Docker命令入门
1. 使用容器运行 Nginx 应用
1.1 使用 docker run 命令运行 Nginx 应用
1.1.1 观察下载容器镜像过程
查找本地容器镜像文件
执行命令过程一:下载容器镜像
$ docker run -d nginx:latest
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
b3407f3b5b5b: Pull complete
a3bfeb063ded: Pull complete
10d3f5dcba63: Pull complete
6d01b3c42c10: Pull complete
ecab78f9d45d: Pull complete
7996b9ca9891: Pull complete
5850200e50af: Pull complete
Digest: sha256:84ec966e61a8c7846f509da7eb081c55c1d56817448728924a87ab32f12a72fb
Status: Downloaded newer image for nginx:latest
bfb33ebe75bc65f75c569053e8400b82a0a729ddc48dd017716cd16dad81bb0a
命令解释:
docker run:启动一个容器-d:把容器镜像中需要执行的命令以 daemon(守护进程)的方式运行nginx:应用容器镜像的名称,通常表示该镜像为某一个软件latest:表示上述容器镜像的版本,表示最新版本,用户可自定义其标识,例如v1或v2等
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bfb33ebe75bc nginx:latest "/docker-entrypoint.…" 50 seconds ago Up 49 seconds 80/tcp condescending_shamir
命令解释:
docker ps类似于 Linux 系统的 ps 命令,查看正在运行的容器,如果想查看没有运行的容器,需要在此命令后使用--all
输出内容解释:
- CONTAINERID 9834c8c18a7c
| 列名 | 值 | 说明 |
|---|---|---|
| CONTAINER ID | bfb33ebe75bc | 容器 ID |
| IMAGE | nginx:latest | 容器使用的镜像 |
| COMMAND | "/docker-entrypoint.…" | 容器中运行的命令 |
| CREATED | 50 seconds ago | 容器创建时间 |
| STATUS | Up 49 seconds | 容器状态 |
| PORTS | 80/tcp | 容器对外开放的端口 |
| NAMES | condescending_shamir | 容器名称 |
1.2 访问容器中运行的 Nginx 服务
1.2.1 确认容器 IP 地址
实际工作中不需要此步操作。
# 说明
# 使用容器 ID 的时候,如果容器 ID 的部分已经可以唯一标识该容器,则可以使用 ID 的子集
# 例如:docker inspect bfb3
$ docker inspect bfb33ebe75bc
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2", # 容器IP地址
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "d3de2fdbc30ee36a55c1431ef3ae4578392e552009f00b2019b4720735fe5a60",
"EndpointID": "d91f47c9f756ff22dc599a207164f2e9366bd0c530882ce0f08ae2278fb3d50c",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2", # 容器IP地址
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
命令解释:
docker inspect:查看容器结构信息命令bfb33ebe75bc:容器 ID 号,使用这个 ID 号时,由于其较长,使用时能最短识别即可。
1.2.2 容器网络说明
# ip a s 命令也可以查询网卡
$ ifconfig
# docker0 网桥,用于为容器提供桥接,转发到主机之外的网络
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:d5:c3:d4:cc brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:d5ff:fec3:d4cc/64 scope link
valid_lft forever preferred_lft forever
# 与容器中的虚拟网络设备在同一个命名空间中,用于把容器中的网络连接到主机
9: veth393dece@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 02:e3:11:58:54:0f brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::e3:11ff:fe58:540f/64 scope link
valid_lft forever preferred_lft forever
容器启动后,其 IP 就在 172.17.0 网段,宿主机的 IP 为172.17.0.1,第一个启动的容器的 IP 为 172.17.0.2,第二个启动的容器的 IP 为 172.17.0.3,以此类推,容器之间网络互通。
使用 docker run 命令启动容器的时候,可以使用 -p 选项来配置宿主机和容器内部网络的映射,docker 会自动添加一条 iptables 规则来实现端口映射,具体的使用方式如下:
# containerPort 映射到宿主机的 hostPort,例如 8080:80,代表容器的 80 端口映射到宿主机的 8080 端口
-p hostPort:containerPort
# containerPort 映射到宿主机的 hostPort,例如 10.0.0.11:8080:80,代表容器的 80 端口映射到 10.0.0.11:8080 地址
# 10.0.0.11是宿主机的 IP 地址,默认是 0.0.0.0:8080
# 这种情况适用于宿主机有多个 IP 地址的情况
-p ip:hostPort:containerPort
# containerPort 映射到宿主机的随机空闲端口,例如 10.0.0.11::80,代表容器的 80 端口映射到宿主机的指定 IP 的随机空闲端口 [32769-60999]
-p ip::containerPort
# 然后使用 docker ps -a 命令可以查看映射到哪个端口了
[root@bdc01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4852dfc9a4e3 f35646e83998 "/docker-entrypoin..." 27 seconds ago Up 26 seconds 10.0.0.11:32768->80/tcp nginx4
# 默认是映射到 TCP 协议端口,可以指定映射到 UDP 端口
-p hostPort:containerPort/udp
# 多个端口的映射可以使用多个 -p 参数来实现
-p 81:80 -p 443:443
# 使用 -P,也可以做到随机映射端口
# -P 自动绑定所有对外提供服务的容器端口,映射的端口将会从宿主机没有使用的端口池 [32769-60999] 中自动选择
docker run -d -P --name="nginx1" f35646e83998
1.2.3 使用 curl 命令访问
# 进入容器内部
$ docker exec -it bfb33ebe75bc /bin/sh
# 访问 nginx
# curl http://172.17.0.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
# 退出容器
# exit
2. Docker 命令
2.1 Docker 命令获取帮助方法
$ docker -h
Flag shorthand -h has been deprecated, use --help
