2023-05-11-【记录】DOCKER安装流程.md 4.6 KB


title: 【记录】DOCKER安装流程 urlname: DOCKER-an-zhuang-liu-cheng-ji-lu date: 2023-05-11 19:03:17

tags: docker

第一步 添加SWAP

  • wget -O box.sh https://raw.githubusercontent.com/BlueSkyXN/SKY-BOX/main/box.sh && chmod +x box.sh && clear && sudo ./box.sh
  • 18 大小输入4096,设置4G大小的swap空间

    第二步 开启BBR

  • wget -O box.sh https://raw.githubusercontent.com/BlueSkyXN/SKY-BOX/main/box.sh && chmod +x box.sh && clear && sudo ./box.sh

  • 17 11 开启BBR-FQ

  • sudo reboot

    第三步 修改时区

  • timedatectl list-timezones

  • sudo timedatectl set-timezone Asia/Shanghai

    第四步 修改SSH端口

  • sudo nano /etc/ssh/sshd_config

  • 修改 Port 22 为 Port 2022

  • sudo service sshd restart

  • 新开一个SSH连接测试修改是否成功

  • 蜜罐:FakeSSH

    docker run -d --restart=always -p 22:22 --name fakessh fffaraz/fakessh
    docker logs -f fakessh
    

    第五步 安装docker

  • 新版docker自带compose命令,使用docker compose即可

  • (国内)curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

  • (国际)curl -fsSL https://get.docker.com | bash

    (换源) sudo sed -i 's/archive.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
    sudo apt update
    sudo apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
    ARCH_VERSION=$(if [[ $(arch) == "arm64" || $(arch) == 'aarch64' ]]; then echo 'arm64'; elif [[ $(arch) == "armhf" ]]; then echo 'armhf'; else echo 'amd64'; fi)
    sudo add-apt-repository "deb [arch=$ARCH_VERSION] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
    sudo apt update && sudo apt install docker-ce
    sudo systemctl status docker
    LATEST_VERSION=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | awk -F'"' '/tag_name/{print $4}')
    (镜像) sudo curl -L "https://get.daocloud.io/docker/compose/releases/download/$LATEST_VERSION/docker-compose-$(uname -s)-$(uname -m)" > /usr/local/bin/docker-compose
    (国际) sudo curl -L "https://github.com/docker/compose/releases/download/$LATEST_VERSION/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    sudo chmod +x /usr/local/bin/docker-compose
    docker-compose --version
    

    第六步 添加 docker 镜像源

    {
    "registry-mirrors":[
                        "https://hub-mirror.c.163.com/",
                        "https://docker.mirrors.ustc.edu.cn/"
                        ]
    }
    
    nano /etc/docker/daemon.json
    systemctl daemon-reload
    systemctl restart docker
    

    第七步 非 docker.io 仓库

  • hub-mirror 项目使用 docker.io 或其他镜像服务来提供(但不限于) gcr.io、registry.k8s.io、k8s.gcr.io、quay.io、ghcr.io 等国外镜像加速下载服务

  • file-proxy 项目使用 Cloudflare Workers 进行代下服务

    第八步 离线获取容器镜像示例

    wget https://raw.githubusercontent.com/NotGlop/docker-drag/master/docker_pull.py
    python3 docker_pull.py nkpro/chrome-novnc@sha256:379ef4901f65495fb200b60fe2f87ba1346ce7df91cbe807365dba57c5dcd8d5
    # 通过U盘转移 nkpro_chrome-novnc.tar 到目标电脑上
    docker load < nkpro_chrome-novnc.tar
    docker images
    docker tag ba39b3ae6c10 nkpro/chrome-novnc:latest
    

    第九步 更新容器镜像

  • sudo docker-compose pull && sudo docker-compose up -d --remove-orphans

  • sudo docker image prune

    附加 关闭系统自动更新

  • nano /etc/update-manager/release-upgrades,修改Prompt 为 never

  • sudo sed -i.bak 's/1/0/' /etc/apt/apt.conf.d/10periodic

  • sudo sed -i.bak 's/1/0/' /etc/apt/apt.conf.d/20auto-upgrades

  • sudo systemctl stop unattended-upgrades

  • sudo systemctl disable unattended-upgrades

  • sudo apt remove unattended-upgrades

  • sudo apt purge snapd

  • 最后重启服务器 sudo reboot

    附加 清理Docker容器日志

    nano ~/clean_docker_log.sh && chmod +x ~/clean_docker_log.sh
    sudo ~/clean_docker_log.sh
    
    #!/bin/sh 
     
    echo "======== start clean docker containers logs ========"  
     
    logs=$(find /var/lib/docker/containers/ -name *-json.log)  
     
    for log in $logs  
        do  
                echo "clean logs : $log"  
                cat /dev/null > $log  
        done  
     
    echo "======== end clean docker containers logs ========" 
    

附加 非root用户

Podman

  • 用到的时候再更新

    Singularity

    singularity pull --name vep.sif docker://ensemblorg/ensembl-vep
    mkdir $HOME/vep_data
    singularity exec vep.sif vep --dir $HOME/vep_data --help