💿Docker

太爱Docker了,万物皆可Docker,Docker取代一切!

我为什么说docker是我最喜欢的开发环境,因为docker有以下几大优势对我来说太关键了!

  • 使用任何编程语言时不需要考虑依赖,比如运行python程序时不需要考虑import的库

  • 一个项目一个container容器,完全独立自主运行,管理方便,重新构建方便,完整删除也方便

这两大优势对于服务器运行来说太好用了,不用考虑为每个项目去配置对应的编程语言环境

最新版Docker安装步骤:

  • 先删除原先可能已经安装的各种docker相关软件包:

for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done
  • 将 Docker APT 软件源添加到你的系统:

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
  • 安装 Docker 最新版本

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
  • 查看运行状态:

sudo systemctl status docker

或者也可以使用官方的安装脚本:

curl -fsSL https://get.docker.com | sudo sh

如果遇到错误可能是系统或者版本的变更导致,可以自行去官网查看最新教程:https://docs.docker.com/engine/install/ubuntu/

特别的:对于国内的服务器,可能会导致下载密钥失败而无法进行后续的步骤报错,这个时候就可以用阿里云的镜像密钥进行替换

#安装依赖工具:
sudo apt-get update
sudo apt-get install -y ca-certificates curl gnupg lsb-release
#使用 阿里云镜像 下载 GPG 密钥
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
#替换默认的 Docker 源为 阿里云镜像
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
#更新 APT 并安装 Docker
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

我也可以给大家看看我用docker部署了多少项目(仅作示例参考,没有任何特殊含义):

该章节下将为大家推荐几个几乎可以说是VPS必备的docker项目

P.S. 这里特别插一条小知识,国内的服务器由于网络环境的问题,很有可能是没法从docker Hub拉取镜像的,这就很难受了,需要借助一些反代服务,可以自己搭,也可以用我下面这个例子:

docker.1panel.live/library/redis:latest

使用 1panel 的镜像来代理,后面跟上作者和镜像路径即可,不知道发布者是谁的就去Docker Hub找这个镜像(https://hub.docker.com/),然后上面的例子也是特殊的,这个library不是什么特定的作者,而是官方的镜像,如redis、mysql等都是官方发布的。

下面来讲一个进阶操作,我写了一个脚本,可以将服务器最大化精简到只保留运行docker的基本环境,删除了所有不必要的软件包和其他环境,并且安装docker命令行服务,这样的最小化系统可以提高在低配置机器上的使用体验和运行效率。(脚本使用方法在最后面)

警告:1、本脚本只适合在Ubuntu上运行;

2、本脚本会删除其他所有无关内容(一些特别的例子:删除了apt包管理工具,你将无法安装其他软件包,也无法管理软件包;删除了rsyslog,系统没有了日志记录;删除了cron,无法创建定时任务),只保留运行docker的环境,如果你要运行任何其他出了docker容器以外的内容请不要使用。