# 使用方法
Usage: docker [OPTIONS] COMMAND
# 功能介绍
A self-sufficient runtime for containers
Common Commands:
run Create and run a new container from an image
exec Execute a command in a running container
ps List containers
build Build an image from a Dockerfile
bake Build from a file
pull Download an image from a registry
push Upload an image to a registry
images List images
login Authenticate to a registry
logout Log out from a registry
search Search Docker Hub for images
version Show the Docker version information
info Display system-wide information
# 管理类命令
Management Commands:
ai* Docker AI Agent - Ask Gordon
builder Manage builds
buildx* Docker Buildx
cloud* Docker Cloud
compose* Docker Compose
container Manage containers
context Manage contexts
debug* Get a shell into any image or container
desktop* Docker Desktop commands
extension* Manages Docker extensions
image Manage images
init* Creates Docker-related starter files for your project
manifest Manage Docker image manifests and manifest lists
mcp* Docker MCP Plugin
model* Docker Model Runner (EXPERIMENTAL)
network Manage networks
plugin Manage plugins
sbom* View the packaged-based Software Bill Of Materials (SBOM) for an image
scout* Docker Scout
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Swarm Commands:
swarm Manage Swarm
# 未分组命令
Commands:
attach Attach local standard input, output, and error streams to a running container
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
export Export a container's filesystem as a tar archive
history Show the history of an image
import Import the contents from a tarball to create a filesystem image
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
save Save one or more images to a tar archive (streamed to STDOUT by default)
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
wait Block until one or more containers stop, then print their exit codes
# 全局选项
Global Options:
--config string Location of client config files (default "/Users/yangyunhe/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default
context set with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket to connect to
-l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/Users/yangyunhe/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/Users/yangyunhe/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/Users/yangyunhe/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Run 'docker COMMAND --help' for more information on a command.
For more help on how to use Docker, head to https://docs.docker.com/go/guides/
2.2 Docker官网提供的命令说明
网址链接:https://docs.docker.com/reference/cli/docker/
2.3 docker 命令应用
2.3.1 docker run
# docker run -i -t --name c1 centos:latest bash
[root@948f234e22a1 /]#
命令解释:
docker run:运行一个命令在容器中,命令是主体,没有命令容器就会消亡-i:交互式-t:提供终端--name c1:把将运行的容器命名为c1centos:latest:使用 centos 最新版本容器镜像bash:在容器中执行的命令--rm:在退出容器后删除容器
# 查看主机名
[root@948f234e22a1 /]#
# 查看网络信息
[root@948f234e22a1 /]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
# 查看进程
[root@948f234e22a1 /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 12036 2172 pts/0 Ss 09:58 0:00 bash
root 16 0.0 0.0 44652 1784 pts/0 R+ 10:02 0:00 ps aux
# 查看用户
[root@948f234e22a1 /]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
# 查看目录
[root@948f234e22a1 /]# pwd
/
[root@948f234e22a1 /]# ls
bin etc lib lost+found mnt proc run srv tmp var
dev home lib64 media opt root sbin sys usr
# 退出命令执行,观察容器运行情况
[root@948f234e22a1 /]# exit
2.3.2 docker ps
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
命令解释:
docker ps:查看正在运行的容器,本案例由于没有命令在容器中运行,因此容器被停止了,所以本次查看没有结果。
# -a, --all 可以查看正在运行的和停止运行的容器
$ docker ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
948f234e22a1 centos:latest "bash" 10 minutes ago Exited (0) 2 minutes ago c1
2.3.3 docker inspect
