Docker 实践指南 - Comet Blog

1. Docker概述#

1.1 什么是Docker#

Docker是一个开源的容器化平台，允许开发者将应用程序和其依赖项打包到一个轻量级、可移植的容器中。

Docker的核心特性：

一致性：在任何环境中运行都保持一致
轻量级：比传统虚拟机更轻量
快速部署：秒级启动和停止
版本控制：镜像版本化管理
资源隔离：容器间相互隔离

1.2 Docker架构#

1
┌─────────────────────────────────────────────────────────────┐
2
│                    Docker Client                            │
3
├─────────────────────────────────────────────────────────────┤
4
│                    Docker Daemon                            │
5
├─────────────────────────────────────────────────────────────┤
6
│  Registry  │  Images  │  Containers  │  Networks  │  Volumes │
7
└─────────────────────────────────────────────────────────────┘

核心组件：

Docker Client：命令行工具，与Docker Daemon通信
Docker Daemon：后台服务，管理容器生命周期
Registry：镜像仓库（Docker Hub、私有仓库）
Images：只读模板，用于创建容器
Containers：运行中的镜像实例
Networks：容器间通信网络
Volumes：持久化数据存储

1.3 容器与虚拟机对比#

特性	容器	虚拟机
启动时间	秒级	分钟级
资源占用	轻量	较重
隔离级别	进程级	系统级
镜像大小	MB级	GB级
性能	接近原生	有损耗

2. Docker安装与配置#

2.1 安装Docker#

1
# Ubuntu/Debian
2
sudo apt update
3
sudo apt install docker.io docker-compose
4
sudo systemctl start docker
5
sudo systemctl enable docker
6

7
# CentOS/RHEL
8
sudo yum install docker
9
sudo systemctl start docker
10
sudo systemctl enable docker
11

12
# macOS
13
brew install docker
14
# 或下载 Docker Desktop
15

16
# Windows
17
# 下载 Docker Desktop for Windows

2.2 配置Docker#

1
# 将用户添加到docker组（避免每次使用sudo）
2
sudo usermod -aG docker $USER
3
# 重新登录生效
4

5
# 配置镜像加速器（中国用户）
6
bash <(curl -sSL https://xuanyuan.cloud/docker.sh)
7

8
# 验证安装
9
docker --version
10
docker run hello-world

1
Docker version 20.10.21, build baeda1f
2
Hello from Docker!
3
This message shows that your installation appears to be working correctly.

3. 镜像操作#

3.1 镜像基础命令#

1
# 搜索镜像
2
docker search nginx
3

4
# 拉取镜像
5
docker pull nginx:latest
6
docker pull ubuntu:20.04
7
docker pull python:3.9-slim
8

9
# 查看本地镜像
10
docker images
11
docker image ls
12

13
# 查看镜像详细信息
14
docker inspect nginx:latest
15

16
# 删除镜像
17
docker rmi nginx:latest
18
docker image rm ubuntu:20.04
19

20
# 强制删除镜像（即使有容器在使用）
21
docker rmi -f nginx:latest
22

23
# 清理未使用的镜像
24
docker image prune -a

1
# docker images
2
REPOSITORY   TAG       IMAGE ID       CREATED        SIZE
3
nginx        latest    f652ca386ed0   2 weeks ago    141MB
4
ubuntu       20.04     ba6acccedd29   3 weeks ago    72.8MB
5
python       3.9-slim  a7b92c8b0b1c   4 weeks ago    113MB
6

7
# docker search nginx
8
NAME                           DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
9
nginx                          Official build of Nginx.                       18500     [OK]
10
jwilder/nginx-proxy           Automated Nginx reverse proxy for docker c...   2089                 [OK]
11
richarvey/nginx-php-fpm       Container running Nginx + PHP-FPM capable o...   820                  [OK]

3.2 镜像标签和推送#

1
# 给镜像打标签
2
docker tag nginx:latest my-nginx:v1.0
3
docker tag ubuntu:20.04 mycompany/ubuntu:latest
4

