💿Docker
太爱Docker了,万物皆可Docker,Docker取代一切!
我为什么说docker是我最喜欢的开发环境,因为docker有以下几大优势对我来说太关键了!
使用任何编程语言时不需要考虑依赖,比如运行python程序时不需要考虑import的库
一个项目一个container容器,完全独立自主运行,管理方便,重新构建方便,完整删除也方便
这两大优势对于服务器运行来说太好用了,不用考虑为每个项目去配置对应的编程语言环境
最新版Docker安装步骤:
先删除原先可能已经安装的各种docker相关软件包:
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done
将 Docker APT 软件源添加到你的系统:
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
安装 Docker 最新版本
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
查看运行状态:
sudo systemctl status docker
或者也可以使用官方的安装脚本:
curl -fsSL https://get.docker.com | sudo sh
如果遇到错误可能是系统或者版本的变更导致,可以自行去官网查看最新教程:https://docs.docker.com/engine/install/ubuntu/
特别的:对于国内的服务器,可能会导致下载密钥失败而无法进行后续的步骤报错,这个时候就可以用阿里云的镜像密钥进行替换
#安装依赖工具:
sudo apt-get update
sudo apt-get install -y ca-certificates curl gnupg lsb-release
#使用 阿里云镜像 下载 GPG 密钥
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
#替换默认的 Docker 源为 阿里云镜像
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
#更新 APT 并安装 Docker
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
我也可以给大家看看我用docker部署了多少项目(仅作示例参考,没有任何特殊含义):
该章节下将为大家推荐几个几乎可以说是VPS必备的docker项目
P.S. 这里特别插一条小知识,国内的服务器由于网络环境的问题,很有可能是没法从docker Hub拉取镜像的,这就很难受了,需要借助一些反代服务,可以自己搭,也可以用我下面这个例子:
docker.1panel.live/library/redis:latest
使用 1panel 的镜像来代理,后面跟上作者和镜像路径即可,不知道发布者是谁的就去Docker Hub找这个镜像(https://hub.docker.com/),然后上面的例子也是特殊的,这个library不是什么特定的作者,而是官方的镜像,如redis、mysql等都是官方发布的。
下面来讲一个进阶操作,我写了一个脚本,可以将服务器最大化精简到只保留运行docker的基本环境,删除了所有不必要的软件包和其他环境,并且安装docker命令行服务,这样的最小化系统可以提高在低配置机器上的使用体验和运行效率。(脚本使用方法在最后面)
警告:1、本脚本只适合在Ubuntu上运行;
2、本脚本会删除其他所有无关内容(一些特别的例子:删除了apt包管理工具,你将无法安装其他软件包,也无法管理软件包;删除了rsyslog,系统没有了日志记录;删除了cron,无法创建定时任务),只保留运行docker的环境,如果你要运行任何其他出了docker容器以外的内容请不要使用。
#!/bin/bash
# 确保以root用户运行
if [ "$(id -u)" -ne 0 ]; then
echo "请使用root用户运行此脚本"
exit 1
fi
# 更新系统
apt-get update
apt-get upgrade -y
# 安装Docker必要依赖
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
# 添加Docker官方GPG密钥
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
# 添加Docker仓库
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
# 更新并安装Docker
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io
# 移除不必要的软件包
apt-get purge -y \
ubuntu-server \
snapd \
unattended-upgrades \
cloud-init \
rsyslog \
popularity-contest \
apport \
command-not-found \
laptop-detect \
tasksel \
telnet \
ftp \
whoopsie \
avahi-daemon \
cups \
isc-dhcp-server \
isc-dhcp-client \
rpcbind \
nfs-common \
at \
openbsd-inetd \
xinetd \
exim4 \
exim4-base \
exim4-config \
exim4-daemon-light \
telnetd \
nis \
rsh-client \
rsh-redone-client \
talk \
talkd \
tftp \
tftpd \
x11-common \
xserver-xorg-core \
xserver-xorg-input-all \
xserver-xorg-video-all \
xorg \
xserver-xorg \
xserver-common \
plymouth \
plymouth-themes \
plymouth-x11 \
ubuntu-minimal \
ubuntu-standard \
ubuntu-advantage-tools \
lxd \
lxd-client \
lxcfs \
mdadm \
lvm2 \
thin-provisioning-tools \
accountsservice \
alsa-utils \
anacron \
apache2 \
apache2-bin \
apache2-data \
apache2-utils \
apparmor \
apport \
apport-symptoms \
apt-listchanges \
apt-listbugs \
apt-utils \
avahi-autoipd \
avahi-daemon \
avahi-utils \
bcache-tools \
bind9-host \
bluez \