#!/bin/bash

# 确保以root用户运行
if [ "$(id -u)" -ne 0 ]; then
  echo "请使用root用户运行此脚本"
  exit 1
fi

# 更新系统
apt-get update
apt-get upgrade -y

# 安装Docker必要依赖
apt-get install -y \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

# 添加Docker官方GPG密钥
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

# 添加Docker仓库
add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

# 更新并安装Docker
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io

# 移除不必要的软件包
apt-get purge -y \
    ubuntu-server \
    snapd \
    unattended-upgrades \
    cloud-init \
    rsyslog \
    popularity-contest \
    apport \
    command-not-found \
    laptop-detect \
    tasksel \
    telnet \
    ftp \
    whoopsie \
    avahi-daemon \
    cups \
    isc-dhcp-server \
    isc-dhcp-client \
    rpcbind \
    nfs-common \
    at \
    openbsd-inetd \
    xinetd \
    exim4 \
    exim4-base \
    exim4-config \
    exim4-daemon-light \
    telnetd \
    nis \
    rsh-client \
    rsh-redone-client \
    talk \
    talkd \
    tftp \
    tftpd \
    x11-common \
    xserver-xorg-core \
    xserver-xorg-input-all \
    xserver-xorg-video-all \
    xorg \
    xserver-xorg \
    xserver-common \
    plymouth \
    plymouth-themes \
    plymouth-x11 \
    ubuntu-minimal \
    ubuntu-standard \
    ubuntu-advantage-tools \
    lxd \
    lxd-client \
    lxcfs \
    mdadm \
    lvm2 \
    thin-provisioning-tools \
    accountsservice \
    alsa-utils \
    anacron \
    apache2 \
    apache2-bin \
    apache2-data \
    apache2-utils \
    apparmor \
    apport \
    apport-symptoms \
    apt-listchanges \
    apt-listbugs \
    apt-utils \
    avahi-autoipd \
    avahi-daemon \
    avahi-utils \
    bcache-tools \
    bind9-host \
    bluez \
    bolt \
    btrfs-progs \
    btrfs-tools \
    busybox-static \
    byobu \
    cloud-guest-utils \
    cloud-initramfs-copymods \
    cloud-initramfs-dyn-netconf \
    command-not-found \
    console-setup \
    console-setup-linux \
    crda \
    cryptsetup \
    cryptsetup-bin \
    cryptsetup-initramfs \
    cryptsetup-run \
    cups-common \
    cups-core-drivers \
    cups-daemon \
    cups-ppdc \
    cups-server-common \
    debconf-utils \
    debian-faq \
    dictionaries-common \
    dmraid \
    dns-root-data \
    dnsmasq-base \
    doc-base \
    dosfstools \
    eject \
    emacsen-common \
    ethtool \
    example-content \
    friendly-recovery \
    ftp \
    fuse \
    fwupd \
    fwupdate \
    fwupdate-signed \
    gcc \
    geoip-database \
    gettext-base \
    gir1.2-glib-2.0 \
    gir1.2-packagekitglib-1.0 \
    git \
    git-man \
    gnupg2 \
    gpg \
    gpg-agent \
    gpg-wks-client \
    gpg-wks-server \
    gpgconf \
    gpgsm \
    gpgv \
    groff-base \
    grub-common \
    grub-gfxpayload-lists \
    grub-pc \
    grub-pc-bin \
    grub2-common \
    gvfs \
    gvfs-common \
    gvfs-daemons \
    gvfs-libs \
    hdparm \
    hicolor-icon-theme \
    hostapd \
    htop \
    info \
    initramfs-tools \
    initramfs-tools-bin \
    initramfs-tools-core \
    installation-report \
    ippusbxd \
    irqbalance \
    iucode-tool \
    keyboard-configuration \
    klibc-utils \
    kmod \
    language-pack-en \
    language-pack-en-base \
    language-pack-gnome-en \
    language-pack-gnome-en-base \
    laptop-detect \
    ldap-utils \
    less \
    libaccountsservice0 \