5
# 推送镜像到仓库
6
docker push mycompany/ubuntu:latest
7

8
# 从私有仓库拉取镜像
9
docker pull registry.example.com/myapp:v1.0
10

11
# 登录Docker Hub
12
docker login
13
# 输入用户名和密码
14

15
# 登出
16
docker logout

3.3 镜像历史和信息#

1
# 查看镜像构建历史
2
docker history nginx:latest
3

4
# 查看镜像详细信息
5
docker inspect nginx:latest | grep -A 10 "Config"
6

7
# 导出镜像为tar文件
8
docker save -o nginx.tar nginx:latest
9

10
# 从tar文件导入镜像
11
docker load -i nginx.tar
12

13
# 查看镜像占用空间
14
docker system df

4. 容器管理#

4.1 容器基本操作#

1
# 运行容器
2
docker run nginx:latest
3
docker run -d nginx:latest  # 后台运行
4
docker run -it ubuntu:20.04 /bin/bash  # 交互式运行
5

6
# 查看运行中的容器
7
docker ps
8
docker container ls
9

10
# 查看所有容器（包括停止的）
11
docker ps -a
12

13
# 停止容器
14
docker stop <container_id>
15
docker stop <container_name>
16

17
# 启动已停止的容器
18
docker start <container_id>
19

20
# 重启容器
21
docker restart <container_id>
22

23
# 删除容器
24
docker rm <container_id>
25
docker container prune  # 删除所有停止的容器

1
# docker ps
2
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS     NAMES
3
abc123def456   nginx     "/docker-entrypoint.…"   2 minutes ago   Up 2 minutes   80/tcp    nginx-container
4

5
# docker ps -a
6
CONTAINER ID   IMAGE          COMMAND                  CREATED         STATUS                     PORTS     NAMES
7
abc123def456   nginx          "/docker-entrypoint.…"   2 minutes ago   Up 2 minutes               80/tcp    nginx-container
8
def456ghi789   ubuntu:20.04   "/bin/bash"              5 minutes ago   Exited (0) 3 minutes ago             ubuntu-test

4.2 容器高级操作#

1
# 进入运行中的容器
2
docker exec -it <container_id> /bin/bash
3
docker exec -it nginx-container /bin/sh
4

5
# 查看容器日志
6
docker logs <container_id>
7
docker logs -f <container_id>  # 实时查看日志
8
docker logs --tail 100 <container_id>  # 查看最后100行
9

10
# 查看容器资源使用情况
11
docker stats
12

13
# 复制文件到容器
14
docker cp local_file.txt <container_id>:/path/in/container/
15

16
# 从容器复制文件
17
docker cp <container_id>:/path/in/container/file.txt ./
18

19
# 提交容器为镜像
20
docker commit <container_id> my-nginx:v1.1

4.3 容器端口映射与网络#

1
# 端口映射
2
docker run -d -p 8080:80 nginx:latest  # 主机8080端口映射到容器80端口
3
docker run -d -p 3000:3000 -p 8080:80 myapp:latest  # 多端口映射
4

5
# 指定容器名称
6
docker run -d --name my-nginx -p 8080:80 nginx:latest
7

8
# 设置环境变量
9
docker run -d -e MYSQL_ROOT_PASSWORD=123456 mysql:8.0
10

11
# 挂载数据卷
12
docker run -d -v /host/path:/container/path nginx:latest
13
docker run -d -v nginx_data:/usr/share/nginx/html nginx:latest
14

15
# 使用自定义网络
16
docker network create my-network
17
docker run -d --network my-network --name web nginx:latest
18
docker run -d --network my-network --name db mysql:8.0

5. Dockerfile与镜像构建#

5.1 Dockerfile基础语法#

1
# 基础镜像
2
FROM ubuntu:20.04
3

4
# 维护者信息
5
LABEL maintainer="your-email@example.com"
6

7
# 设置工作目录
8
WORKDIR /app
9

10
# 复制文件
11
COPY requirements.txt .
12
COPY src/ ./src/
13

14
# 安装依赖
15
RUN apt-get update && apt-get install -y \
16
    python3 \
17
    python3-pip \
18
    && rm -rf /var/lib/apt/lists/*
19

20
RUN pip3 install -r requirements.txt
21

22
# 暴露端口
23
EXPOSE 8080
24

25
# 设置环境变量
26
ENV FLASK_APP=app.py
27
ENV FLASK_ENV=production
28

29
# 启动命令
30
CMD ["python3", "app.py"]

5.2 多阶段构建#

1
# 构建阶段
2
FROM node:16 AS builder
3
WORKDIR /app
4
COPY package*.json ./
5
RUN npm install
6
COPY . .
7
RUN npm run build
8

9
# 运行阶段
10
FROM nginx:alpine
11
COPY --from=builder /app/dist /usr/share/nginx/html
12
EXPOSE 80
13
CMD ["nginx", "-g", "daemon off;"]

