一、拉取Redis鏡像
docker pull redis #后面可以帶上tag號, 默認拉取最新版本
二、創建掛載文件目錄
mkdir -p ./docker/redis/data #創建redis存在數據目錄
mkdir -p ./docker/redis/conf #創建redis配置文件目錄
三、增加配置文件
從網上下載一個linux的redis.conf 【http://download.redis.io/releases/下載對應版本的redis】
vi /docker/redis/redis.conf ## 1.允許遠程連接 # bind 127.0.0.1 protected-mode no ## 2.持久化 appendonly yes ## 3.密碼 requirepass `password`
四、安裝redis
docker run -itd --net=host --name=myredis -v $PWD/docker/redis/data:/redis/data -v $PWD/docker/redis/conf/redis.conf:/etc/redis/redis.conf redis --requirepass "Yunzhisheng123"
-
-d: 后台運行容器,並返回容器ID;
-
-i: 以交互模式運行容器,通常與 -t 同時使用;
- -t: 為容器重新分配一個偽輸入終端,通常與 -i 同時使用;
- --net=host: 指定容器的網絡連接類型,支持 bridge/host/none/container:<name|id> 四種類型【不配置,通過宿主機ip,外界沒法訪問redis】
- --name=myredis : 為容器指定一個名稱;
- -v:文件掛載
- -p:指定端口映射,格式為:主機(宿主)端口:容器端口
- --requirepass: 連接密碼【備注:發現我的redis.conf文件密碼沒生效,暫時還沒找到原因,回頭再補充,另外該處的密碼不允許帶 ! 等某些特殊字符,否則運行時候會報錯】
如果采用--net=host類型,使用-p或者-P會告警提示 WARNING: Published ports are discarded when using host network mode,原因是:當你是host模式的時候,主機會自動把他上面的端口分配給容器,這個時候使用-p或者-P是無用的。有關--net指令要多說明下:
bridge: The default network driver. If you don’t specify a driver, this is the type of network you are creating. Bridge networks are usually used when your applications run in standalone containers that need to communicate. See bridge networks. In terms of networking, a bridge network is a Link Layer device which forwards traffic between network segments. A bridge can be a hardware device or a software device running within a host machine’s kernel. In terms of Docker, a bridge network uses a software bridge which allows containers connected to the same bridge network to communicate, while providing isolation from containers which are not connected to that bridge network.
The Docker bridge driver automatically installs rules in the host machine so that containers on different bridge networks cannot communicate directly with each other. Bridge networks apply to containers running on the same Docker daemon host. For communication among containers running on different Docker daemon hosts, you can either manage routing at the OS level, or you can use an overlay network. When you start Docker, a default bridge network (also called bridge) is created automatically, and newly-started containers connect to it unless otherwise specified. You can also create user-defined custom bridge networks.
User-defined bridge networks are superior to the default bridge network. 以上信息可得到幾點:1、橋接類型是容器默認的連接類型;2、連接上同一網橋的容器可以互相之間通訊,否則容器彼此隔離 host: For standalone containers, remove network isolation between the container and the Docker host, and use the host’s networking directly. host is only available for swarm services on Docker 17.06 and higher. See use the host network. If you use the host network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated. For instance,
if you run a container which binds to port 80 and you use host networking, the container’s application is available on port 80 on the host’s IP address. Note: Given that the container does not have its own IP-address when using host mode networking, port-mapping does not take effect, and the -p, --publish, -P, and --publish-all option are ignored, producing a warning instead: WARNING: Published ports are discarded when using host network mode 以上信息告知:1、host模式下,容器之間可以互相訪問,共享宿主機ip和網絡;2、host模式下不要使用-p、-P、-publish、-publish-all指令
更多參考官方文檔:https://docs.docker.com/network/
host模式設計,可以直接訪問主機的地址和端口,就能訪問到我們的容器,使容器直接暴露在公網下,但是這卻對docker的隔離性造成了破壞,使得安全性大大降低。這種模式有利也有弊。
注:如果外網依然連接不上docker容器中的redis,查看宿主機防火牆和端口狀態,具體操作詳見:https://www.cnblogs.com/yizhipanghu/p/11171211.html