bolt \
btrfs-progs \
btrfs-tools \
busybox-static \
byobu \
cloud-guest-utils \
cloud-initramfs-copymods \
cloud-initramfs-dyn-netconf \
command-not-found \
console-setup \
console-setup-linux \
crda \
cryptsetup \
cryptsetup-bin \
cryptsetup-initramfs \
cryptsetup-run \
cups-common \
cups-core-drivers \
cups-daemon \
cups-ppdc \
cups-server-common \
debconf-utils \
debian-faq \
dictionaries-common \
dmraid \
dns-root-data \
dnsmasq-base \
doc-base \
dosfstools \
eject \
emacsen-common \
ethtool \
example-content \
friendly-recovery \
ftp \
fuse \
fwupd \
fwupdate \
fwupdate-signed \
gcc \
geoip-database \
gettext-base \
gir1.2-glib-2.0 \
gir1.2-packagekitglib-1.0 \
git \
git-man \
gnupg2 \
gpg \
gpg-agent \
gpg-wks-client \
gpg-wks-server \
gpgconf \
gpgsm \
gpgv \
groff-base \
grub-common \
grub-gfxpayload-lists \
grub-pc \
grub-pc-bin \
grub2-common \
gvfs \
gvfs-common \
gvfs-daemons \
gvfs-libs \
hdparm \
hicolor-icon-theme \
hostapd \
htop \
info \
initramfs-tools \
initramfs-tools-bin \
initramfs-tools-core \
installation-report \
ippusbxd \
irqbalance \
iucode-tool \
keyboard-configuration \
klibc-utils \
kmod \
language-pack-en \
language-pack-en-base \
language-pack-gnome-en \
language-pack-gnome-en-base \
laptop-detect \
ldap-utils \
less \
libaccountsservice0 \
libapparmor1 \
libapt-inst2.0 \
libasound2 \
libasound2-data \
libatm1 \
libavahi-client3 \
libavahi-common-data \
libavahi-common3 \
libavahi-core7 \
libavahi-glib1 \
libblkid1 \
libboost-iostreams1.71.0 \
libboost-system1.71.0 \
libboost-thread1.71.0 \
libcaca0 \
libcap-ng0 \
libcap2 \
libcap2-bin \
libcdparanoia0 \
libcom-err2 \
libcryptsetup12 \
libcurl3-gnutls \
libcurl4 \
libdbus-1-3 \
libdevmapper1.02.1 \
libdns-export1109 \
libdrm-amdgpu1 \
libdrm-common \
libdrm-intel1 \
libdrm-nouveau2 \
libdrm-radeon1 \
libdrm2 \
libedit2 \
libefiboot1 \
libefivar1 \
libelf1 \
libexpat1 \
libfdisk1 \
libffi7 \
libfido2-1 \
libfprint-2-2 \
libfreetype6 \
libfribidi0 \
libfuse2 \
libgail-common \
libgail18 \
libgdk-pixbuf2.0-0 \
libgdk-pixbuf2.0-bin \
libgdk-pixbuf2.0-common \
libgl1 \
libgl1-mesa-dri \
libglapi-mesa \
libglib2.0-0 \
libglib2.0-bin \
libglib2.0-data \
libglvnd0 \
libglx-mesa0 \
libglx0 \
libgmp10 \
libgnutls30 \
libgpg-error0 \
libgphoto2-6 \
libgphoto2-l10n \
libgphoto2-port12 \
libgpm2 \
libgraphite2-3 \
libgs9 \
libgs9-common \
libgssapi-krb5-2 \
libgtk-3-0 \
libgtk-3-bin \
libgtk-3-common \
libharfbuzz0b \
libhogweed5 \
libhtml-form-perl \
libhtml-format-perl \
libhtml-parser-perl \
libhtml-tagset-perl \
libhtml-tree-perl \
libhttp-date-perl \
libhttp-message-perl \
libhttp-negotiate-perl \
libidn2-0 \
libieee1284-3 \
libijs-0.35 \
libjbig0 \
libjpeg-turbo8 \
libjpeg8 \
libjson-c4 \
libk5crypto3 \
libkeyutils1 \
libklibc \
libkmod2 \
libkrb5-3 \
libkrb5support0 \
liblcms2-2 \
libldap-2.4-2 \
libldap-common \
libllvm12 \
libltdl7 \
liblvm2cmd2.03 \
liblz4-1 \
liblzma5 \
libmagic-mgc \
libmagic1 \
libmbim-glib4 \
libmbim-proxy \
libmount1 \
libmpdec2 \
libmspack0 \
libmtp-common \
libmtp-runtime \
libmtp9 \
libncurses6 \
libncursesw6 \
libnetplan0 \