5.3 构建镜像#

1
# 构建镜像
2
docker build -t myapp:v1.0 .
3
docker build -f Dockerfile.prod -t myapp:prod .
4

5
# 指定构建参数
6
docker build --build-arg VERSION=1.0 -t myapp:v1.0 .
7

8
# 不使用缓存构建
9
docker build --no-cache -t myapp:v1.0 .
10

11
# 查看构建历史
12
docker history myapp:v1.0

1
# docker build -t myapp:v1.0 .
2
Sending build context to Docker daemon  2.048kB
3
Step 1/8 : FROM python:3.9-slim
4
 ---> a7b92c8b0b1c
5
Step 2/8 : WORKDIR /app
6
 ---> Running in abc123def456
7
 ---> def456ghi789
8
Step 3/8 : COPY requirements.txt .
9
 ---> abc123def456
10
Step 4/8 : RUN pip install -r requirements.txt
11
 ---> Running in def456ghi789
12
Collecting flask==2.0.1
13
  Downloading flask-2.0.1-py3-none-any.whl (94 kB)
14
Installing collected packages: flask
15
Successfully installed flask-2.0.1
16
 ---> ghi789jkl012
17
Step 5/8 : COPY . .
18
 ---> jkl012mno345
19
Step 6/8 : EXPOSE 8080
20
 ---> Running in mno345pqr678
21
 ---> pqr678stu901
22
Step 7/8 : ENV FLASK_APP=app.py
23
 ---> Running in stu901vwx234
24
 ---> vwx234yza567
25
Step 8/8 : CMD ["python", "app.py"]
26
 ---> Running in yza567bcd890
27
 ---> bcd890efg123
28
Successfully built bcd890efg123
29
Successfully tagged myapp:v1.0

6. Docker Compose编排#

6.1 docker-compose.yml基础#

1
version: '3.8'
2

3
services:
4
  web:
5
    build: .
6
    ports:
7
      - "8080:8080"
8
    environment:
9
      - DATABASE_URL=postgresql://user:pass@db:5432/myapp
10
    depends_on:
11
      - db
12
    volumes:
13
      - ./logs:/app/logs
14
    networks:
15
      - app-network
16

17
  db:
18
    image: postgres:13
19
    environment:
20
      - POSTGRES_DB=myapp
21
      - POSTGRES_USER=user
22
      - POSTGRES_PASSWORD=pass
23
    volumes:
24
      - postgres_data:/var/lib/postgresql/data
25
    networks:
26
      - app-network
27

28
  redis:
29
    image: redis:6-alpine
30
    networks:
31
      - app-network
32

33
volumes:
34
  postgres_data:
35

36
networks:
37
  app-network:
38
    driver: bridge

6.2 Compose命令操作#

1
# 启动服务
2
docker-compose up
3
docker-compose up -d  # 后台运行
4
docker-compose up --build  # 重新构建镜像
5

6
# 停止服务
7
docker-compose down
8
docker-compose down -v  # 同时删除数据卷
9

10
# 查看服务状态
11
docker-compose ps
12
docker-compose logs
13
docker-compose logs web  # 查看特定服务日志
14

15
# 进入服务容器
16
docker-compose exec web bash
17
docker-compose exec db psql -U user -d myapp
18

19
# 重启服务
20
docker-compose restart web
21

22
# 扩展服务实例
23
docker-compose up --scale web=3

1
# docker-compose up -d
2
Creating network "myapp_app-network" ... done
3
Creating volume "myapp_postgres_data" ... done
4
Creating myapp_db_1    ... done
5
Creating myapp_redis_1 ... done
6
Creating myapp_web_1   ... done
7

8
# docker-compose ps
9
     Name                    Command               State           Ports
10
--------------------------------------------------------------------------------
11
myapp_db_1      docker-entrypoint.sh postgres    Up      5432/tcp
12
myapp_redis_1   docker-entrypoint.sh redis ...   Up      6379/tcp
13
myapp_web_1     python app.py                    Up      0.0.0.0:8080->8080/tcp

6.3 高级Compose配置#

1
version: '3.8'
2

3
services:
4
  web:
5
    build:
6
      context: .
7
      dockerfile: Dockerfile.prod
8
      args:
9
        - VERSION=1.0
10
    deploy:
11
      replicas: 3
12
      resources:
13
        limits:
14
          cpus: '0.50'
15
          memory: 512M
16
        reservations:
17
          cpus: '0.25'
18
          memory: 256M
19
    healthcheck:
20
      test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
21
      interval: 30s
22
      timeout: 10s
23
      retries: 3
24
    restart: unless-stopped
25