$ docker run -it --name c2 centos:latest bash
[root@9f2eea16da4c /]#
# 操作说明
# 在上述提示符处按住 ctrl 键,再按 p 键与 q 键,可以退出交互式的容器,容器会处于运行状态。
# 可以看到容器处于运行状态
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9f2eea16da4c centos:latest "bash" 37 seconds ago Up 35 seconds c2
# docker inpect 查看容器详细信息
$ docker inspect c2
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "d3de2fdbc30ee36a55c1431ef3ae4578392e552009f00b2019b4720735fe5a60",
"EndpointID": "d1a2b7609f2f73a6cac67229a4395eef293f695c0ac4fd6c9c9e6913c9c85c1c",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
2.3.4 docker exec
# docker exec -it c2 ls /root
anaconda-ks.cfg anaconda-post.log original-ks.cfg
命令解释:
docker exec:在容器外实现与容器交互执行某命令-it:交互式c2:正在运行的容器名称ls /root:在正在运行的容器中运行相关的命令
下面命令与上面命令执行效果一致:
$ docker exec c2 ls /root
anaconda-ks.cfg
anaconda-post.log
original-ks.cfg
2.3.5 docker attach
# 查看正在运行的容器
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9f2eea16da4c centos:latest "bash" 13 minutes ago Up 13 minutes c2
# docker attach 类似于ssh命令,可以进入到容器中
$ docker attach c2
[root@9f2eea16da4c /]#
说明:docker attach 退出容器时,如不需要容器再运行,可直接使用 exit 退出;
如需要容器继续运行,可使用 ctrl+p+q
2.3.6 docker stop
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9f2eea16da4c centos:latest "bash" 22 minutes ago Up 22 minutes c2
$ docker stop 9f2eea
9f2eea
$ docker ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9f2eea16da4c centos:latest "bash" 22 minutes ago Exited (137) 4 seconds ago c2
2.3.7 docker start
$ docker ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9f2eea16da4c centos:latest "bash" 22 minutes ago Exited (137) 4 seconds ago c2
$ docker start 9f2eea
9f2eea
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9f2eea16da4c centos:latest "bash" 24 minutes ago Up 16 seconds c2
2.3.8 docker top
在 Docker Host 查看容器中运行的进程信息
$ docker top c2
UID PID PPID C STIME TTY TIME CMD
root 69040 69020 0 18:37 pts/0 00:00:00 bash
命令解释:
docker top 查看 container 内进程信息,指在 docker host 上查看,与 docker exec -it c2 ps -ef 不同。
输出说明:
- UID 容器中运行的命令用户ID
- PID 容器中运行的命令PID
- PPID 容器中运行的命令父PID,由于PPID是一个容器,此可指为容器在 Docker Host 中进程 ID
- C 占用CPU百分比
- STIME 启动时间
- TTY 运行所在的终端
- TIME 运行时间
- CMD 执行的命令
2.3.9 docker rm
如果容器已停止,使用此命令可以直接删除;如果容器处于运行状态,则需要提前关闭容器后,再删除容器。下面演示容器正在运行关闭后删除的方法。
2.3.9.1 指定删除容器
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9f2eea16da4c centos:latest "bash" 2 days ago Up 3 seconds c2
$ docker stop c2
# 或
$ docker stop 9f2eea16da4c
$ docker rm c2
# 或
$ docker rm 9f2eea16da4c
2.3.9.2 批量删除容器
$ docker ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
948f234e22a1 centos:latest "bash" 2 days ago Exited (0) 2 days ago c1
01cb3e01273c centos:latest "bash" 2 days ago Exited (0) 2 days ago systemimage1
46d950fdfb33 nginx:latest "/docker-ent..." 2 days ago Exited (0) 2 days ago upbeat_goldberg
$ docker ps --all | awk '{if (NR>=2){print $1}}' | xargs docker rm
2.3.10 docker restart
$ docker restart 9f2eea
2.3.11 docker prune
# 清理掉所有处于终止状态的容器
docker container prune
docker container prune -f # 不再需要输入-y进行确认
2.3.12 docker logs
# 查询日志
[root@bdc01 ~]# docker container logs 7ca560f1f38f
10.0.0.1 - - [26/Oct/2020:09:19:40 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36" "-"
10.0.0.1 - - [26/Oct/2020:09:19:41 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://bdc01/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36" "-"
2020/10/26 09:19:41 [error] 27#27: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.0.0.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "bdc01", referrer: "http://bdc01/"
# 相当于 tail -f 的功能,打开日志后在前台阻塞
docker container logs -f 7ca560f1f38f
# 展示更详细的日志
docker container logs -t 7ca560f1f38f
# 指定查看最后的几行
docker container logs --tail 10 7ca560f1f38f
# 这些参数都可以一起使用
docker container logs -tf --tail 10 7ca560f1f38f
浙公网安备 33010602011771号