docker 旁路由设置

二进制安装docker

1. 获取docker二进制包

wget https://download.docker.com/linux/static/stable/aarch64/docker-28.2.2.tgz

2. 解压

tar xzvf docker-28.2.2.tgz

3. 安装到系统路径

sudo cp docker/* /usr/local/bin/

4. 赋予可执行权限

sudo chmod +x /usr/local/bin/docker*

5. 设置 Docker 守护进程
   • 创建systemd服务文件

     sudo tee /etc/systemd/system/docker.service <<-'EOF'
     [Unit]
     Description=Docker Application Container Engine
     Documentation=https://docs.docker.com
     
     [Service]
     ExecStart=/usr/local/bin/dockerd
     ExecReload=/bin/kill -s HUP $MAINPID
     LimitNOFILE=infinity
     LimitNPROC=infinity
     LimitCORE=infinity
     TimeoutStartSec=0
     Delegate=yes
     KillMode=process
     Restart=on-failure
     StartLimitBurst=3
     StartLimitInterval=60s
     
     [Install]
     WantedBy=multi-user.target
     EOF
     

6. 重载并启动服务

sudo systemctl daemon-reload
sudo systemctl enable --now docker

7. 验证安装
   • 检查服务状态

     systemctl status docker

   • 验证版本

     docker version --format 'Client: {{.Client.Version}}\nServer: {{.Server.Version}}'

8. 安全加固
   • 创建docker用户组

     sudo groupadd docker

   • 加入docker用户组

     sudo usermod -aG docker $USER

9. linux创建用户
   • 创建用户（不创建家目录，-M）并禁止登录（-s /sbin/nologin）

     sudo useradd -M -s /sbin/nologin docker-user

   • 或创建带家目录的用户（根据需求选择）

     sudo useradd docker-user

文章出处: Docker 环境部署指南：二进制安装与生产环境实践 - Leo-Yide - 博客园

一键安装docker二进制脚本

#!/bin/bash

set -e

# 版本号可自定义修改
DOCKER_VERSION="28.2.2"
ARCH="x86_64"  # 或 aarch64
DOWNLOAD_URL="https://download.docker.com/linux/static/stable/${ARCH}/docker-${DOCKER_VERSION}.tgz"

# 下载目录
TMP_DIR="/tmp/docker-install"
INSTALL_DIR="/usr/local/bin"

echo "[+] 创建临时目录：$TMP_DIR"
mkdir -p "$TMP_DIR"
cd "$TMP_DIR"

echo "[+] 下载 Docker 二进制文件：$DOWNLOAD_URL"
curl -LO "$DOWNLOAD_URL"

echo "[+] 解压 Docker 文件"
tar -xvzf "docker-${DOCKER_VERSION}.tgz"

echo "[+] 复制二进制文件到 $INSTALL_DIR"
sudo cp docker/* "$INSTALL_DIR"

echo "[+] 添加 docker.service 服务文件"
sudo bash -c 'cat >/etc/systemd/system/docker.service <<-'EOF'
[Unit]
Description=Docker Service
After=network.target

[Service]
ExecStart=/usr/local/bin/dockerd
ExecReload=/bin/kill -s HUP \$MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity

[Install]
WantedBy=multi-user.target
EOF'

echo "[+] 重新加载 systemd 配置并启动 Docker"
sudo systemctl daemon-reexec
sudo systemctl daemon-reload
sudo systemctl enable docker
sudo systemctl start docker

echo "[+] 验证 Docker 安装"
docker --version

openwrt旁路由设置

1. 创建docker的虚拟网络

docker network create -d macvlan --subnet=192.168.22.0/24 --gateway=192.168.22.1 -o parent=eth0 openwrt

2. docker运行openwrt命令

docker run --restart always --name openwrt -d --network openwrt --ip 192.168.22.210 --privileged ghcr.io/ldxw/openwrt:n1 /sbin/init

3. 修改network
   • 进入openwrt容器

     docker exec -it openwrt bash

   • 修改网段

     vi /etc/config/network

     输入i编辑。把option ipaddr '192.168.x.x'里面的两个x替换为你想登录op的ip。把option gateway '192.168.x.1'里的x修改默认路由地址。

     
     config interface 'loopback'
     	option ifname 'lo'
     	option proto 'static'
     	option ipaddr '127.0.0.1'
     	option netmask '255.0.0.0'
     
     config globals 'globals'
     	option packet_steering '1'
     
     config interface 'lan'
     	option proto 'static'
     	option netmask '255.255.255.0'
     	option ipaddr '192.168.x.x'
     	option gateway '192.168.x.1'
     	option delegate '0'
     	option type 'bridge'
     	option ifname 'eth0'
     
     config device
     	option type 'bridge'
     	option name 'docker0'
     
     config interface 'lan6'
     	option proto 'dhcpv6'
     	option ifname '@lan'
     	option reqaddress 'try'
     	option reqprefix 'auto'
     

   • 修改好后按ESC然后再按:然后输入wq回车保存。在输入

     /etc/init.d/network restart

重启容器网络