Docker從入門到動手實踐

一些理論知識，我這里就不累贅了

docker 入門資料，參考：https://yeasy.gitbooks.io/docker_practice/content/

 

Dockerfile常用命令，圖片來源於網絡

 

Dockerfile 打包控制台應用程序

 新建一個控制台程序，控制台程序添加一個文本文件，去掉.txt 擴展名，改成Dockerfile 輸入以下代碼

FROM microsoft/dotnet:sdk AS build
WORKDIR /code
COPY *.csproj /code
RUN dotnet restore

COPY . /code
RUN dotnet publish -c Release -o out

FROM microsoft/dotnet:runtime
WORKDIR /app
COPY --from=build /code/out /app
ENTRYPOINT ["dotnet","console.dll"]

 

Program.cs 中編寫測試代碼

 

 一切准備完成。就是build把項目打包成鏡像了

切換到當前項目路徑下。輸入：  docker build -t cn/console:v1 . 

docker build -t ：是打包固有的命令

cn/console:v1 ：

cn：是組織名稱或者說是用戶名，如果你想把自己的鏡像push到hub.docker 上，cn必須是你自己的用戶名

console：是鏡像名稱

v1：是tag。一個標簽，可以用來區分同一個鏡像，不同用途。，如果不指定。默認是latest

. ：代表當前目錄為上下文，dockerfile也必定是在當前目錄下

回車后，會看到一系列的執行步驟，dockerfile中。一條命令就是一個步驟

 

 通過 docker images 可以查看所有鏡像

通過docker images cn/console 查看相關鏡像

比如我本地有3個 cn/console鏡像，但tag不同

 

既然鏡像有了。那么就可以根據鏡像生成容器了。容器是鏡像的一個實例。鏡像運行起來才會有容器，就跟類和對象一樣，new一個類，是實例化的操作

 輸入命令：

docker run --name myfirst cn/console:v1

 

 

因為是占用前端線程運行容器，所有界面無法繼續輸入命令了。可以Ctrl+c 結束容器運行

 從上面的dockerfile。你會發現，我們是把源碼打包成鏡像的。也就是執行了restore，到Release操作

其實如果你是已經Release后的文件了。dockerfile可以更簡單

FROM microsoft/dotnet
WORKDIR /app
COPY . /app
CMD ["dotnet","run"]

 

 以上就是一個基礎的程序打包成鏡像，我覺得這不是重點，常用的應該是應用程序，而不是控制台程序

 

后面打算把net core api打包成鏡像。在講這個之前，我們先來搭建好環境。

 

Docker mysql

因為我有個阿里雲服務器（CentOS7），然后有2台筆記本，一個是Docker for Windows 環境，一個是CentOS7，所以經常會在這3個環境中來回折騰

兩種系統還是有區別的，至少我弄的時候，遇到過不少問題

1：for Windows中默認拉起的鏡像都在C盤。會導致C盤越來越大，建議遷移

 

如果遷移的盤。比如我這個E盤。路徑中已經存在MobyLinuxVM.vhdx 。是遷移不過的。要刪除，但之前的鏡像都沒有了

如果你想保存，先重命名MobyLinuxVM.vhdx，遷移后。刪除之后的。之前的重命名回來即可

 

2：共享盤。為了數據卷掛載用

 

 3：配置鏡像加速（https://hlef8lmt.mirror.aliyuncs.com）

 

 然后可以去hub.docker上尋找需要的鏡像，官方的mysql有2個鏡像

 

 

 當然你通過命令也可以收索到：  docker search mysql 

 

 

 

 首先來看docker mysql

准備需要掛載的目錄和文件，上面我設置的共享盤是D盤，所以掛載的在D盤

 

my.cnf配置文件，主要是設置mysql的參數

[mysqld]
user=mysql
character-set-server=utf8
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8

data是空的。當run的時候，mysql會寫入文件

sql是需要在運行myslq后執行的初始化文件，比如我這里是給剛創建的用戶名分配權限

這里為了說明sql是執行成功的。我在加條。創建數據庫的sql，創建數據庫 docker和user表，並插入一條數據

GRANT ALL PRIVILEGES ON *.* TO 'test'@'%' WITH GRANT OPTION;
Create DATABASE docker;
USE docker;
CREATE TABLE user (ID int auto_increment primary key,name nvarchar(20),address nvarchar(50));
insert into user(name,address)values('劉德華','香港');

初始化后就執行的好處是。不用在run后，去手動執行，關於run后手動執行，

可以查看我之前的docker安裝mysql https://www.cnblogs.com/nsky/p/10413136.html

全部配置完成后，開始敲命令，以下命令需要去掉注釋

docker run -d -p 3306:3306 
--restart always #總是自動重啟。比如系統重啟，該容器會自動啟動
-e MYSQL_USER=test #創建用戶名test
-e MYSQL_PASSWORD=123456 #test密碼
-e MYSQL_PASSWORD_HOST=% #test 開啟外部登陸
-e MYSQL_ROOT_PASSWORD=123456  #root密碼
-e MYSQL_ROOT_HOST=% #root開啟外部登陸
-v /d/docker/mysql/my.cnf:/etc/my.cnf #配置文件
-v /d/docker/mysql/sql:/docker-entrypoint-initdb.d #初始化的sql
-v /d/docker/mysql/data:/var/lib/mysql  #data文件
--name mysql #鏡像名稱
mysql #基於那個鏡像創建容器

 

執行成功沒有異常后。通過  docker ps  可以查看運行的容器，如果沒有， 那就通過 docker ps -a 一定會有的

現在可以通過Navicat連接試試

 

創建了docker庫。user表也有數據，能看到mysql庫，說明test用戶是有權限的

 

 

 當我使用mysql-server 鏡像時，創建容器會無法啟動

可以看到。啟動失敗后。又繼續重啟，因為參數指定了restart always

 

 輸入命令  docker logs mysql  查看啟動日志

 

 最后在my.cnf中加這個，經測試，啟動成功，就不一一放圖了

 

 數據庫准備好了，那么就快速的構建一個net core api 接口

1：引入NugGet包，MySql.Data.EntityFrameworkCore

2：創建DbContext

using Docker.Api.Model;
using Microsoft.EntityFrameworkCore;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Docker.Api.Data
{
    public class DbUserInfoContext : DbContext
    {
        public DbUserInfoContext(DbContextOptions<DbUserInfoContext> options) : base(options) { }

        public DbSet<UseInfo> userInfos { get; set; }

        /// <summary>
        /// 模型創建時觸發
        /// </summary>
        /// <param name="modelBuilder"></param>
        protected override void OnModelCreating(ModelBuilder modelBuilder)
        {
            /*
             修改表名和主鍵，user對應數據庫的表，mysql默認是區分大小寫的
             查看：show variables like '%lower%';
            lower_case_table_names 為 0 區分，1 不區分
             */
            modelBuilder.Entity<UseInfo>(b => b.ToTable("user").HasKey(u => u.id));

            //or
            //modelBuilder.Entity<user>()
            //    .ToTable("user")
            //    .HasKey(u => u.id);

            base.OnModelCreating(modelBuilder);
        }
    }
}

 

3：添加UserInfo控制器

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Docker.Api.Data;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;

namespace Docker.Api.Controllers
{
    [Route("api/[controller]")]
    [ApiController]
    public class UserInfoController : ControllerBase
    {
        private DbUserInfoContext _DbUserInfoContext;
        public UserInfoController(DbUserInfoContext context)
        {
            _DbUserInfoContext = context;
        }
        [HttpGet]
        public async Task<IActionResult> Get()
        {
            return new JsonResult(await _DbUserInfoContext.userInfos.FirstOrDefaultAsync());
        }
    }
}

4：配置sql連接字符串： server=localhost;port=3306;userid=test;password=123456;database=docker 

 

 

 

run項目。訪問能成功獲取信息

 