libnettle7 \
libnewt0.52 \
libnfnetlink0 \
libnfsidmap2 \
libnss-mdns \
libnss-systemd \
libntfs-3g883 \
libnuma1 \
libp11-kit0 \
libpackagekit-glib2-18 \
libpam-cap \
libpam-modules \
libpam-modules-bin \
libpam-runtime \
libpam-systemd \
libpam0g \
libpango-1.0-0 \
libpangocairo-1.0-0 \
libpangoft2-1.0-0 \
libpaper-utils \
libpaper1 \
libparted2 \
libpcap0.8 \
libpci3 \
libpcre2-8-0 \
libpcre3 \
libperl5.30 \
libpipeline1 \
libplymouth4 \
libpng16-16 \
libpolkit-agent-1-0 \
libpolkit-backend-1-0 \
libpolkit-gobject-1-0 \
libpopt0 \
libprocps8 \
libproxy1v5 \
libpsl5 \
libpulse0 \
libpulsecommon-12.2 \
libpwquality-common \
libpwquality1 \
libpython3-stdlib \
libpython3.8 \
libpython3.8-minimal \
libpython3.8-stdlib \
libqmi-glib5 \
libqmi-proxy \
libreadline8 \
librest-0.7-0 \
librsvg2-2 \
librsvg2-common \
libsasl2-2 \
libsasl2-modules \
libsasl2-modules-db \
libseccomp2 \
libselinux1 \
libsensors-config \
libsensors5 \
libsmartcols1 \
libsoup-gnome2.4-1 \
libsoup2.4-1 \
libspeex1 \
libsqlite3-0 \
libss2 \
libssl1.1 \
libstdc++6 \
libsystemd0 \
libtasn1-6 \
libthai-data \
libthai0 \
libtiff5 \
libtinfo6 \
libudev1 \
libunistring2 \
libusb-1.0-0 \
libuuid1 \
libvpx6 \
libwacom-bin \
libwacom-common \
libwacom2 \
libwayland-client0 \
libwayland-cursor0 \
libwayland-egl1 \
libwayland-server0 \
libwebp6 \
libwebpdemux2 \
libwebpmux3 \
libwoff1 \
libwrap0 \
libx11-6 \
libx11-data \
libxau6 \
libxcb1 \
libxdmcp6 \
libxext6 \
libxkbcommon0 \
libxml2 \
libxmuu1 \
libxpm4 \
libxrandr2 \
libxshmfence1 \
libxtables12 \
libxxhash0 \
libyaml-0-2 \
libzstd1 \
linux-base \
linux-firmware \
linux-generic \
linux-headers-generic \
linux-image-generic \
linux-modules-extra-5.4.0-42-generic \
locales \
lockfile-progs \
logrotate \
lsb-release \
lshw \
lsof \
ltrace \
man-db \
manpages \
manpages-dev \
mawk \
mime-support \
mlocate \
modemmanager \
mount \
mtr-tiny \
nano \
ncurses-base \
ncurses-bin \
net-tools \
netbase \
netcat-openbsd \
networkd-dispatcher \
network-manager \
nplan \
ntfs-3g \
open-iscsi \
openssh-client \
openssh-server \
openssh-sftp-server \
os-prober \
overlayroot \
parted \
passwd \
pastebinit \
patch \
pci.ids \
pciutils \
perl \
perl-base \
perl-modules-5.30 \
plymouth \
plymouth-theme-ubuntu-text \
policykit-1 \
popularity-contest \
powermgmt-base \
ppp \
pppconfig \
pppoeconf \
pptp-linux \
procps \
psmisc \
publicsuffix \
python-apt-common \
python3 \
python3-apport \
python3-apt \
python3-commandnotfound \
python3-dbus \
python3-distupgrade \
python3-gdbm \
python3-gi \
python3-minimal \
python3-newt \
python3-problem-report \
python3-software-properties \
python3-systemd \
python3-update-manager \
python3-urllib3 \
python3-yaml \
python3.8 \
python3.8-minimal \
readline-common \
rfkill \
rsync \
rsyslog \
run-one \
screen \
secureboot-db \
sensible-utils \
sgml-base \
shared-mime-info \
snap-confine \
software-properties-common \
sosreport \
squashfs-tools \
ssh-import-id \
ssl-cert \
strace \
sudo \
systemd \
systemd-sysv \
systemd-timesyncd \
tar \
tcpdump \
telnet \
thermald \
time \
tmux \
tzdata \
