springboot docker应用发布
springboot docker应用发布
idea docker 官网:https://www.jetbrains.com/help/idea/docker.html
说明:idea docker插件默认已经安装(file ==> settings ==> plugins)
************************
docker 远程连接
2375:非认证端口,不安全
2376:认证端口,需使用ca证书
制作 ca 证书:https://docs.docker.com/engine/security/protect-access/
country=cn
state=zj
city=hz
orginazation=ali
department=dev
host=******
emailAddress=123456@qq.com
openssl genrsa -aes256 -passout pass:123456 -out ca-key.pem 4096
openssl req -new -x509 -passin "pass:123456" -days 365 -key ca-key.pem -sha256 -out ca.pem -subj "/C=$country/ST=$state/L=$city/O=$orginazation/OU=$department/CN=$host/emailAddress=$emailAddress"
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$host" -sha256 -new -key server-key.pem -out server.csr
echo subjectAltName = IP:$host,IP:0.0.0.0 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days 365 -sha256 -passin pass:123456 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf
openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days 365 -sha256 -passin pass:123456 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile-client.cnf
rm -rf client.csr server.csr extfile.cnf extfile-client.cnf ca.srl
chmod 400 ca-key.pem server-cert.pem server-key.pem
chmod 444 ca.pem key.pem cert.pem
查看生成的证书
[root@centos ca]# pwd
/usr/docker/ca
[root@centos ca]# ls
ca-key.pem ca.pem cert.pem key.pem server-cert.pem server-key.pem
修改docker配置
vim /usr/lib/systemd/system/docker.service
修改ExecStart
# ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStart=/usr/bin/dockerd \
--tlsverify --tlscacert=/usr/docker/ca/ca.pem \
--tlscert=/usr/docker/ca/server-cert.pem \
--tlskey=/usr/docker/ca/server-key.pem \
-H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock \
-H fd:// --containerd=/run/containerd/containerd.sock
保存退出
加载配置、重启docker
systemctl daemon-reload
systemctl restart docker
查看2376端口是否开启
[root@centos ~]# netstat -tunlp | grep 2376
tcp6 0 0 :::2376 :::* LISTEN 7659/dockerd
-t:tcp连接
-u:udp连接
-n:显示ip(numberic)
-l:listen状态的连接
-p:占用端口的应用程序
防火墙开放 2376端口
firewall-cmd --zone=public --add-port=2376/tcp --permanent
#firewall-cmd --zone=public --remove-port=2376/tcp --permanent
firewall-cmd --zone=public --query-port=2376/tcp
#修改后,重载防火墙配置
firewall-cmd --reload
证书文件导出到本地:sz ca.pem cert.pem key.pem
idea 连接docker:file ==> settings ==> docker
idea 成功连接宿主机docker后台程序
idea 查看宿主机上docker容器、镜像
************************
使用测试
**************
controller 层
HelloController
@RestController
public class HelloController {
@RequestMapping("/hello")
public String hello(){
return "hello";
}
}
**************
相关操作
maven 项目打包
编写Dockerfile文件(与target同目录级别)
from java:16
workdir /work
add target/demo.jar /usr/local/app.jar
expose 8080
cmd ["java","-jar","/usr/local/app.jar"]
创建镜像、运行容器:run ==> edit configuration ==> docker ==> dockerfile
点击run、运行创建docker程序
docker运行日志
Deploying 'hello-docker Dockerfile: Dockerfile'...
# 创建镜像
Building image...
Preparing build context archive...
[==================================================>]101/101 files
Done
Sending build context to Docker daemon...
[==================================================>] 15.64MB
Done
Step 1/5 : from java:16
---> 13ac866391d0
Step 2/5 : workdir /work
---> Using cache
---> 540b97750f8b
Step 3/5 : add target/demo.jar /usr/local/app.jar
---> Using cache
---> e34ee23b0f97
Step 4/5 : expose 8080
---> Using cache
---> 021f6d7f936f
Step 5/5 : cmd ["java","-jar","/usr/local/app.jar"]
---> Using cache
---> 36d611f6c923
Successfully built 36d611f6c923
Successfully tagged lihu12344/hello-docker:latest
# 创建容器
Creating container...
Container Id: 4d2ea999dfaaad8f2ea2ef89520c1084e36176a8f417ba519b239a8059aead17
Container name: 'hello-docker'
Starting container 'hello-docker'
'hello-docker Dockerfile: Dockerfile' has been deployed successfully.
此时,访问宿主机ip:8080/hello,输出hello
右击容器对象:查看日志、进入容器对象、删除容器等操作
右击镜像:查看镜像、删除镜像、推送镜像等操作