    libapparmor1 \
    libapt-inst2.0 \
    libasound2 \
    libasound2-data \
    libatm1 \
    libavahi-client3 \
    libavahi-common-data \
    libavahi-common3 \
    libavahi-core7 \
    libavahi-glib1 \
    libblkid1 \
    libboost-iostreams1.71.0 \
    libboost-system1.71.0 \
    libboost-thread1.71.0 \
    libcaca0 \
    libcap-ng0 \
    libcap2 \
    libcap2-bin \
    libcdparanoia0 \
    libcom-err2 \
    libcryptsetup12 \
    libcurl3-gnutls \
    libcurl4 \
    libdbus-1-3 \
    libdevmapper1.02.1 \
    libdns-export1109 \
    libdrm-amdgpu1 \
    libdrm-common \
    libdrm-intel1 \
    libdrm-nouveau2 \
    libdrm-radeon1 \
    libdrm2 \
    libedit2 \
    libefiboot1 \
    libefivar1 \
    libelf1 \
    libexpat1 \
    libfdisk1 \
    libffi7 \
    libfido2-1 \
    libfprint-2-2 \
    libfreetype6 \
    libfribidi0 \
    libfuse2 \
    libgail-common \
    libgail18 \
    libgdk-pixbuf2.0-0 \
    libgdk-pixbuf2.0-bin \
    libgdk-pixbuf2.0-common \
    libgl1 \
    libgl1-mesa-dri \
    libglapi-mesa \
    libglib2.0-0 \
    libglib2.0-bin \
    libglib2.0-data \
    libglvnd0 \
    libglx-mesa0 \
    libglx0 \
    libgmp10 \
    libgnutls30 \
    libgpg-error0 \
    libgphoto2-6 \
    libgphoto2-l10n \
    libgphoto2-port12 \
    libgpm2 \
    libgraphite2-3 \
    libgs9 \
    libgs9-common \
    libgssapi-krb5-2 \
    libgtk-3-0 \
    libgtk-3-bin \
    libgtk-3-common \
    libharfbuzz0b \
    libhogweed5 \
    libhtml-form-perl \
    libhtml-format-perl \
    libhtml-parser-perl \
    libhtml-tagset-perl \
    libhtml-tree-perl \
    libhttp-date-perl \
    libhttp-message-perl \
    libhttp-negotiate-perl \
    libidn2-0 \
    libieee1284-3 \
    libijs-0.35 \
    libjbig0 \
    libjpeg-turbo8 \
    libjpeg8 \
    libjson-c4 \
    libk5crypto3 \
    libkeyutils1 \
    libklibc \
    libkmod2 \
    libkrb5-3 \
    libkrb5support0 \
    liblcms2-2 \
    libldap-2.4-2 \
    libldap-common \
    libllvm12 \
    libltdl7 \
    liblvm2cmd2.03 \
    liblz4-1 \
    liblzma5 \
    libmagic-mgc \
    libmagic1 \
    libmbim-glib4 \
    libmbim-proxy \
    libmount1 \
    libmpdec2 \
    libmspack0 \
    libmtp-common \
    libmtp-runtime \
    libmtp9 \
    libncurses6 \
    libncursesw6 \
    libnetplan0 \
    libnettle7 \
    libnewt0.52 \
    libnfnetlink0 \
    libnfsidmap2 \
    libnss-mdns \
    libnss-systemd \
    libntfs-3g883 \
    libnuma1 \
    libp11-kit0 \
    libpackagekit-glib2-18 \
    libpam-cap \
    libpam-modules \
    libpam-modules-bin \
    libpam-runtime \
    libpam-systemd \
    libpam0g \
    libpango-1.0-0 \
    libpangocairo-1.0-0 \
    libpangoft2-1.0-0 \
    libpaper-utils \
    libpaper1 \
    libparted2 \
    libpcap0.8 \
    libpci3 \
    libpcre2-8-0 \
    libpcre3 \
    libperl5.30 \
    libpipeline1 \
    libplymouth4 \
    libpng16-16 \
    libpolkit-agent-1-0 \
    libpolkit-backend-1-0 \
    libpolkit-gobject-1-0 \
    libpopt0 \
    libprocps8 \
    libproxy1v5 \
    libpsl5 \
    libpulse0 \
    libpulsecommon-12.2 \
    libpwquality-common \
    libpwquality1 \
    libpython3-stdlib \
    libpython3.8 \
    libpython3.8-minimal \
    libpython3.8-stdlib \
    libqmi-glib5 \
    libqmi-proxy \
    libreadline8 \
    librest-0.7-0 \
    librsvg2-2 \
    librsvg2-common \
    libsasl2-2 \
    libsasl2-modules \
    libsasl2-modules-db \
    libseccomp2 \
    libselinux1 \
