过 MySQL 的数据挂载来演示如何使用数据卷
1、创建一个数据卷
bash
[root@localhost ~]# docker volume create myvol
myvol
# 验证数据卷
[root@localhost ~]# docker volume ls
DRIVER VOLUME NAME
local 2a5e1643966907ef8479b1b81c6b4c89729f899f7aa3894280b0ef26fb877769
local 7bd3f8d1bedcc267dc4da4d87f380f8dd79e94e5c2958c235b6a04adad2dea65
local 7d74a5a4af86b75f63eef05fb43293eda99b7db55d960b4c7ea71aa8539fb22b
local f09f9e42126bcb5d6a3b9ff4c8ec16913f096f47eca5ec6609d3135fb6745fba
local myvol2、查看卷的详细信息
bash
[root@localhost volumes]# docker volume inspect myvol
[
{
"CreatedAt": "2026-01-26T16:22:32+08:00",
"Driver": "local",
"Labels": null,
"Mountpoint": "/data/docker/volumes/myvol/_data",
"Name": "myvol",
"Options": null,
"Scope": "local"
}
]3、使用数据卷
bash
[root@localhost volumes]# docker run --name nginx -d -p 80:80 -v myvol:/usr/share/nginx/html nginx:1.28.1
50fa9d719f569662c967236592734d268b289e05fe95ceb34e2a98e712e78acf
[root@localhost volumes]# docker inspect nginx
...
"Mounts": [
{
"Type": "volume",
"Name": "myvol",
"Source": "/data/docker/volumes/myvol/_data",
"Destination": "/usr/share/nginx/html",
"Driver": "local",
"Mode": "z",
"RW": true,
"Propagation": ""
}
],
...4、验证数据
bash
# 1. 修改 /data/docker/volumes/myvol/_data/index.html 文件
[root@localhost volumes]# cd /data/docker/volumes/myvol/_data
[root@localhost _data]# ls
50x.html index.html
[root@localhost _data]# echo 1111 > index.html
[root@localhost _data]# cat index.html
1111
# 2. 进入容器内容,可看文件内容
[root@localhost _data]# docker exec -it nginx bash
root@50fa9d719f56:/# cd /usr/share/nginx/html/
root@50fa9d719f56:/usr/share/nginx/html# ls
50x.html index.html
root@50fa9d719f56:/usr/share/nginx/html# cat index.html
1111
# 3. 在容器内部修改index.html文件
root@50fa9d719f56:/usr/share/nginx/html# echo 2222 > index.html
root@50fa9d719f56:/usr/share/nginx/html# cat index.html
2222
# 4. 在宿主机中的目录查看文件内容
root@50fa9d719f56:/usr/share/nginx/html# exit
exit
[root@localhost _data]# ls
50x.html index.html
[root@localhost _data]# cat index.html
2222从上面的操作可以发现:我们已经把容器内部的数据共享到宿主机上了。
5、删除容器
bash
[root@localhost _data]# docker stop nginx && docker rm nginx
nginx
nginx6、重新创建一个新的容器,并将其挂载到之前的数据卷上
bash
[root@localhost volumes]# docker run --name nginx -d -p 80:80 -v myvol:/usr/share/nginx/html nginx:1.28.1
613035f32f8866d881cf15529b91d168817f18ebce9c863c431b564c0f10e29e7、然后访问这个容器
bash
[root@localhost volumes]# curl localhost
2222可以发现:数据我们的数据卷没有删除,那么别的容器挂载到这个卷后,依然可以使用之前的数据。
8、如果要想删除数据卷,我们需要关闭关联的容器,然后才去删除数据卷
bash
[root@localhost volumes]# docker stop nginx && docker rm nginx
nginx
nginx
[root@localhost volumes]# docker volume rm myvol
myvol
[root@localhost volumes]# ls
2a5e1643966907ef8479b1b81c6b4c89729f899f7aa3894280b0ef26fb877769
7bd3f8d1bedcc267dc4da4d87f380f8dd79e94e5c2958c235b6a04adad2dea65
7d74a5a4af86b75f63eef05fb43293eda99b7db55d960b4c7ea71aa8539fb22b
backingFsBlockDev
f09f9e42126bcb5d6a3b9ff4c8ec16913f096f47eca5ec6609d3135fb6745fba
metadata.db2.3 数据卷容器操作
1、在宿主机上创建目录
bash
[root@localhost ~]# mkdir /data/nginx2、通过这个目录来作为卷创建一个容器
bash
[root@localhost ~]# docker create -v /data/nginx:/data --name voldata nginx:1.28.1
6285a7ffa9935b343e616b06a1508b317aef74be3965e9be60c2642d3d3df9ea
[root@localhost ~]# docker inspect voldata
......
