开门见山直接上脚本!
#!/bin/sh
# 下载Compose二进制
curl -L https://github.com/docker/compose/releases/download/1.28.4/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
# 安装 Docker 程序
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum makecache fast
yum -y install docker-ce
# 如果在 CentOS8 上面提示 containerd.io 版本不匹配请尝试手动安装 containerd.io
dnf install https://download.docker.com/linux/centos/8/x86_64/stable/Packages/containerd.io-1.4.3-3.1.el8.x86_64.rpm
# 添加 Docker 镜像服务器
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://ustc-edu-cn.mirror.aliyuncs.com/",
"https://hub-mirror.c.163.com/"
]
}
EOF
# 开启TSL远程连接
# 准备证书请参阅 https://6xyun.cn/article/94
# 生成证书之后上传到 /etc/docker/ 目录下
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": [
"https://ustc-edu-cn.mirror.aliyuncs.com/",
"https://hub-mirror.c.163.com/"
],
"hosts":["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"],
"tlsverify":true,
"tlscacert":"/etc/docker/ca.crt",
"tlscert":"/etc/docker/server.crt",
"tlskey":"/etc/docker/server.key"
}
EOF
# 测试证书配置
docker --tlsverify --tlscacert=/etc/docker/ca.crt --tlscert=/etc/docker/server.crt --tlskey=/etc/docker/server.key -H tcp://127.0.0.1:2376 version
# 如果修改后服务无法启动, 首先检查 JSON 格式,
# 然后就是去掉 service 里面的 -H fd://,
# 这个和上面的 JSON 冲突, 修改后再重启即可
sed -i "s? -H fd://??" /usr/lib/systemd/system/docker.service
# 设置自启 & 重新启动服务
systemctl enable docker
systemctl daemon-reload
systemctl restart docker
# 删除没有 tag 的镜像
docker images --all | grep none | awk '{print $3 }' | xargs docker rmi
echo > /var/log/wtmp
echo > /var/log/btmp
# 开启防火墙 NAT 转发(在 CentOS8 上 Docker会出现服务之间无法通信)
# https://github.com/docker/for-linux/issues/957
firewall-cmd --add-masquerade --permanent
firewall-cmd --reload