    libsensors-config \
    libsensors5 \
    libsmartcols1 \
    libsoup-gnome2.4-1 \
    libsoup2.4-1 \
    libspeex1 \
    libsqlite3-0 \
    libss2 \
    libssl1.1 \
    libstdc++6 \
    libsystemd0 \
    libtasn1-6 \
    libthai-data \
    libthai0 \
    libtiff5 \
    libtinfo6 \
    libudev1 \
    libunistring2 \
    libusb-1.0-0 \
    libuuid1 \
    libvpx6 \
    libwacom-bin \
    libwacom-common \
    libwacom2 \
    libwayland-client0 \
    libwayland-cursor0 \
    libwayland-egl1 \
    libwayland-server0 \
    libwebp6 \
    libwebpdemux2 \
    libwebpmux3 \
    libwoff1 \
    libwrap0 \
    libx11-6 \
    libx11-data \
    libxau6 \
    libxcb1 \
    libxdmcp6 \
    libxext6 \
    libxkbcommon0 \
    libxml2 \
    libxmuu1 \
    libxpm4 \
    libxrandr2 \
    libxshmfence1 \
    libxtables12 \
    libxxhash0 \
    libyaml-0-2 \
    libzstd1 \
    linux-base \
    linux-firmware \
    linux-generic \
    linux-headers-generic \
    linux-image-generic \
    linux-modules-extra-5.4.0-42-generic \
    locales \
    lockfile-progs \
    logrotate \
    lsb-release \
    lshw \
    lsof \
    ltrace \
    man-db \
    manpages \
    manpages-dev \
    mawk \
    mime-support \
    mlocate \
    modemmanager \
    mount \
    mtr-tiny \
    nano \
    ncurses-base \
    ncurses-bin \
    net-tools \
    netbase \
    netcat-openbsd \
    networkd-dispatcher \
    network-manager \
    nplan \
    ntfs-3g \
    open-iscsi \
    openssh-client \
    openssh-server \
    openssh-sftp-server \
    os-prober \
    overlayroot \
    parted \
    passwd \
    pastebinit \
    patch \
    pci.ids \
    pciutils \
    perl \
    perl-base \
    perl-modules-5.30 \
    plymouth \
    plymouth-theme-ubuntu-text \
    policykit-1 \
    popularity-contest \
    powermgmt-base \
    ppp \
    pppconfig \
    pppoeconf \
    pptp-linux \
    procps \
    psmisc \
    publicsuffix \
    python-apt-common \
    python3 \
    python3-apport \
    python3-apt \
    python3-commandnotfound \
    python3-dbus \
    python3-distupgrade \
    python3-gdbm \
    python3-gi \
    python3-minimal \
    python3-newt \
    python3-problem-report \
    python3-software-properties \
    python3-systemd \
    python3-update-manager \
    python3-urllib3 \
    python3-yaml \
    python3.8 \
    python3.8-minimal \
    readline-common \
    rfkill \
    rsync \
    rsyslog \
    run-one \
    screen \
    secureboot-db \
    sensible-utils \
    sgml-base \
    shared-mime-info \
    snap-confine \
    software-properties-common \
    sosreport \
    squashfs-tools \
    ssh-import-id \
    ssl-cert \
    strace \
    sudo \
    systemd \
    systemd-sysv \
    systemd-timesyncd \
    tar \
    tcpdump \
    telnet \
    thermald \
    time \
    tmux \
    tzdata \
    ubuntu-advantage-tools \
    ubuntu-drivers-common \
    ubuntu-minimal \
    ubuntu-release-upgrader-core \
    ubuntu-server \
    ubuntu-standard \
    ucf \
    udev \
    udisks2 \
    ufw \
    unattended-upgrades \
    update-inetd \
    update-notifier-common \
    usb.ids \
    usbmuxd \
    usbutils \
    util-linux \
    vim \
    vim-common \
    vim-runtime \
    vim-tiny \
    wamerican \
    wget \
    whiptail \
    wireless-regdb \
    wireless-tools \
    wpasupplicant \
    xauth \
    xdg-user-dirs \
    xkb-data \
    xz-utils \
    zerofree \
    zip \
    zlib1g