26
  nginx:
27
    image: nginx:alpine
28
    ports:
29
      - "80:80"
30
    volumes:
31
      - ./nginx.conf:/etc/nginx/nginx.conf
32
    depends_on:
33
      - web

7. 网络管理#

7.1 Docker网络#

1
# 查看网络列表
2
docker network ls
3

4
# 创建自定义网络
5
docker network create my-network
6
docker network create --driver bridge --subnet 172.18.0.0/16 my-network
7

8
# 连接容器到网络
9
docker network connect my-network container1
10
docker network disconnect my-network container1
11

12
# 查看网络详细信息
13
docker network inspect my-network
14

15
# 删除网络
16
docker network rm my-network
17
docker network prune  # 删除未使用的网络

1
# docker network ls
2
NETWORK ID     NAME      DRIVER    SCOPE
3
abc123def456   bridge    bridge    local
4
def456ghi789   host      host      local
5
ghi789jkl012   none      null      local
6
jkl012mno345   my-network bridge    local
7

8
# docker network inspect bridge
9
[
10
    {
11
        "Name": "bridge",
12
        "Id": "abc123def456",
13
        "Created": "2023-06-30T10:00:00.000000000Z",
14
        "Scope": "local",
15
        "Driver": "bridge",
16
        "EnableIPv6": false,
17
        "IPAM": {
18
            "Driver": "default",
19
            "Options": null,
20
            "Config": [
21
                {
22
                    "Subnet": "172.17.0.0/16",
23
                    "Gateway": "172.17.0.1"
24
                }
25
            ]
26
        }
27
    }
28
]

8. 存储管理#

8.1 数据卷管理#

1
# 创建数据卷
2
docker volume create my-data
3

4
# 查看数据卷列表
5
docker volume ls
6

7
# 查看数据卷详细信息
8
docker volume inspect my-data
9

10
# 删除数据卷
11
docker volume rm my-data
12
docker volume prune  # 删除未使用的数据卷
13

14
# 备份数据卷
15
docker run --rm -v my-data:/data -v $(pwd):/backup ubuntu tar czf /backup/my-data.tar.gz -C /data .
16

17
# 恢复数据卷
18
docker run --rm -v my-data:/data -v $(pwd):/backup ubuntu tar xzf /backup/my-data.tar.gz -C /data

8.2 绑定挂载#

1
# 绑定挂载目录
2
docker run -d -v /host/path:/container/path nginx:latest
3

4
# 挂载单个文件
5
docker run -d -v /host/config.json:/app/config.json myapp:latest
6

7
# 只读挂载
8
docker run -d -v /host/path:/container/path:ro nginx:latest
9

10
# 使用命名卷
11
docker run -d -v nginx_data:/usr/share/nginx/html nginx:latest

9. 应用容器化示例#

9.1 Python Flask应用容器化#

1
from flask import Flask, jsonify
2
import os
3

4
app = Flask(__name__)
5

6
@app.route('/')
7
def hello():
8
    return jsonify({
9
        'message': 'Hello from Docker!',
10
        'version': os.getenv('VERSION', '1.0')
11
    })
12

13
@app.route('/health')
14
def health():
15
    return jsonify({'status': 'healthy'})
16

17
if __name__ == '__main__':
18
    app.run(host='0.0.0.0', port=8080)

1
Flask==2.0.1
2
gunicorn==20.1.0

1
# Dockerfile
2
FROM python:3.9-slim
3

4
WORKDIR /app
5

6
COPY requirements.txt .
7
RUN pip install -r requirements.txt
8

9
COPY . .
10

11
EXPOSE 8080
12

13
ENV VERSION=1.0
14

15
CMD ["gunicorn", "--bind", "0.0.0.0:8080", "app:app"]

1
version: '3.8'
2

3
services:
4
  web:
5
    build: .
6
    ports:
7
      - "8080:8080"
8
    environment:
9
      - VERSION=1.0
10
    volumes:
11
      - ./logs:/app/logs
12
    restart: unless-stopped