容器互連，Docker Network

接下來我們把這個api也打包成鏡像，然后基於該鏡像創建容器，然后連接mysql鏡像的容器。這稱之為容器互連

容器互連有3種方式

1：Link方式。已經被docker淘汰，docker官方不推薦使用該方式

2：Bridger，橋接的方式，單台機器用

3：Overlay 適用於集群時候用

 

Overlay 就我目前環境不適合測試，集群也不懂。就不搞了

說說LInk和Bridger方式，具體理論知識請看docker官方文檔。我這里只實踐

 

現在一切來回憶下

剛上面打包控制台應用程序用的是：microsoft/dotnet 鏡像

然后后面帶上tag

比如：

Micirosoft/dotnet:sdk	包含了運行時和sdk命令，打包后會很大，因為包含sdk，一般用於測試環境
Microsoft/dotnet:<version>-runtime	包含運行時，不包含sdk，打包后就很小了，一般用於正式環境
Microsoft/dotnet:<version>-runtime-deps	打包的時候，會自包含runtime，也就是部署的機器有沒有runtime是沒有關系 上面2種，必須機器要包含core環境

 

 

 

 

 

 

修改程序port運行在80上

 

編寫api的Dockerfile

我這里用的sdk，因為要用到sdk命令比如dotnet restore，dotnet publish

如果已經publish的文件，直接用runtime會方便很多。上面也有提及

#FROM mcr.microsoft.com/dotnet/core/sdk:2.2 AS build
FROM microsoft/dotnet:2.2-sdk AS build
WORKDIR /src
WORKDIR /source
#這里的后面的 . 就是/source 路徑
#或者 COPY *.csproj /source
COPY *.csproj .
RUN dotnet restore
COPY . .
# 發布到 /source/out 下
RUN dotnet publish -c Release -o out

#FROM mcr.microsoft.com/dotnet/core/runtime:2.2
FROM microsoft/dotnet:2.2-aspnetcore-runtime
WORKDIR /app
COPY --from=build /source/out .
EXPOSE 80
ENTRYPOINT ["dotnet","Docker.Api.dll"]

 

開始build項目 docker build -t cn/myapi . 

 

可以看到。這里沒有指定tag。所以默認是latest，size也不大

 

 成功后開始run一個容器，不過這之前要先：

准備掛載目錄。因為配置文件 appsettings 會需要動態配置，所以掛載出來

還有，比如一個網站都有log日志，這些也需要掛載出來。便於管理。

我這里就只掛載appsettings.json

 

 

 執行命令：

docker run -d -p 80:80 --restart always --link mysql:mysqldb -v /d/docker/myapi/appsettings.json:/app/appsettings.json --name api cn/myapi

 

 分析：

--restart always :總是重啟

-d：是在后台執行

-p 80:80 ：第一個80是暴露給外部的。第二個80是程序的。

--link mysql:mysqldb : mysql是容器名稱，mysqldb是自定義名稱，可以理解為服務器

-v /d/docker/myapi/appsettings.json:/app/appsettings.json：這里就是掛載外部的數據卷了

也許你會問。我怎么知道這個路徑的：/app/appsettings.json。從編寫的dockerfile能分析出來，待會也可以進入容器看看

最有的工作目錄是 根路徑下： /app

 

然后通過頁面訪問試試

 

 

 

 發現依然無法訪問，因為修改appsettings.json的連接方式

記住這里是修改D:\docker\myapi\appsettings.json ,因為已經掛載出來

把server改成mysqldb，然后重啟容器： docker restart api 

 

 

再次刷新頁面

 

 

 我們 進入容器看看： docker exec -it api bash 可以看到根目錄下存在app目錄

 

進入app目錄

 

 

個人認為link方式是最簡單的。在這3種中，接下來看看Bridge方式

1：首先創建一個網絡 network，名稱叫api2bridge

 docker network create -d bridge api2bridge 

 

通過： docker network ls 可以查看到已經創建成功

 

2：實例化容器

為了區別於上面的80端口，這里新增一個8081

 docker run -d -p 8081:80 --restart always  -v /d/docker/myapi/appsettings.json:/app/appsettings.json --net api2bridge --name api2 cn/myapi

 創建容器的時候，自定network 這里的--net api2bridge 就是上面的bridge

 

3：連接2個容器，通過： docker network connect api2bridge mysql  把api2和mysql連接起來

 

 4：修改appsettings.json  server=mysql 

 

 5 : restart 容器，如果是在創建容器前修改的配置文件。是不需要重啟的，測試通過

 

 

 

 看看這兩個容器是怎么連接的。通過命令：  docker inspect api2bridge 可以查看對象的元數據（容器或者網絡）

 

 

 分別看看；

docker inspect api2

 

 

 

 

docker inspect mysql

 

 

 

 你會發現mysql有個"IPAddress":地址，

 

 上面我們在api2中的appsettings.json的server是直接些的容器名稱：mysql。也可以直接些這個ip地址。比如： server=172.20.0.3 同樣是可以的。

 Overlay方式就不講了。因為我也不知道。哈哈

 

docker-compose 容器編排

通過這幾個例子你會發現。2個容器要部署2個，如果項目依賴mysql，redis，MQ等等。那得部署多次，如此重復性的工作會影響效率

所以有了docker-compose，compose

參考：https://yeasy.gitbooks.io/docker_practice/content/compose/install.html

安裝：

sudo curl -L https://github.com/docker/compose/releases/download/1.17.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

 

安裝完成后，可以通過： docker-compose --version 查看版本

 

 通過： docker-compose --help 查看基本的命令

 

 

 不過我英文不好，就通過百度翻譯了，翻譯得有點生硬。僅供參考

Commands:
  build              建立或重建服務
  bundle             從撰寫文件生成Docker捆綁包
  config             驗證並查看撰寫文件
  create             創建服務
  down               停止並刪除容器、網絡、圖像和卷
  events             從容器接收實時事件
  exec               在正在運行的容器中執行命令
  help               獲取有關命令的幫助
  images             列表圖像
  kill               殺死容器
  logs               查看容器的輸出
  pause              暫停服務
  port               打印端口綁定的公共端口
  ps                 列表容器
  pull               拉取服務圖像
  push               推送服務圖像
  restart            重新啟動服務
  rm                 移除停止的容器
  run                運行一次性命令
  scale              設置服務的容器數
  start              啟動服務
  stop               停止服務
  top                顯示正在運行的進程
  unpause            取消暫停服務
  up                 創建和啟動容器
  version            顯示Docker撰寫版本信息

 

目前為止已經有3個容器了，

 

為了區別於之前的mysql和api和api2，這里命名要修改，編寫在程序根目錄下添加docker-compose.yml文件

compose用的是yml語法。可以參考阮一峰些的文章

http://www.ruanyifeng.com/blog/2016/07/yaml.html

 

項目准備。依然在上面的api項目中添磚加瓦

還記得上面初始化的創建docker庫，user表嗎。這里我們通過在代碼中來實現，

場景：創建myslq的時候，判斷數據庫是否有數據，否則新增一條數據

技術棧：項目依賴mysql，redis，其實我工作中用的都是mssql，所以待會也會介紹

 1：init.sql 只保留一條sql語句

 

 2：新增UserInit類。用於初始化數據

using Microsoft.AspNetCore.Builder;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Docker.Api.Data
{
    public class UserInit
    {
        private ILogger<UserInit> _logger;

        public UserInit(ILogger<UserInit> logger)
        {
            _logger = logger;
        }

        public static async Task InitData(IApplicationBuilder app, ILoggerFactory loggerFactory)
        {

            using (var scope = app.ApplicationServices.CreateScope())
            {
                var context = scope.ServiceProvider.GetService<DbUserInfoContext>();
                var logger = scope.ServiceProvider.GetService<ILogger<UserInit>>();
                logger.LogDebug("begin mysql init");
                context.Database.Migrate();
                if (context.userInfos.Count() <= 0)
                {
                    context.userInfos.Add(new Model.UseInfo
                    {
                        name = "admin",
                        address = "博客園"
                    });
                    context.SaveChanges();
                }
            }
            await Task.CompletedTask;
        }
    }
}

