Docker从入门到实践

Docker sock

1
2
3
4
curl -s --unix-socket /var/run/docker.sock http://image/json
curl -s --unix-socket /var/run/docker.sock v1.41/info
curl -s --unix-socket /var/run/docker.sock /info -vv [Error]
curl -s --unix-socket /var/run/docker.sock docker/info -vv
  • Trying /var/run/docker.sock:0…
  • Connected to docker (/Users/wurui/.docker/run/docker.sock) port 80 (#0)

    GET /info HTTP/1.1
    Host: docker
    User-Agent: curl/7.79.1
    Accept: /

  • Mark bundle as not supporting multiuse
    < HTTP/1.1 200 OK
    < Api-Version: 1.41
    < Content-Type: application/json
    < Date: Thu, 21 Jul 2022 09:55:25 GMT
    < Docker-Experimental: false
    < Ostype: linux
    < Server: Docker/20.10.17 (linux)
    < Transfer-Encoding: chunked

需要一个Host, /info前面不重要

1
2
3
4
5
6
7
8
9
10
curl -s --unix-socket /var/run/docker.sock -vv docker/containers/json?all=true

curl -s --unix-socket /var/run/docker.sock -vv docker/containers/d778e9e523e231cc3fd9664480ffc675f64f8f6f83ece0668192184b4e7b3e2f/json
curl -s --unix-socket /var/run/docker.sock -vv docker/containers/d778e9e523e231cc3fd9664480ffc675f64f8f6f83ece0668192184b4e7b3e2f/top

curl -s --unix-socket /var/run/docker.sock -vv docker/containers/d778e9e523e231cc3fd9664480ffc675f64f8f6f83ece0668192184b4e7b3e2f/stats

curl -s --unix-socket /var/run/docker.sock -vv docker/containers/d778e9e523e231cc3fd9664480ffc675f64f8f6f83ece0668192184b4e7b3e2f/stats?stream=0

curl -s --unix-socket /var/run/docker.sock -vv docker/images/json

Docker

1
2
3
4
5
6
7
8
9
10
docker run -it manjarolinux/base bash
docker exec -it manjarolinux bash

docker ps
docker exec -it manjaro bash

docker commit -m "test" d778e9e523e2 temp_image
docker rmi temp_image

pacman -S wqy-microhei-lite mousepad

/etc/pacman.d/mirrorlist

1
Server = https://mirrors.tuna.tsinghua.edu.cn/archlinuxarm/$arch/$repo

/etc/pacman.conf

1
2
Color
ParallelDownloads = 8

/etc/locale.gen

1
zh_CN.UTF-8 UTF-8

locale-gen

XQuartz

1
2
3
brew install --cask xquartz
# xhost +
export DISPLAY=host.docker.internal:0

OpenGL

Download and install latest XQuartz.

Enable Allow connections from network clients in X11 Preferences -> Security.

Add following line to file ~/.ssh/config.

1
XAuthLocation /opt/X11/bin/xauth

Enable indirect OpenGL rendering with X11 forwarding

1
defaults write org.macosforge.xquartz.X11 enable_iglx -bool true

Unfortunately, XQuartz only supports OpenGL 1.4.

Docker服务端的防护

http://shouce.jb51.net/docker_practice/security/daemon_sec.html
为了加强对服务端的保护,Docker 的 REST API(客户端用来跟服务端通信)在 0.5.2 之后使用本地的 Unix 套接字机制替代了原先绑定在 127.0.0.1 上的 TCP 套接字,因为后者容易遭受跨站脚本攻击。现在用户使用 Unix 权限检查来加强套接字的访问安全。

docker_api.lua

1
/var/run/docker.pid --> 需要调整