ubuntu-advantage-tools \
ubuntu-drivers-common \
ubuntu-minimal \
ubuntu-release-upgrader-core \
ubuntu-server \
ubuntu-standard \
ucf \
udev \
udisks2 \
ufw \
unattended-upgrades \
update-inetd \
update-notifier-common \
usb.ids \
usbmuxd \
usbutils \
util-linux \
vim \
vim-common \
vim-runtime \
vim-tiny \
wamerican \
wget \
whiptail \
wireless-regdb \
wireless-tools \
wpasupplicant \
xauth \
xdg-user-dirs \
xkb-data \
xz-utils \
zerofree \
zip \
zlib1g
# 自动移除不再需要的依赖
apt-get autoremove -y --purge
# 清理apt缓存
apt-get clean
rm -rf /var/lib/apt/lists/*
# 禁用不必要的服务
systemctl disable --now \
apparmor \
avahi-daemon \
bluetooth \
console-setup \
cron \
cups \
cups-browsed \
ModemManager \
networkd-dispatcher \
pppd-dns \
rsyslog \
snapd \
snapd.apparmor \
snapd.seeded \
snapd.socket \
systemd-timesyncd \
thermald \
ufw \
unattended-upgrades \
wpa_supplicant
# 禁用swap(Docker在swap启用时性能较差)
swapoff -a
sed -i '/swap/d' /etc/fstab
# 优化内核参数
cat > /etc/sysctl.d/99-docker.conf <<EOF
# 提高网络性能
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216
net.ipv4.tcp_window_scaling=1
net.ipv4.tcp_max_syn_backlog=3240000
net.core.somaxconn=3240000
net.ipv4.tcp_max_tw_buckets=1440000
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1
# 提高容器性能
vm.swappiness=0
vm.overcommit_memory=1
vm.max_map_count=262144
kernel.pid_max=4194303
fs.file-max=1000000
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=524288
# 提高Docker性能
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF
# 应用内核参数
sysctl -p /etc/sysctl.d/99-docker.conf
# 创建最小化的motd
echo "Minimal Ubuntu Server - Optimized for Docker" > /etc/motd
# 禁用日志记录(Docker容器通常有自己的日志系统)
systemctl stop rsyslog
systemctl disable rsyslog
find /var/log -type f -delete
mkdir /var/log/journal
systemd-tmpfiles --create --prefix /var/log/journal
# 禁用cron(容器内通常有自己的定时任务)
systemctl stop cron
systemctl disable cron
# 禁用apt定时任务
systemctl stop apt-daily.timer
systemctl disable apt-daily.timer
systemctl stop apt-daily-upgrade.timer
systemctl disable apt-daily-upgrade.timer
# 删除不必要的文档和手册页
rm -rf /usr/share/doc/*
rm -rf /usr/share/man/*
rm -rf /usr/share/info/*
rm -rf /usr/share/locale/*
rm -rf /usr/share/gnome/help/*
rm -rf /usr/share/help/*
rm -rf /usr/share/backgrounds/*
# 删除不必要的本地化文件
find /usr/share/locale -mindepth 1 -maxdepth 1 ! -name 'en*' -exec rm -rf {} +
# 删除缓存文件
rm -rf /var/cache/man/*
rm -rf /var/cache/apt/archives/*
rm -rf /var/cache/debconf/*
# 删除临时文件
rm -rf /tmp/*
rm -rf /var/tmp/*
# 删除旧的配置文件
find /etc -name '*.dpkg-dist' -delete
find /etc -name '*.dpkg-old' -delete
find /etc -name '*.dpkg-new' -delete
# 删除不必要的用户和组
userdel -r games
userdel -r irc
userdel -r list
userdel -r news
userdel -r uucp
userdel -r www-data
groupdel games
groupdel irc
groupdel list
groupdel news
groupdel uucp
groupdel www-data
# 设置时区为UTC(可根据需要修改)
timedatectl set-timezone UTC
# 禁用IPv6(如果不需要)
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
sysctl -p
# 重启系统以应用所有更改
echo "系统将在10秒后重启..."
sleep 10
reboot
脚本使用方法:
#新建脚本文件,然后将上面的内容粘贴进去
minimize-for-hysteria2.sh
#赋予最高权限
chmod +x minimize-for-hysteria2.sh
#运行脚本
./minimize-for-hysteria2.sh
最后更新于