 

程序啟動調用：

 

3：實體類

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Docker.Api.Model
{
    public class UseInfo
    {
        public int id { get; set; }
        public string name { get; set; }
        public string address { get; set; }
    }
}

 

4：DbContext 上面也列出，這里就不展示了

5：RedisHelper網絡有。這里也不提了

只准備2個接口。用於測試redis。一個讀，一個寫

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;

namespace Docker.Api.Controllers
{
    [Route("api/[controller]")]
    [ApiController]
    public class RedisController : ControllerBase
    {
        [HttpPost]
        public void Post()
        {
            RedisCommon.GetRedis().StringSet("docker", "hello", TimeSpan.FromMinutes(1));
        }
        [HttpGet]
        public string Get()
        {
            var docker = RedisCommon.GetRedis().GetStringKey("docker");
            if (docker.HasValue) return docker.ToString();
            return "empty";
        }
    }
}

 

6：根據Model生成Migration，這里簡單過一下，具體參考我之前的：https://www.cnblogs.com/nsky/p/10323415.html

調出程序包管理控制台

 

 輸入： Add-Migration init 

 

 如果成功了就會這樣：

 

 編寫docker-compose.yml 文件，我這里的注釋是便於理解。盡量不要寫

注：我是直接在項目中創建的文本文件，然后修改后綴名

在網絡上看到說。如果是在外部創建的記事本。要修改編碼為：ASCII編碼格式，我未測試

 

version: '3'

services:
  db:
    image: mysql
    container_name: 'mysql01'
    command: --character-set-server=utf8 --collation-server=utf8_general_ci
    restart: always
    ports:
      - '3307:3306'
    environment:
      MYSQL_USER: test
      MYSQL_PASSWORD: 123456
      MYSQL_PASSWORD_HOST: '%'
      MYSQL_ROOT_PASSWORD: 123456
      MYSQL_ROOT_HOST: '%'
    volumes:
      - /d/docker/mysql02/my.cnf:/etc/my.cnf
      - /d/docker/mysql02/data:/var/lib/mysql
      - /d/docker/mysql02/SqlInit:/docker-entrypoint-initdb.d
  redis:
    image: redis
    container_name: 'redis'
    command: redis-server /usr/local/etc/redis/redis.conf 
    restart: always
    ports:
      - '6379:6379'
    environment:
      requirepass: 123456 #redis密碼
      appendonly: 'yes' #redis是否持久化
    volumes:
      - /d/docker/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf
      - /d/docker/redis/data:/data #這里會保存持久化數據
  web:
    build: . #會執行當前目錄下面的dockerfile文件
    container_name: 'api3' #容器名稱
    restart: always # web依賴於db，如果web比db啟動快。就連接不上db導致web異常，web容器啟動失敗，restart可以不斷重試，直到連接為止
    volumes:
      - /d/docker/myapi/appsettings.json:/app/appsettings.json
    ports:
      - '8082:80'
    depends_on: #依賴db容器，並不代表執行順序
      - db
      - redis

 

如果想看編寫的yml文件是否正確，可以去在線的網站，驗證是否正確，比如：http://nodeca.github.io/js-yaml/

 切換到當前目錄輸入：  docker-compose build 會開始build項目成鏡像

 

 查看鏡像：名字叫dockerapi_web

 

 輸入命令： docker-compose up 會開始創建容器並啟動

 

輸出的日志太多。這里只點幾個有用的看

EFcore插入Migration歷史記錄

 

 創建表:

 

 

 直到最后，程序阻塞。顯示成功，因為這里沒用用 -d 會阻塞，調試的時候不建議 -d

 

 

 然后新打開一個PowerShell，輸入docker ps 查看運行的容器

 

 分別測試是否成功

 

 

 

 

 同樣驗證redis，用RedisDesktopManager連接

 

 

從容器可以看出api3端口是8082，嘗試訪問下

 

 

 測試寫redis，打開Postman寫入Redis

 

 

 寫人成功

 

那么讀取就不是什么大問題了

 

 

 

 

問題匯總：

如果你修改了代碼，需要重新build。那么先刪除容器： docker-compose down 會停止容器並刪除

 docker-compose ps  查看容器列表

 

   docker-compose up -d   后端運行，不阻塞前端

 

  docker-compose restart  重啟所有容器。

 

 

 自此所有容器成功運行，但我感覺還不夠，因為一直都是在windos上玩。而沒有上CentOS7,可我又不缺CentOS環境。所以要玩一把

net core Api 跨平台部署

技術棧：Jexus，mysql，mssql，redis

關於jexus部署net core 可以參考我前面寫的文章：https://www.cnblogs.com/nsky/p/10386460.html

既然要加入新的成員。jexus 和 mssql，那么就得修改docker-compose文件

 在通過docker-compose統一打包前，我們先來單獨玩玩mssql

准備數據卷掛載目錄

 

 data：保存數據庫文件

sql：執行的腳本。mssql沒有mysql的docker-entrypoint-initdb.d 掛載，啟動mysql就執行sql。這里sql文件夾

雖然保存的是.sql文件。但要手動執行，不知道是不是我沒有找到具體的方案

sql里面放一個init.sql文件。編寫sql腳本如下

 

 這里要注意一點，一條語句完成必須要帶一個Go語句

參考官方文檔：

https://docs.microsoft.com/zh-cn/sql/linux/quickstart-install-connect-docker?view=sql-server-2017&pivots=cs1-bash

https://docs.microsoft.com/zh-cn/sql/linux/tutorial-restore-backup-in-sql-server-container?view=sql-server-2017

鏡像文檔：https://hub.docker.com/_/microsoft-mssql-server

//注釋部分
docker run -d -p 1433:1433 \
-e ACCEPT_EULA=Y \ #確認您接受最終用戶許可協議。
-e SA_PASSWORD=DockerPwd123 \ #強大的系統管理員（SA）密碼：至少8個字符，包括大寫，小寫字母，基數為10的數字和/或非字母數字符號。
-e MSSQL_PID=Express \ #版本（Developer，Express，Enterprise，EnterpriseCore）默認值：Developer  
-v /docker/mssql:/var/opt/mssql \  # 映射數據庫
v /d/docker/mssql/sql:/script #把需要執行的腳本放這里，script路徑隨便改，不是初始化執行，是手到執行
--name mssql #容器名稱
mcr.microsoft.com/mssql/server #鏡像

 

執行成功后。數據卷掛載目錄。生成了文件

 

 

此時data也有默認的數據庫了

 

 通過 MSSMS(  Microsoft SQL Server Management Studio )連接試試

 

 剛上面說了sql中文件是沒有被執行的。必須手動執行。

手動執行前，先來看看其他一些相關命令

進入容器后： docker exec -it mssql bash 

登陸數據庫：localhost也可以用指定的ip代替，如果有端口。則帶端口號即可

/opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P DockerPwd123

-S 是服務器，不管端口是多少，都不用寫
-U 是用戶名 
-P 是密碼

如果出現 1> 說明的登陸成功了

 

可以輸入語句：select getdate() 試試，回車后，需要加Go語句，不過日期怎么不對？好像是相差8個時區

 

修改時區，可以通過TZ變量

docker run -e TZ="Asia/Shanghai" -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=DockerPwd123' -e MSSQL_PID=Express -p 1433:1433 --name mssql -d mcr.microsoft.com/mssql/server

官網文檔：https://docs.microsoft.com/zh-cn/sql/linux/sql-server-linux-configure-docker?view=sql-server-2017#tz

 

 執行sql中的文件

登陸容器后執行操作： /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P DockerPwd123 -i /script/init.sql 

 

掛載目錄也有，這樣就算容器無法進入。數據庫也存在

 

 

 