"Mounts": [
{
"Type": "bind",
"Source": "/data/nginx",
"Destination": "/data",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
......3、挂载数据卷
使用语法:--volume-from 卷容器名
bash
[root@localhost ~]# docker run --name n1 --volumes-from voldata --rm -d nginx:1.28.1
66d8812a5b20b8b43654939a3b6b7ec5ffd5243146b92570d9003c10c0d6b560
[root@localhost ~]# docker run --name n2 --volumes-from voldata --rm -d nginx:1.28.1
b496c0f3ef4b41b25780ef6cb6422f3b09e2962f1718016ce7abe6a40b777c8c4、验证数据共享
bash
# 1. 进入n1容器
[root@localhost ~]# docker exec -it n1 bash
root@66d8812a5b20:/# ls
bin data docker-entrypoint.d etc lib media opt root sbin sys usr
boot dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
root@66d8812a5b20:/# cd data/
root@66d8812a5b20:/data# ls
root@66d8812a5b20:/data# echo haha > n1.txt
root@66d8812a5b20:/data# cat n1.txt
haha
# 2 进入n2容器
[root@localhost volumes]# docker exec -it n2 bash
root@b496c0f3ef4b:/# cd data/
root@b496c0f3ef4b:/data# ls
n1.txt
root@b496c0f3ef4b:/data# cat n1.txt
haha
# 3. 在宿主机中查看
[root@localhost ~]# cd /data/nginx/
[root@localhost nginx]# ls
n1.txt
# 4. 在宿主机上修改
[root@localhost nginx]# echo 22222 >> n1.txt
[root@localhost nginx]# cat n1.txt
haha
22222
# 5. 在n1 和 n2 中查看
root@b496c0f3ef4b:/data# cat n1.txt
haha
22222
root@66d8812a5b20:/data# cat n1.txt
haha
222222.4 将两者结合
我们在工作中,通过使用的两者结合的方式。
1、在宿主机上创建目录
bash
[root@localhost /]# mkdir /sj2、创建容器,并挂载目录
bash
[root@localhost /]# docker run --name nginx -d -v /sj:/usr/share/nginx/html -p 80:80 nginx:1.28.1
bbf7a7612f3be50b94f6123ed6efeb9fb4d33397fe959be5b2453e92aee49051
[root@localhost /]# docker inspect nginx
.....
"Mounts": [
{
"Type": "bind",
"Source": "/sj",
"Destination": "/usr/share/nginx/html",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
.....3、查看挂载目录
bash
[root@localhost /]# ls /sj
[root@localhost /]# 4、进入容器内部
bash
[root@localhost volumes]# docker exec -it nginx bash
root@bbf7a7612f3b:/# cd /usr/share/nginx/html/
root@bbf7a7612f3b:/usr/share/nginx/html# ls
root@bbf7a7612f3b:/usr/share/nginx/html# 5、创建index.html
bash
[root@localhost /]# echo welcome to nginx > /sj/index.html
[root@localhost /]# cat /sj/index.html
welcome to nginx6、在容器中确认
bash
[root@localhost volumes]# docker exec -it nginx bash
root@bbf7a7612f3b:/# cd /usr/share/nginx/html
root@bbf7a7612f3b:/usr/share/nginx/html# ls
index.html
root@bbf7a7612f3b:/usr/share/nginx/html# cat index.html
welcome to nginx7、访问
bash
[root@localhost sj]# curl localhost
welcome to nginx