二进制安装docker
- 获取docker二进制包
- 解压
- 安装到系统路径
- 赋予可执行权限
- 设置 Docker 守护进程
- 创建systemd服务文件
sudo tee /etc/systemd/system/docker.service <<-'EOF' [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com [Service] ExecStart=/usr/local/bin/dockerd ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TimeoutStartSec=0 Delegate=yes KillMode=process Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target EOF - 重载并启动服务
- 验证安装
- 检查服务状态
systemctl status docker - 验证版本
docker version --format 'Client: {{.Client.Version}}\nServer: {{.Server.Version}}'
- 检查服务状态
- 安全加固
- 创建docker用户组
sudo groupadd docker - 加入docker用户组
sudo usermod -aG docker $USER
- 创建docker用户组
- linux创建用户
-
创建用户(不创建家目录,-M)并禁止登录(-s /sbin/nologin)
sudo useradd -M -s /sbin/nologin docker-user -
或创建带家目录的用户(根据需求选择)
sudo useradd docker-user
-
创建用户(不创建家目录,-M)并禁止登录(-s /sbin/nologin)
wget https://download.docker.com/linux/static/stable/aarch64/docker-28.2.2.tgztar xzvf docker-28.2.2.tgzsudo cp docker/* /usr/local/bin/sudo chmod +x /usr/local/bin/docker*sudo systemctl daemon-reload
sudo systemctl enable --now docker文章出处: Docker 环境部署指南:二进制安装与生产环境实践 - Leo-Yide - 博客园
安装 docker-compose
- 获取 docker-compose 二进制包
- 修改名称
- 复制到系统路径
- 赋予可执行权限
wget https://github.com/docker/compose/releases/download/v2.39.2/docker-compose-linux-x86_64mv docker-compose-linux-x86_64 docker-composesudo cp docker-compose /usr/local/bin/sudo chmod +x /usr/local/bin/docker-compose一键安装docker二进制脚本
#!/bin/bash
set -e
# 版本号可自定义修改
DOCKER_VERSION="28.2.2"
ARCH="x86_64" # 或 aarch64
DOWNLOAD_URL="https://download.docker.com/linux/static/stable/${ARCH}/docker-${DOCKER_VERSION}.tgz"
# 下载目录
TMP_DIR="/tmp/docker-install"
INSTALL_DIR="/usr/local/bin"
echo "[+] 创建临时目录:$TMP_DIR"
mkdir -p "$TMP_DIR"
cd "$TMP_DIR"
echo "[+] 下载 Docker 二进制文件:$DOWNLOAD_URL"
curl -LO "$DOWNLOAD_URL"
echo "[+] 解压 Docker 文件"
tar -xvzf "docker-${DOCKER_VERSION}.tgz"
echo "[+] 复制二进制文件到 $INSTALL_DIR"
sudo cp docker/* "$INSTALL_DIR"
echo "[+] 添加 docker.service 服务文件"
sudo bash -c 'cat >/etc/systemd/system/docker.service <<-'EOF' [Unit] Description=Docker Service After=network.target [Service] ExecStart=/usr/local/bin/dockerd ExecReload=/bin/kill -s HUP \$MAINPID TimeoutSec=0 RestartSec=2 Restart=always StartLimitBurst=3 StartLimitInterval=60s LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity [Install] WantedBy=multi-user.target EOF' echo "[+] 重新加载 systemd 配置并启动 Docker" sudo systemctl daemon-reexec sudo systemctl daemon-reload sudo systemctl enable docker sudo systemctl start docker echo "[+] 验证 Docker 安装" docker --versionopenwrt旁路由设置
- 创建docker的虚拟网络
- docker运行openwrt命令
- 修改network
- 进入openwrt容器
docker exec -it openwrt bash - 修改网段
vi /etc/config/network输入i编辑。把option ipaddr '192.168.x.x'里面的两个x替换为你想登录op的ip。把option gateway '192.168.x.1'里的x修改默认路由地址。
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option packet_steering '1' config interface 'lan' option proto 'static' option netmask '255.255.255.0' option ipaddr '192.168.x.x' option gateway '192.168.x.1' option delegate '0' option type 'bridge' option ifname 'eth0' config device option type 'bridge' option name 'docker0' config interface 'lan6' option proto 'dhcpv6' option ifname '@lan' option reqaddress 'try' option reqprefix 'auto' -
修改好后按ESC然后再按:然后输入wq回车保存。在输入
/etc/init.d/network restart
- 进入openwrt容器
docker network create -d macvlan --subnet=192.168.22.0/24 --gateway=192.168.22.1 -o parent=eth0 openwrtdocker run --restart always --name openwrt -d --network openwrt --ip 192.168.22.210 --privileged ghcr.io/ldxw/openwrt:n1 /sbin/init重启容器网络
正文完