由於時間問題，docker-compose 就不加入mssql，只加jexus，修改docker-compose如下

直接上docker-compose文件

version: '3'

services:
  db:
    image: mysql
    container_name: 'mysql'
    command: --character-set-server=utf8 --collation-server=utf8_general_ci
    restart: always
    ports:
      - '3306:3306'
    environment:
      MYSQL_USER: test
      MYSQL_PASSWORD: 123456
      MYSQL_PASSWORD_HOST: '%'
      MYSQL_ROOT_PASSWORD: 123456
      MYSQL_ROOT_HOST: '%'
    volumes:
      - /docker/mysq/my.cnf:/etc/my.cnf
      - /docker/mysql/data:/var/lib/mysql
      - /docker/mysql/sql:/docker-entrypoint-initdb.d
  redis:
    image: redis
    container_name: 'redis'
    command: redis-server /usr/local/etc/redis/redis.conf 
    restart: always
    ports:
      - '6379:6379'
    environment:
      requirepass: 123456 #redis密碼
      appendonly: 'yes' #redis是否持久化
    volumes:
      - /docker/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf
      - /docker/redis/data:/data #這里會保存持久化數據
  jexus:
    image: byniqing/jexus
    container_name: 'jexus'
    ports:
      - '80:8803'#前一個80是暴露外部的，后一個8803是jexus監聽的的。也就是配置文件中port=8803，此端口必須要開通
    restart: always
    volumes:
      - /docker/jexus/www:/var/www
      - /docker/jexus/siteconf:/usr/jexus/siteconf
      - /docker/jexus/log:/usr/jexus/log
    #depends_on:
      #- web
  web:
    build: . #會執行當前目錄下面的dockerfile文件
    container_name: 'api' #容器名稱
    restart: always # web依賴於db，如果web比db啟動快。就連接不上db導致web異常，web容器啟動失敗，restart可以不斷重試，直到連接為止
    volumes:
      - /docker/myapi/appsettings.json:/app/appsettings.json
    ports:
      - '8802:80'#8802端口必須開啟，如果是阿里雲。添加入棧規則，jexus配置。代理到8802即可，瀏覽器直接訪問這個port也能訪問
    depends_on: #依賴db容器，並不代表執行順序
      - db
      - redis

 

分析：

1：jexus我用了自己打包后的鏡像。然后push到hub.docker上去了，大家也可以打包一個自己的。方便以后測試，升級，當然直接用給我這個也可以，dockerfile 如下：

FROM debian:latest
MAINTAINER xxx <xxx@xxx.com>

RUN apt-get update \
        && apt-get -y install wget \
        && cd /usr \
        && wget https://www.linuxdot.net/down/jexus-5.8.3-x64.tar.gz \
        && tar -zxvf jexus-5.8.3-x64.tar.gz \
        && apt-get -y autoremove --purge wget \
        && rm -rf /var/lib/apt/lists/* jexus-5.8.3-x64.tar.gz

EXPOSE 80
WORKDIR /usr/jexus
CMD /usr/jexus/jwss

 

2：web中的ports暴露了8802端口，需要開通該端口

3：jexus文件配置：reproxy=/  ip:8802（繞過容器內部，直接訪問容器，所以直接在瀏覽器也是直接可以訪問的），或者reproxy=/ web:80 （容器互聯）

 

然后你會發現通過ip:80和ip:8802都能訪問，

一個是通過jexus訪問。一個是繞過了jexus直接訪問了api接口，那怎么行呢，那么jexus就沒有存在的用意了

所以：我們應該不暴露web端口，即屏蔽掉ports

 

 然后重新修改jexus，通過容器名稱訪問： reproxy=/ web:80 

因為compose打包后后是在同一個網絡中：

比如： docker-compose ps 可以查看當前服務下的所有容器

 

那怎么判斷當前容器使用的那些網絡呢？

可以查看當前某個容器的元數據：比如我們來看mysql的： docker inspect mysql 也可以看出Networks節點信息

 

 

 通過： docker network ls  查看當前網絡，存在 dockerapi_default

 

那么就可以通過： docker inspect dockerapi_default 查看下dockerapi_default網絡的元數據

可以看到Containers節點下。docker-compose中定義的4個容器，並且ip4都在192.168.48.x/20

 

不知道你跟是否有同一個疑問，雖然api沒有暴露接口，但api和jexus。tcp都是80

那我直接訪問ip地址怎么確定一定就是訪問的jexus。而不是Api呢。那么我們來改造一下，jexus暴露8802，api內部依然是80

 

 從新打包，查看容器：

 

然后瀏覽器輸入：ip:8802/api/values 訪問成功

輸入：ip/aip/values 訪問失敗

那么這樣就達到了只能通過jexus訪問到我的aip了

 

修改掛載文件

使用數據卷，文件掛載到宿主機就是為了方便修改，這里拿redis為例

我們在創建redis的時候有個掛載目錄為： /docker/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf 

redis.conf這個就是redis的配置文件。可以自行修改， 

去網上下載一個對應版本的配置文件放進去即可：http://download.redis.io/releases/

比如上面的默認密碼是：123456，我們來改成7890

1：注釋掉，bind 127.0.0.1

 

 2：修改，requirepass  值，是不是發現requirepass 跟docker-compose 中變量是同一個

 

 3：重啟redis

4：測試連接成功，

 

進入redis容器。查看 /usr/local/etc/redis/redis.conf  

你會發現，redis.conf是同步更新的，這里就不截圖了

 

放一個redis.confi文件

 

# Redis configuration file example

# Note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5GB 4M and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
# units are case insensitive so 1GB 1Gb 1gB are all the same.

################################## INCLUDES ###################################

# Include one or more other config files here.  This is useful if you
# have a standard template that goes to all Redis servers but also need
# to customize a few per-server settings.  Include files can include
# other files, so use this wisely.
#
# Notice option "include" won't be rewritten by command "CONFIG REWRITE"
# from admin or Redis Sentinel. Since Redis always uses the last processed
# line as value of a configuration directive, you'd better put includes
# at the beginning of this file to avoid overwriting config change at runtime.
#
# If instead you are interested in using includes to override configuration
# options, it is better to use include as the last line.
#
# include .\path\to\local.conf
# include c:\path\to\other.conf

################################## NETWORK #####################################

# By default, if no "bind" configuration directive is specified, Redis listens
# for connections from all the network interfaces available on the server.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
#
# Examples:
#
# bind 192.168.1.100 10.0.0.1
# bind 127.0.0.1 ::1
#
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
# following bind directive, that will force Redis to listen only into
# the IPv4 lookback interface address (this means Redis will be able to
# accept connections only from clients running into the same computer it
# is running).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#bind 127.0.0.1

# Protected mode is a layer of security protection, in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
#
# When protected mode is on and if:
#
# 1) The server is not binding explicitly to a set of addresses using the
#    "bind" directive.
# 2) No password is configured.
#
# The server only accepts connections from clients connecting from the
# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
# sockets.
#
# By default protected mode is enabled. You should disable it only if
# you are sure you want clients from other hosts to connect to Redis
# even if no authentication is configured, nor a specific set of interfaces
# are explicitly listed using the "bind" directive.
protected-mode yes

# Accept connections on the specified port, default is 6379 (IANA #815344).
# If port 0 is specified Redis will not listen on a TCP socket.
port 6379

# TCP listen() backlog.
#
# In high requests-per-second environments you need an high backlog in order
# to avoid slow clients connections issues. Note that the Linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
tcp-backlog 511

# Unix socket.
#
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
# unixsocket /tmp/redis.sock
# unixsocketperm 700

# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0

# TCP keepalive.
#
# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
# of communication. This is useful for two reasons:
#
# 1) Detect dead peers.
# 2) Take the connection alive from the point of view of network
#    equipment in the middle.
#
# On Linux, the specified value (in seconds) is the period used to send ACKs.
# Note that to close the connection the double of the time is needed.
# On other kernels the period depends on the kernel configuration.
#
# A reasonable value for this option is 60 seconds.
tcp-keepalive 0

################################# GENERAL #####################################

# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
# NOT SUPPORTED ON WINDOWS daemonize no

# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
#   supervised no      - no supervision interaction
#   supervised upstart - signal upstart by putting Redis into SIGSTOP mode
#   supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
#   supervised auto    - detect upstart or systemd method based on
#                        UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
#       They do not enable continuous liveness pings back to your supervisor.
# NOT SUPPORTED ON WINDOWS supervised no

# If a pid file is specified, Redis writes it where specified at startup
# and removes it at exit.
#
# When the server runs non daemonized, no pid file is created if none is
# specified in the configuration. When the server is daemonized, the pid file
# is used even if not specified, defaulting to "/var/run/redis.pid".
#
# Creating a pid file is best effort: if Redis is not able to create it
# nothing bad happens, the server will start and run normally.
# NOT SUPPORTED ON WINDOWS pidfile /var/run/redis.pid

# Specify the server verbosity level.
# This can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
loglevel notice

# Specify the log file name. Also 'stdout' can be used to force
# Redis to log on the standard output.
logfile ""

# To enable logging to the Windows EventLog, just set 'syslog-enabled' to
# yes, and optionally update the other syslog parameters to suit your needs.
# If Redis is installed and launched as a Windows Service, this will
# automatically be enabled.
# syslog-enabled no

# Specify the source name of the events in the Windows Application log.
# syslog-ident redis

# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT <dbid> where
# dbid is a number between 0 and 'databases'-1
databases 16

################################ SNAPSHOTTING  ################################
#
# Save the DB on disk:
#
#   save <seconds> <changes>
#
#   Will save the DB if both the given number of seconds and the given
#   number of write operations against the DB occurred.
#
#   In the example below the behaviour will be to save:
#   after 900 sec (15 min) if at least 1 key changed
#   after 300 sec (5 min) if at least 10 keys changed
#   after 60 sec if at least 10000 keys changed
#
#   Note: you can disable saving completely by commenting out all "save" lines.
#
#   It is also possible to remove all the previously configured save
#   points by adding a save directive with a single empty string argument
#   like in the following example:
#
#   save ""

save 900 1
save 300 10
save 60 10000

# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
# This will make the user aware (in a hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# disaster will happen.
#
# If the background saving process will start working again Redis will
# automatically allow writes again.
#
# However if you have setup your proper monitoring of the Redis server
# and persistence, you may want to disable this feature so that Redis will
# continue to work as usual even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error yes

# Compress string objects using LZF when dump .rdb databases?
# For default that's set to 'yes' as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes

# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
# for maximum performances.
#
# RDB files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum yes

# The filename where to dump the DB
dbfilename dump.rdb

# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir ./

################################# REPLICATION #################################

# Master-Slave replication. Use slaveof to make a Redis instance a copy of
# another Redis server. A few things to understand ASAP about Redis replication.
#
# 1) Redis replication is asynchronous, but you can configure a master to
#    stop accepting writes if it appears to be not connected with at least
#    a given number of slaves.
# 2) Redis slaves are able to perform a partial resynchronization with the
#    master if the replication link is lost for a relatively small amount of
#    time. You may want to configure the replication backlog size (see the next
#    sections of this file) with a sensible value depending on your needs.
# 3) Replication is automatic and does not need user intervention. After a
#    network partition slaves automatically try to reconnect to masters
#    and resynchronize with them.
#
# slaveof <masterip> <masterport>

# If the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the slave to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the slave request.
#
# masterauth <master-password>

# When a slave loses its connection with the master, or when the replication
# is still in progress, the slave can act in two different ways:
#
# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
#    still reply to client requests, possibly with out of date data, or the
#    data set may just be empty if this is the first synchronization.
#
# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
#    an error "SYNC with master in progress" to all the kind of commands
#    but to INFO and SLAVEOF.
#
slave-serve-stale-data yes

# You can configure a slave instance to accept writes or not. Writing against
# a slave instance may be useful to store some ephemeral data (because data
# written on a slave will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# Since Redis 2.6 by default slaves are read-only.
#
# Note: read only slaves are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
# Still a read only slave exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
# security of read only slaves using 'rename-command' to shadow all the
# administrative / dangerous commands.
slave-read-only yes

# Replication SYNC strategy: disk or socket.
#
# -------------------------------------------------------
# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY
# -------------------------------------------------------
#
# New slaves and reconnecting slaves that are not able to continue the replication
# process just receiving differences, need to do what is called a "full
# synchronization". An RDB file is transmitted from the master to the slaves.
# The transmission can happen in two different ways:
#
# 1) Disk-backed: The Redis master creates a new process that writes the RDB
#                 file on disk. Later the file is transferred by the parent
#                 process to the slaves incrementally.
# 2) Diskless: The Redis master creates a new process that directly writes the
#              RDB file to slave sockets, without touching the disk at all.
#
# With disk-backed replication, while the RDB file is generated, more slaves
# can be queued and served with the RDB file as soon as the current child producing
# the RDB file finishes its work. With diskless replication instead once
# the transfer starts, new slaves arriving will be queued and a new transfer
# will start when the current one terminates.
#
# When diskless replication is used, the master waits a configurable amount of
# time (in seconds) before starting the transfer in the hope that multiple slaves
# will arrive and the transfer can be parallelized.
#
# With slow disks and fast (large bandwidth) networks, diskless replication
# works better.
repl-diskless-sync no

# When diskless replication is enabled, it is possible to configure the delay
# the server waits in order to spawn the child that transfers the RDB via socket
# to the slaves.
#
# This is important since once the transfer starts, it is not possible to serve
# new slaves arriving, that will be queued for the next RDB transfer, so the server
# waits a delay in order to let more slaves arrive.
#
# The delay is specified in seconds, and by default is 5 seconds. To disable
# it entirely just set it to 0 seconds and the transfer will start ASAP.
repl-diskless-sync-delay 5

# Slaves send PINGs to server in a predefined interval. It's possible to change
# this interval with the repl_ping_slave_period option. The default value is 10
# seconds.
#
# repl-ping-slave-period 10

# The following option sets the replication timeout for:
#
# 1) Bulk transfer I/O during SYNC, from the point of view of slave.
# 2) Master timeout from the point of view of slaves (data, pings).
# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings).
#
# It is important to make sure that this value is greater than the value
# specified for repl-ping-slave-period otherwise a timeout will be detected
# every time there is low traffic between the master and the slave.
#
# repl-timeout 60

# Disable TCP_NODELAY on the slave socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
# less bandwidth to send data to slaves. But this can add a delay for
# the data to appear on the slave side, up to 40 milliseconds with
# Linux kernels using a default configuration.
#
# If you select "no" the delay for data to appear on the slave side will
# be reduced but more bandwidth will be used for replication.
#
# By default we optimize for low latency, but in very high traffic conditions
# or when the master and slaves are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no

# Set the replication backlog size. The backlog is a buffer that accumulates
# slave data when slaves are disconnected for some time, so that when a slave
# wants to reconnect again, often a full resync is not needed, but a partial
# resync is enough, just passing the portion of data the slave missed while
# disconnected.
#
# The bigger the replication backlog, the longer the time the slave can be
# disconnected and later be able to perform a partial resynchronization.
#
# The backlog is only allocated once there is at least a slave connected.
#
# repl-backlog-size 1mb

# After a master has no longer connected slaves for some time, the backlog
# will be freed. The following option configures the amount of seconds that
# need to elapse, starting from the time the last slave disconnected, for
# the backlog buffer to be freed.
#
# A value of 0 means to never release the backlog.
#
# repl-backlog-ttl 3600

# The slave priority is an integer number published by Redis in the INFO output.
# It is used by Redis Sentinel in order to select a slave to promote into a
# master if the master is no longer working correctly.
#
# A slave with a low priority number is considered better for promotion, so
# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
# pick the one with priority 10, that is the lowest.
#
# However a special priority of 0 marks the slave as not able to perform the
# role of master, so a slave with priority of 0 will never be selected by
# Redis Sentinel for promotion.
#
# By default the priority is 100.
slave-priority 100

# It is possible for a master to stop accepting writes if there are less than
# N slaves connected, having a lag less or equal than M seconds.
#
# The N slaves need to be in "online" state.
#
# The lag in seconds, that must be <= the specified value, is calculated from
# the last ping received from the slave, that is usually sent every second.
#
# This option does not GUARANTEE that N replicas will accept the write, but
# will limit the window of exposure for lost writes in case not enough slaves
# are available, to the specified number of seconds.
#
# For example to require at least 3 slaves with a lag <= 10 seconds use:
#
# min-slaves-to-write 3
# min-slaves-max-lag 10
#
# Setting one or the other to 0 disables the feature.
#
# By default min-slaves-to-write is set to 0 (feature disabled) and
# min-slaves-max-lag is set to 10.