9.2 Node.js应用容器化#

1
# Dockerfile
2
FROM node:16-alpine
3

4
WORKDIR /app
5

6
COPY package*.json ./
7
RUN npm ci --only=production
8

9
COPY . .
10

11
EXPOSE 3000
12

13
CMD ["npm", "start"]

1
version: '3.8'
2

3
services:
4
  app:
5
    build: .
6
    ports:
7
      - "3000:3000"
8
    environment:
9
      - NODE_ENV=production
10
    depends_on:
11
      - redis
12
    restart: unless-stopped
13

14
  redis:
15
    image: redis:6-alpine
16
    volumes:
17
      - redis_data:/data
18

19
volumes:
20
  redis_data:

9.3 构建和部署#

1
# 构建镜像
2
docker build -t myapp:v1.0 .
3

4
# 运行容器
5
docker run -d -p 8080:8080 --name myapp myapp:v1.0
6

7
# 使用Compose部署
8
docker-compose up -d
9

10
# 查看应用状态
11
curl http://localhost:8080/
12
curl http://localhost:8080/health
13

14
# 查看日志
15
docker logs myapp
16
docker-compose logs web

1
# curl http://localhost:8080/
2
{
3
  "message": "Hello from Docker!",
4
  "version": "1.0"
5
}
6

7
# curl http://localhost:8080/health
8
{
9
  "status": "healthy"
10
}

10. 监控与调试#

10.1 容器检查命令#

1
# 查看容器详细信息
2
docker inspect <container_id>
3

4
# 查看容器资源使用
5
docker stats --no-stream
6

7
# 进入容器调试
8
docker exec -it <container_id> /bin/bash
9

10
# 查看容器进程
11
docker top <container_id>

10.2 日志管理#

1
# 查看容器日志
2
docker logs <container_id>
3

4
# 实时查看日志
5
docker logs -f <container_id>
6

7
# 查看最后100行
8
docker logs --tail 100 <container_id>

1
# docker-compose.yml 日志配置
2
version: '3.8'
3

4
services:
5
  web:
6
    build: .
7
    logging:
8
      driver: "json-file"
9
      options:
10
        max-size: "10m"
11
        max-file: "3"

11. 最佳实践#

11.1 镜像优化#

1
# 多阶段构建优化
2
FROM node:16-alpine AS builder
3
WORKDIR /app
4
COPY package*.json ./
5
RUN npm ci
6
COPY . .
7
RUN npm run build
8

9
FROM nginx:alpine
10
COPY --from=builder /app/dist /usr/share/nginx/html
11
EXPOSE 80
12
CMD ["nginx", "-g", "daemon off;"]
13

14
# 使用.dockerignore文件
15
node_modules
16
npm-debug.log
17
.git
18
.gitignore
19
README.md
20
.env
21
.nyc_output
22
coverage

11.2 安全实践#

1
# 使用非root用户
2
FROM node:16-alpine
3
RUN addgroup -g 1001 -S nodejs
4
RUN adduser -S nodejs -u 1001
5
USER nodejs
6

7
# 最小化攻击面
8
FROM alpine:latest
9
RUN apk add --no-cache nginx
10

11
# 扫描镜像漏洞
12
docker scan myapp:v1.0

11.3 资源限制#

1
# 资源限制
2
docker run -d \
3
  --memory=512m \
4
  --cpus=1.0 \
5
  --pids-limit=100 \
6
  myapp:v1.0
7

8
# 清理系统
9
docker system prune -a
10
docker builder prune
11

12
# 监控容器资源
13
docker stats

12. 高级主题#

12.1 Docker Swarm集群#

1
# 初始化Swarm
2
docker swarm init
3

4
# 添加工作节点
5
docker swarm join --token <token> <manager-ip>:2377
6

7
# 部署服务
8
docker service create --name web --replicas 3 -p 8080:8080 myapp:v1.0
9

10
# 查看服务
11
docker service ls
12
docker service ps web
13

14
# 扩展服务
15
docker service scale web=5

12.2 私有镜像仓库#

1
# 运行私有仓库
2
docker run -d -p 5000:5000 --name registry registry:2
3

4
# 推送镜像到私有仓库
5
docker tag myapp:v1.0 localhost:5000/myapp:v1.0
6
docker push localhost:5000/myapp:v1.0
7

8
# 从私有仓库拉取
9
docker pull localhost:5000/myapp:v1.0

参考资料#

Docker官方文档：https://docs.docker.com/
Docker Hub：https://hub.docker.com/
Docker Compose文档：https://docs.docker.com/compose/