一、拉取Redis镜像
docker pull redis #后面可以带上tag号, 默认拉取最新版本
二、创建挂载文件目录
mkdir -p ./docker/redis/data #创建redis存在数据目录
mkdir -p ./docker/redis/conf #创建redis配置文件目录
三、增加配置文件
从网上下载一个linux的redis.conf 【http://download.redis.io/releases/下载对应版本的redis】
vi /docker/redis/redis.conf ## 1.允许远程连接 # bind 127.0.0.1 protected-mode no ## 2.持久化 appendonly yes ## 3.密码 requirepass `password`
四、安装redis
docker run -itd --net=host --name=myredis -v $PWD/docker/redis/data:/redis/data -v $PWD/docker/redis/conf/redis.conf:/etc/redis/redis.conf redis --requirepass "Yunzhisheng123"
-
-d: 后台运行容器,并返回容器ID;
-
-i: 以交互模式运行容器,通常与 -t 同时使用;
- -t: 为容器重新分配一个伪输入终端,通常与 -i 同时使用;
- --net=host: 指定容器的网络连接类型,支持 bridge/host/none/container:<name|id> 四种类型【不配置,通过宿主机ip,外界没法访问redis】
- --name=myredis : 为容器指定一个名称;
- -v:文件挂载
- -p:指定端口映射,格式为:主机(宿主)端口:容器端口
- --requirepass: 连接密码【备注:发现我的redis.conf文件密码没生效,暂时还没找到原因,回头再补充,另外该处的密码不允许带 ! 等某些特殊字符,否则运行时候会报错】
如果采用--net=host类型,使用-p或者-P会告警提示 WARNING: Published ports are discarded when using host network mode,原因是:当你是host模式的时候,主机会自动把他上面的端口分配给容器,这个时候使用-p或者-P是无用的。有关--net指令要多说明下:
bridge: The default network driver. If you don’t specify a driver, this is the type of network you are creating. Bridge networks are usually used when your applications run in standalone containers that need to communicate. See bridge networks. In terms of networking, a bridge network is a Link Layer device which forwards traffic between network segments. A bridge can be a hardware device or a software device running within a host machine’s kernel. In terms of Docker, a bridge network uses a software bridge which allows containers connected to the same bridge network to communicate, while providing isolation from containers which are not connected to that bridge network.
The Docker bridge driver automatically installs rules in the host machine so that containers on different bridge networks cannot communicate directly with each other. Bridge networks apply to containers running on the same Docker daemon host. For communication among containers running on different Docker daemon hosts, you can either manage routing at the OS level, or you can use an overlay network. When you start Docker, a default bridge network (also called bridge) is created automatically, and newly-started containers connect to it unless otherwise specified. You can also create user-defined custom bridge networks.
User-defined bridge networks are superior to the default bridge network. 以上信息可得到几点:1、桥接类型是容器默认的连接类型;2、连接上同一网桥的容器可以互相之间通讯,否则容器彼此隔离 host: For standalone containers, remove network isolation between the container and the Docker host, and use the host’s networking directly. host is only available for swarm services on Docker 17.06 and higher. See use the host network. If you use the host network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated. For instance,
if you run a container which binds to port 80 and you use host networking, the container’s application is available on port 80 on the host’s IP address. Note: Given that the container does not have its own IP-address when using host mode networking, port-mapping does not take effect, and the -p, --publish, -P, and --publish-all option are ignored, producing a warning instead: WARNING: Published ports are discarded when using host network mode 以上信息告知:1、host模式下,容器之间可以互相访问,共享宿主机ip和网络;2、host模式下不要使用-p、-P、-publish、-publish-all指令
更多参考官方文档:https://docs.docker.com/network/
host模式设计,可以直接访问主机的地址和端口,就能访问到我们的容器,使容器直接暴露在公网下,但是这却对docker的隔离性造成了破坏,使得安全性大大降低。这种模式有利也有弊。
注:如果外网依然连接不上docker容器中的redis,查看宿主机防火墙和端口状态,具体操作详见:https://www.cnblogs.com/yizhipanghu/p/11171211.html