################################## SECURITY ###################################

# Require clients to issue AUTH <PASSWORD> before processing any other
# commands.  This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
requirepass 7890
# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
# AOF file or transmitted to slaves may cause problems.

################################### LIMITS ####################################

# Set the max number of connected clients at the same time. By default
# this limit is set to 10000 clients, however if the Redis server is not
# able to configure the process file limit to allow for the specified limit
# the max number of allowed clients is set to the current file limit
# minus 32 (as Redis reserves a few file descriptors for internal uses).
#
# Once the limit is reached Redis will close all the new connections sending
# an error 'max number of clients reached'.
#
# maxclients 10000

# If Redis is to be used as an in-memory-only cache without any kind of
# persistence, then the fork() mechanism used by the background AOF/RDB
# persistence is unnecessary. As an optimization, all persistence can be
# turned off in the Windows version of Redis. This will redirect heap
# allocations to the system heap allocator, and disable commands that would
# otherwise cause fork() operations: BGSAVE and BGREWRITEAOF.
# This flag may not be combined with any of the other flags that configure
# AOF and RDB operations.
# persistence-available [(yes)|no]

# Don't use more memory than the specified amount of bytes.
# When the memory limit is reached Redis will try to remove keys
# according to the eviction policy selected (see maxmemory-policy).
#
# If Redis can't remove keys according to the policy, or if the policy is
# set to 'noeviction', Redis will start to reply with errors to commands
# that would use more memory, like SET, LPUSH, and so on, and will continue
# to reply to read-only commands like GET.
#
# This option is usually useful when using Redis as an LRU cache, or to set
# a hard memory limit for an instance (using the 'noeviction' policy).
#
# WARNING: If you have slaves attached to an instance with maxmemory on,
# the size of the output buffers needed to feed the slaves are subtracted
# from the used memory count, so that network problems / resyncs will
# not trigger a loop where keys are evicted, and in turn the output
# buffer of slaves is full with DELs of keys evicted triggering the deletion
# of more keys, and so forth until the database is completely emptied.
#
# In short... if you have slaves attached it is suggested that you set a lower
# limit for maxmemory so that there is some free RAM on the system for slave
# output buffers (but this is not needed if the policy is 'noeviction').
#
# WARNING: not setting maxmemory will cause Redis to terminate with an
# out-of-memory exception if the heap limit is reached.
#
# NOTE: since Redis uses the system paging file to allocate the heap memory,
# the Working Set memory usage showed by the Windows Task Manager or by other
# tools such as ProcessExplorer will not always be accurate. For example, right
# after a background save of the RDB or the AOF files, the working set value
# may drop significantly. In order to check the correct amount of memory used
# by the redis-server to store the data, use the INFO client command. The INFO
# command shows only the memory used to store the redis data, not the extra
# memory used by the Windows process for its own requirements. Th3 extra amount
# of memory not reported by the INFO command can be calculated subtracting the
# Peak Working Set reported by the Windows Task Manager and the used_memory_peak
# reported by the INFO command.
#
# maxmemory <bytes>

# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
# is reached. You can select among five behaviors:
#
# volatile-lru -> remove the key with an expire set using an LRU algorithm
# allkeys-lru -> remove any key according to the LRU algorithm
# volatile-random -> remove a random key with an expire set
# allkeys-random -> remove a random key, any key
# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
# noeviction -> don't expire at all, just return an error on write operations
#
# Note: with any of the above policies, Redis will return an error on write
#       operations, when there are no suitable keys for eviction.
#
#       At the date of writing these commands are: set setnx setex append
#       incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
#       sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
#       zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
#       getset mset msetnx exec sort
#
# The default is:
#
# maxmemory-policy noeviction

# LRU and minimal TTL algorithms are not precise algorithms but approximated
# algorithms (in order to save memory), so you can tune it for speed or
# accuracy. For default Redis will check five keys and pick the one that was
# used less recently, you can change the sample size using the following
# configuration directive.
#
# The default of 5 produces good enough results. 10 Approximates very closely
# true LRU but costs a bit more CPU. 3 is very fast but not very accurate.
#
# maxmemory-samples 5

############################## APPEND ONLY MODE ###############################

# By default Redis asynchronously dumps the dataset on disk. This mode is
# good enough in many applications, but an issue with the Redis process or
# a power outage may result into a few minutes of writes lost (depending on
# the configured save points).
#
# The Append Only File is an alternative persistence mode that provides
# much better durability. For instance using the default data fsync policy
# (see later in the config file) Redis can lose just one second of writes in a
# dramatic event like a server power outage, or a single write if something
# wrong with the Redis process itself happens, but the operating system is
# still running correctly.
#
# AOF and RDB persistence can be enabled at the same time without problems.
# If the AOF is enabled on startup Redis will load the AOF, that is the file
# with the better durability guarantees.
#
# Please check http://redis.io/topics/persistence for more information.

appendonly no

# The name of the append only file (default: "appendonly.aof")
appendfilename "appendonly.aof"

# The fsync() call tells the Operating System to actually write data on disk
# instead of waiting for more data in the output buffer. Some OS will really flush
# data on disk, some other OS will just try to do it ASAP.
#
# Redis supports three different modes:
#
# no: don't fsync, just let the OS flush the data when it wants. Faster.
# always: fsync after every write to the append only log. Slow, Safest.
# everysec: fsync only one time every second. Compromise.
#
# The default is "everysec", as that's usually the right compromise between
# speed and data safety. It's up to you to understand if you can relax this to
# "no" that will let the operating system flush the output buffer when
# it wants, for better performances (but if you can live with the idea of
# some data loss consider the default persistence mode that's snapshotting),
# or on the contrary, use "always" that's very slow but a bit safer than
# everysec.
#
# More details please check the following article:
# http://antirez.com/post/redis-persistence-demystified.html
#
# If unsure, use "everysec".

# appendfsync always
appendfsync everysec
# appendfsync no

# When the AOF fsync policy is set to always or everysec, and a background
# saving process (a background save or AOF log background rewriting) is
# performing a lot of I/O against the disk, in some Linux configurations
# Redis may block too long on the fsync() call. Note that there is no fix for
# this currently, as even performing fsync in a different thread will block
# our synchronous write(2) call.
#
# In order to mitigate this problem it's possible to use the following option
# that will prevent fsync() from being called in the main process while a
# BGSAVE or BGREWRITEAOF is in progress.
#
# This means that while another child is saving, the durability of Redis is
# the same as "appendfsync none". In practical terms, this means that it is
# possible to lose up to 30 seconds of log in the worst scenario (with the
# default Linux settings).
#
# If you have latency problems turn this to "yes". Otherwise leave it as
# "no" that is the safest pick from the point of view of durability.
no-appendfsync-on-rewrite no

# Automatic rewrite of the append only file.
# Redis is able to automatically rewrite the log file implicitly calling
# BGREWRITEAOF when the AOF log size grows by the specified percentage.
#
# This is how it works: Redis remembers the size of the AOF file after the
# latest rewrite (if no rewrite has happened since the restart, the size of
# the AOF at startup is used).
#
# This base size is compared to the current size. If the current size is
# bigger than the specified percentage, the rewrite is triggered. Also
# you need to specify a minimal size for the AOF file to be rewritten, this
# is useful to avoid rewriting the AOF file even if the percentage increase
# is reached but it is still pretty small.
#
# Specify a percentage of zero in order to disable the automatic AOF
# rewrite feature.

auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb

# An AOF file may be found to be truncated at the end during the Redis
# startup process, when the AOF data gets loaded back into memory.
# This may happen when the system where Redis is running
# crashes, especially when an ext4 filesystem is mounted without the
# data=ordered option (however this can't happen when Redis itself
# crashes or aborts but the operating system still works correctly).
#
# Redis can either exit with an error when this happens, or load as much
# data as possible (the default now) and start if the AOF file is found
# to be truncated at the end. The following option controls this behavior.
#
# If aof-load-truncated is set to yes, a truncated AOF file is loaded and
# the Redis server starts emitting a log to inform the user of the event.
# Otherwise if the option is set to no, the server aborts with an error
# and refuses to start. When the option is set to no, the user requires
# to fix the AOF file using the "redis-check-aof" utility before to restart
# the server.
#
# Note that if the AOF file will be found to be corrupted in the middle
# the server will still exit with an error. This option only applies when
# Redis will try to read more data from the AOF file but not enough bytes
# will be found.
aof-load-truncated yes

################################ LUA SCRIPTING  ###############################

# Max execution time of a Lua script in milliseconds.
#
# If the maximum execution time is reached Redis will log that a script is
# still in execution after the maximum allowed time and will start to
# reply to queries with an error.
#
# When a long running script exceeds the maximum execution time only the
# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
# used to stop a script that did not yet called write commands. The second
# is the only way to shut down the server in the case a write command was
# already issued by the script but the user doesn't want to wait for the natural
# termination of the script.
#
# Set it to 0 or a negative value for unlimited execution without warnings.
lua-time-limit 5000

################################ REDIS CLUSTER  ###############################
#
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however
# in order to mark it as "mature" we need to wait for a non trivial percentage
# of users to deploy it in production.
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#
# Normal Redis instances can't be part of a Redis Cluster; only nodes that are
# started as cluster nodes can. In order to start a Redis instance as a
# cluster node enable the cluster support uncommenting the following:
#
# cluster-enabled yes

# Every cluster node has a cluster configuration file. This file is not
# intended to be edited by hand. It is created and updated by Redis nodes.
# Every Redis Cluster node requires a different cluster configuration file.
# Make sure that instances running in the same system do not have
# overlapping cluster configuration file names.
#
# cluster-config-file nodes-6379.conf

# Cluster node timeout is the amount of milliseconds a node must be unreachable
# for it to be considered in failure state.
# Most other internal time limits are multiple of the node timeout.
#
# cluster-node-timeout 15000

# A slave of a failing master will avoid to start a failover if its data
# looks too old.
#
# There is no simple way for a slave to actually have a exact measure of
# its "data age", so the following two checks are performed:
#
# 1) If there are multiple slaves able to failover, they exchange messages
#    in order to try to give an advantage to the slave with the best
#    replication offset (more data from the master processed).
#    Slaves will try to get their rank by offset, and apply to the start
#    of the failover a delay proportional to their rank.
#
# 2) Every single slave computes the time of the last interaction with
#    its master. This can be the last ping or command received (if the master
#    is still in the "connected" state), or the time that elapsed since the
#    disconnection with the master (if the replication link is currently down).
#    If the last interaction is too old, the slave will not try to failover
#    at all.
#
# The point "2" can be tuned by user. Specifically a slave will not perform
# the failover if, since the last interaction with the master, the time
# elapsed is greater than:
#
#   (node-timeout * slave-validity-factor) + repl-ping-slave-period
#
# So for example if node-timeout is 30 seconds, and the slave-validity-factor
# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the
# slave will not try to failover if it was not able to talk with the master
# for longer than 310 seconds.
#
# A large slave-validity-factor may allow slaves with too old data to failover
# a master, while a too small value may prevent the cluster from being able to
# elect a slave at all.
#
# For maximum availability, it is possible to set the slave-validity-factor
# to a value of 0, which means, that slaves will always try to failover the
# master regardless of the last time they interacted with the master.
# (However they'll always try to apply a delay proportional to their
# offset rank).
#
# Zero is the only value able to guarantee that when all the partitions heal
# the cluster will always be able to continue.
#
# cluster-slave-validity-factor 10

# Cluster slaves are able to migrate to orphaned masters, that are masters
# that are left without working slaves. This improves the cluster ability
# to resist to failures as otherwise an orphaned master can't be failed over
# in case of failure if it has no working slaves.
#
# Slaves migrate to orphaned masters only if there are still at least a
# given number of other working slaves for their old master. This number
# is the "migration barrier". A migration barrier of 1 means that a slave
# will migrate only if there is at least 1 other working slave for its master
# and so forth. It usually reflects the number of slaves you want for every
# master in your cluster.
#
# Default is 1 (slaves migrate only if their masters remain with at least
# one slave). To disable migration just set it to a very large value.
# A value of 0 can be set but is useful only for debugging and dangerous
# in production.
#
# cluster-migration-barrier 1

# By default Redis Cluster nodes stop accepting queries if they detect there
# is at least an hash slot uncovered (no available node is serving it).
# This way if the cluster is partially down (for example a range of hash slots
# are no longer covered) all the cluster becomes, eventually, unavailable.
# It automatically returns available as soon as all the slots are covered again.
#
# However sometimes you want the subset of the cluster which is working,
# to continue to accept queries for the part of the key space that is still
# covered. In order to do so, just set the cluster-require-full-coverage
# option to no.
#
# cluster-require-full-coverage yes

# In order to setup your cluster make sure to read the documentation
# available at http://redis.io web site.

################################## SLOW LOG ###################################

# The Redis Slow Log is a system to log queries that exceeded a specified
# execution time. The execution time does not include the I/O operations
# like talking with the client, sending the reply and so forth,
# but just the time needed to actually execute the command (this is the only
# stage of command execution where the thread is blocked and can not serve
# other requests in the meantime).
#
# You can configure the slow log with two parameters: one tells Redis
# what is the execution time, in microseconds, to exceed in order for the
# command to get logged, and the other parameter is the length of the
# slow log. When a new command is logged the oldest one is removed from the
# queue of logged commands.

# The following time is expressed in microseconds, so 1000000 is equivalent
# to one second. Note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than 10000

# There is no limit to this length. Just be aware that it will consume memory.
# You can reclaim memory used by the slow log with SLOWLOG RESET.
slowlog-max-len 128

################################ LATENCY MONITOR ##############################

# The Redis latency monitoring subsystem samples different operations
# at runtime in order to collect data related to possible sources of
# latency of a Redis instance.
#
# Via the LATENCY command this information is available to the user that can
# print graphs and obtain reports.
#
# The system only logs operations that were performed in a time equal or
# greater than the amount of milliseconds specified via the
# latency-monitor-threshold configuration directive. When its value is set
# to zero, the latency monitor is turned off.
#
# By default latency monitoring is disabled since it is mostly not needed
# if you don't have latency issues, and collecting data has a performance
# impact, that while very small, can be measured under big load. Latency
# monitoring can easily be enabled at runtime using the command
# "CONFIG SET latency-monitor-threshold <milliseconds>" if needed.
latency-monitor-threshold 0