# 自动移除不再需要的依赖
apt-get autoremove -y --purge

# 清理apt缓存
apt-get clean
rm -rf /var/lib/apt/lists/*

# 禁用不必要的服务
systemctl disable --now \
    apparmor \
    avahi-daemon \
    bluetooth \
    console-setup \
    cron \
    cups \
    cups-browsed \
    ModemManager \
    networkd-dispatcher \
    pppd-dns \
    rsyslog \
    snapd \
    snapd.apparmor \
    snapd.seeded \
    snapd.socket \
    systemd-timesyncd \
    thermald \
    ufw \
    unattended-upgrades \
    wpa_supplicant


# 禁用swap(Docker在swap启用时性能较差)
swapoff -a
sed -i '/swap/d' /etc/fstab

# 优化内核参数
cat > /etc/sysctl.d/99-docker.conf <<EOF
# 提高网络性能
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_max_syn_backlog=3240000
net.core.somaxconn=3240000
net.ipv4.tcp_max_tw_buckets=1440000
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1

# 提高容器性能
vm.swappiness=0
vm.overcommit_memory=1
vm.max_map_count=262144
kernel.pid_max=4194303
fs.file-max=1000000
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=524288

# 提高Docker性能
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF

# 应用内核参数
sysctl -p /etc/sysctl.d/99-docker.conf

# 创建最小化的motd
echo "Minimal Ubuntu Server - Optimized for Docker" > /etc/motd

# 禁用日志记录(Docker容器通常有自己的日志系统)
systemctl stop rsyslog
systemctl disable rsyslog
find /var/log -type f -delete
mkdir /var/log/journal
systemd-tmpfiles --create --prefix /var/log/journal

# 禁用cron(容器内通常有自己的定时任务)
systemctl stop cron
systemctl disable cron

# 禁用apt定时任务
systemctl stop apt-daily.timer
systemctl disable apt-daily.timer
systemctl stop apt-daily-upgrade.timer
systemctl disable apt-daily-upgrade.timer

# 删除不必要的文档和手册页
rm -rf /usr/share/doc/*
rm -rf /usr/share/man/*
rm -rf /usr/share/info/*
rm -rf /usr/share/locale/*
rm -rf /usr/share/gnome/help/*
rm -rf /usr/share/help/*
rm -rf /usr/share/backgrounds/*

# 删除不必要的本地化文件
find /usr/share/locale -mindepth 1 -maxdepth 1 ! -name 'en*' -exec rm -rf {} +

# 删除缓存文件
rm -rf /var/cache/man/*
rm -rf /var/cache/apt/archives/*
rm -rf /var/cache/debconf/*

# 删除临时文件
rm -rf /tmp/*
rm -rf /var/tmp/*

# 删除旧的配置文件
find /etc -name '*.dpkg-dist' -delete
find /etc -name '*.dpkg-old' -delete
find /etc -name '*.dpkg-new' -delete

# 删除不必要的用户和组
userdel -r games
userdel -r irc
userdel -r list
userdel -r news
userdel -r uucp
userdel -r www-data
groupdel games
groupdel irc
groupdel list
groupdel news
groupdel uucp
groupdel www-data

# 设置时区为UTC(可根据需要修改)
timedatectl set-timezone UTC

# 禁用IPv6(如果不需要)
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
sysctl -p

# 重启系统以应用所有更改
echo "系统将在10秒后重启..."
sleep 10
reboot

脚本使用方法:

#新建脚本文件,然后将上面的内容粘贴进去
minimize-for-hysteria2.sh
#赋予最高权限
chmod +x minimize-for-hysteria2.sh
#运行脚本
./minimize-for-hysteria2.sh

最后更新于