开门见山直接上脚本!
#!/bin/sh
下载Compose二进制
curl -L https://github.com/docker/compose/releases/download/1.28.4/docker-compose-uname -s-uname -m > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
安装 Docker 程序
yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo yum makecache fast yum -y install docker-ce
如果在 CentOS8 上面提示 containerd.io 版本不匹配请尝试手动安装 containerd.io
dnf install https://download.docker.com/linux/centos/8/x86_64/stable/Packages/containerd.io-1.4.3-3.1.el8.x86_64.rpm
添加 Docker 镜像服务器
mkdir -p /etc/docker tee /etc/docker/daemon.json <<EOF { "registry-mirrors": [ "https://ustc-edu-cn.mirror.aliyuncs.com/", "https://hub-mirror.c.163.com/" ] } EOF
开启TSL远程连接
准备证书请参阅 https://6xyun.cn/article/94
生成证书之后上传到 /etc/docker/ 目录下
mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": [ "https://ustc-edu-cn.mirror.aliyuncs.com/", "https://hub-mirror.c.163.com/" ], "hosts":["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"], "tlsverify":true, "tlscacert":"/etc/docker/ca.crt", "tlscert":"/etc/docker/server.crt", "tlskey":"/etc/docker/server.key" } EOF
测试证书配置
docker --tlsverify --tlscacert=/etc/docker/ca.crt --tlscert=/etc/docker/server.crt --tlskey=/etc/docker/server.key -H tcp://127.0.0.1:2376 version
如果修改后服务无法启动, 首先检查 JSON 格式,
然后就是去掉 service 里面的 -H fd://,
这个和上面的 JSON 冲突, 修改后再重启即可
sed -i "s? -H fd://??" /usr/lib/systemd/system/docker.service
设置自启 & 重新启动服务
systemctl enable docker systemctl daemon-reload systemctl restart docker
删除没有 tag 的镜像
docker images --all | grep none | awk '{print $3 }' | xargs docker rmi echo > /var/log/wtmp echo > /var/log/btmp
开启防火墙 NAT 转发(在 CentOS8 上 Docker会出现服务之间无法通信)
https://github.com/docker/for-linux/issues/957
firewall-cmd --add-masquerade --permanent firewall-cmd --reload
1 | # 引用 |