############################# EVENT NOTIFICATION ##############################

# Redis can notify Pub/Sub clients about events happening in the key space.
# This feature is documented at http://redis.io/topics/notifications
#
# For instance if keyspace events notification is enabled, and a client
# performs a DEL operation on key "foo" stored in the Database 0, two
# messages will be published via Pub/Sub:
#
# PUBLISH __keyspace@0__:foo del
# PUBLISH __keyevent@0__:del foo
#
# It is possible to select the events that Redis will notify among a set
# of classes. Every class is identified by a single character:
#
#  K     Keyspace events, published with __keyspace@<db>__ prefix.
#  E     Keyevent events, published with __keyevent@<db>__ prefix.
#  g     Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...
#  $     String commands
#  l     List commands
#  s     Set commands
#  h     Hash commands
#  z     Sorted set commands
#  x     Expired events (events generated every time a key expires)
#  e     Evicted events (events generated when a key is evicted for maxmemory)
#  A     Alias for g$lshzxe, so that the "AKE" string means all the events.
#
#  The "notify-keyspace-events" takes as argument a string that is composed
#  of zero or multiple characters. The empty string means that notifications
#  are disabled.
#
#  Example: to enable list and generic events, from the point of view of the
#           event name, use:
#
#  notify-keyspace-events Elg
#
#  Example 2: to get the stream of the expired keys subscribing to channel
#             name __keyevent@0__:expired use:
#
#  notify-keyspace-events Ex
#
#  By default all notifications are disabled because most users don't need
#  this feature and the feature has some overhead. Note that if you don't
#  specify at least one of K or E, no events will be delivered.
notify-keyspace-events ""

############################### ADVANCED CONFIG ###############################

# Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. These thresholds can be configured using the following directives.
hash-max-ziplist-entries 512
hash-max-ziplist-value 64

# Lists are also encoded in a special way to save a lot of space.
# The number of entries allowed per internal list node can be specified
# as a fixed maximum size or a maximum number of elements.
# For a fixed maximum size, use -5 through -1, meaning:
# -5: max size: 64 Kb  <-- not recommended for normal workloads
# -4: max size: 32 Kb  <-- not recommended
# -3: max size: 16 Kb  <-- probably not recommended
# -2: max size: 8 Kb   <-- good
# -1: max size: 4 Kb   <-- good
# Positive numbers mean store up to _exactly_ that number of elements
# per list node.
# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
# but if your use case is unique, adjust the settings as necessary.
list-max-ziplist-size -2

# Lists may also be compressed.
# Compress depth is the number of quicklist ziplist nodes from *each* side of
# the list to *exclude* from compression.  The head and tail of the list
# are always uncompressed for fast push/pop operations.  Settings are:
# 0: disable all list compression
# 1: depth 1 means "don't start compressing until after 1 node into the list,
#    going from either the head or tail"
#    So: [head]->node->node->...->node->[tail]
#    [head], [tail] will always be uncompressed; inner nodes will compress.
# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
#    2 here means: don't compress head or head->next or tail->prev or tail,
#    but compress all nodes between them.
# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
# etc.
list-compress-depth 0

# Sets have a special encoding in just one case: when a set is composed
# of just strings that happen to be integers in radix 10 in the range
# of 64 bit signed integers.
# The following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries 512

# Similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. This encoding is only used when the length and
# elements of a sorted set are below the following limits:
zset-max-ziplist-entries 128
zset-max-ziplist-value 64

# HyperLogLog sparse representation bytes limit. The limit includes the
# 16 bytes header. When an HyperLogLog using the sparse representation crosses
# this limit, it is converted into the dense representation.
#
# A value greater than 16000 is totally useless, since at that point the
# dense representation is more memory efficient.
#
# The suggested value is ~ 3000 in order to have the benefits of
# the space efficient encoding without slowing down too much PFADD,
# which is O(N) with the sparse encoding. The value can be raised to
# ~ 10000 when CPU is not a concern, but space is, and the data set is
# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
hll-sparse-max-bytes 3000

# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redis hash table (the one mapping top-level
# keys to values). The hash table implementation Redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into a hash table
# that is rehashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# The default is to use this millisecond 10 times every second in order to
# actively rehash the main dictionaries, freeing memory when possible.
#
# If unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that Redis can reply from time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing yes

# The client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a Pub/Sub client can't consume messages as fast as the
# publisher can produce them).
#
# The limit can be set differently for the three different classes of clients:
#
# normal -> normal clients including MONITOR clients
# slave  -> slave clients
# pubsub -> clients subscribed to at least one pubsub channel or pattern
#
# The syntax of every client-output-buffer-limit directive is the following:
#
# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
#
# A client is immediately disconnected once the hard limit is reached, or if
# the soft limit is reached and remains reached for the specified number of
# seconds (continuously).
# So for instance if the hard limit is 32 megabytes and the soft limit is
# 16 megabytes / 10 seconds, the client will get disconnected immediately
# if the size of the output buffers reach 32 megabytes, but will also get
# disconnected if the client reaches 16 megabytes and continuously overcomes
# the limit for 10 seconds.
#
# By default normal clients are not limited because they don't receive data
# without asking (in a push way), but just after a request, so only
# asynchronous clients may create a scenario where data is requested faster
# than it can read.
#
# Instead there is a default limit for pubsub and slave clients, since
# subscribers and slaves receive data in a push fashion.
#
# Both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60

# Redis calls an internal function to perform many background tasks, like
# closing connections of clients in timeot, purging expired keys that are
# never requested, and so forth.
#
# Not all tasks are perforemd with the same frequency, but Redis checks for
# tasks to perform according to the specified "hz" value.
#
# By default "hz" is set to 10. Raising the value will use more CPU when
# Redis is idle, but at the same time will make Redis more responsive when
# there are many keys expiring at the same time, and timeouts may be
# handled with more precision.
#
# The range is between 1 and 500, however a value over 100 is usually not
# a good idea. Most users should use the default of 10 and raise this up to
# 100 only in environments where very low latency is required.
hz 10

# When a child rewrites the AOF file, if the following option is enabled
# the file will be fsync-ed every 32 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes

################################## INCLUDES ###################################

# Include one or more other config files here.  This is useful if you
# have a standard template that goes to all Redis server but also need
# to customize a few per-server settings.  Include files can include
# other files, so use this wisely.
#
# include /path/to/local.conf
# include /path/to/other.conf

 

如果單獨用：

 docker run -d -p 6379:6379 --name redis --restart always -v /config/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf -v /config/redis/data:/data redis --appendonly yes --requirepass 9090 

windows redis 配置

https://github.com/microsoftarchive/redis/releases下載版本

 

下載解壓后的文件列表

 

可以配置密碼：打開redis.windows.conf文件，找到:

放開注釋，配置密碼，

然后把redis注冊未服務

cmd切換到redis目錄

輸入命令：

redis-server.exe --service-install redis.windows.conf

 

參考:https://www.cnblogs.com/GuoJunwen/p/9238624.html

 

 

 

上傳鏡像到hub.docker倉庫

通過push鏡像，其他地方只需要pull即可，

1：hub.docker上創建賬號

2：docker login 登陸，會提示輸入用戶名和密碼

注意，密碼是盲打的，看到 Login Succeeded 說明登陸成功

3：通過 docker push 鏡像名 就可以上傳到自己的鏡像倉庫了

但這里要注意幾點，鏡像是有命名規范的  ，比如我我想把鏡像 cn/api 上傳

 

我會 這樣:docker push cn/api

會提示資源拒絕訪問

 

 是因為鏡像命名規范： 組織名稱/鏡像名稱 我這里的組織是個人。所以cn必須是自己的用戶名

所以必須是：byniqing/api  那怎么辦呢？可以通過命名修改鏡像

 docker tag cn/api:v1 byniqing/api:pro 

查看鏡像。已經成功修改，修改前后的IMAGE ID是不變的，可以看看

修改前：

 

 修改后：

 

 

 再次push試試

 

等待上傳成功，hub上就有了

 

 

 

 然后你 就可以直接pull了

 

如果一個鏡像經常升級，就會出現很多懸空鏡像，這些懸空鏡像是可以刪除的。

下面 這些none的鏡像。就是懸空鏡像

 

刪除命令：

docker rmi $(docker images -f "dangling=true" -q)

# 或者

docker image prune -a -f

 

Portainer管理鏡像

 未完待續

上傳鏡像到hub.docker

 

源碼：https://github.com/byniqing/docker-compose