Docker practical tutorial from introduction to improvement (III)

Time:2022-8-3

In the first two articles of this series, we have learned the installation steps of docker. Through practical examples, we have learned the implementation principle of mutual isolation between docker and host operating system file directories, as well as the working principle of docker volume:

This article continues to learn how to edit docker images and how to use dockerfile to make self-made images through actual combat.

  • Exercise 1: working principle and usage of docker image submission command commit

After creating a container locally, you can create a local image based on this container, and push this image to the docker hub for download and use on the network.
Now let’s practice.

docker pull nginx:1.15.3

Docker practical tutorial from introduction to improvement (III)

Start a container with the command line:

docker run -d -p 1080:80 –name jerry-nginx nginx:1.15.3

Docker practical tutorial from introduction to improvement (III)

Visit URL localhost:1080 to see the default homepage of nginx:

Docker practical tutorial from introduction to improvement (III)

Enter the shell of the container:

docker exec -it jerry-nginx /bin/bash

Check the default homepage of this nginx image:

Docker practical tutorial from introduction to improvement (III)

I want to use WGet in the container, so first install:

apt-get update && apt-get -y install wget

Docker practical tutorial from introduction to improvement (III)

Use the WGet command to download an image file and an HTML file to the location where the nginx server stores the web page:

wget --no-check-certificate -O /usr/share/nginx/html/evil.jpg https://github.com/raw/slvi/docker-k8s-training/master/docker/res/evil.jpg
wget --no-check-certificate -O /usr/share/nginx/html/index.html https://github.com/raw/slvi/docker-k8s-training/master/docker/res/evil.html

Refresh the page again. The page we see now has become the page downloaded by WGet:

Docker practical tutorial from introduction to improvement (III)

We now hope to solidify the modifications found in this container so that others can use it.

docker commit jerry-nginx jerry-modify-nginx:1.0

Docker practical tutorial from introduction to improvement (III)

sha256:7e243a7b4c0796e3a787fe963224fdf1fe81d9fe9b283f6f3e4f17e1defa0c96
Use the command to set 1.0 to latest tag:

docker tag jerry-modify-nginx:1.0 jerry-modify-nginx:latest

usedocker stop jerry-nginxStop the old container and start the modified containerjerry-modify-nginx:

Docker practical tutorial from introduction to improvement (III)

docker historyName to view the history of this new image:

Docker practical tutorial from introduction to improvement (III)

Execute the command to label the new image:

docker tag jerry-modify-nginx:latest registry.ingress.shcw46.k8s-train.k8s-hana.ondemand.com/jerry-modify-nginx:760d7ca6

Push the tagged image to the far end:

docker push registry.ingress.shcw46.k8s-train.k8s-hana.ondemand.com/jerry-modify-nginx:760d7ca6

Docker practical tutorial from introduction to improvement (III)

In this way, other developers on the network can use the docker image that has modified the homepage of nginx.

  • Exercise 2: create an nginx image that supports SSL

What is dockerfile? Simply put, it is a script file in text format, which contains instructions. Each instruction is responsible for describing how to build the current layer of the image.

Here is a specific example to learn how to write dockerfile.
Create a new dbuild folder and create a custom nginx homepage. The logic is very simple, and display a custom image file train.jpg

Docker practical tutorial from introduction to improvement (III)

I want to make some modifications based on the standard nginx image to make nginx support SSL. SSL (Secure Sockets Layer secure socket layer) and its successor transport layer security (TLS) are a security protocol that provides security and data integrity for network communication.

TLS and SSL encrypt network connections at the transport layer.
To do this, I first need to create a configuration file for SSL.

Docker practical tutorial from introduction to improvement (III)

cat << '__EOF' > ssl.conf
server {
listen       443 ssl;
server_name  localhost;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

location / {
root   /usr/share/nginx/html;
index  index.html index.htm;
}
}
__EOF

Use the following command to createnginx.keyandnginx.crtFile:

openssl req -x509 -nodes -newkey rsa:4096 -keyout nginx.key -out nginx.crt -days 365 -subj “/CN=$(hostname)”

Docker practical tutorial from introduction to improvement (III)

When everything is ready, it is time to create a dockerfile:

Docker practical tutorial from introduction to improvement (III)

FROM nginx:stable

# copy the custom website into the image
COPY train.jpg /usr/share/nginx/html/
COPY index.html /usr/share/nginx/html/

# copy the SSL configuration file into the image
COPY ssl.conf /etc/nginx/conf.d/ssl.conf

# download the SSL key and certificate into the image
COPY nginx.key /etc/nginx/ssl/nginx.key
COPY nginx.crt /etc/nginx/ssl/nginx.crt

# expose the https port
EXPOSE 443

For all dockerfile files, the first line of instructions must beFROM XXXX.

The function of from is to specify the base image. This dockerfile is customized based on the image specified after from.

stayDocker StoreThere are many high-quality official images on, which are mainly divided into the following three categories:

  1. Out of the box service images, such as network server nginx, and database servers such as redis, Mongo, mysql, etc;
  2. It is convenient to develop, build and run images of various language applications, such as node, openjdk, python, etc.
  3. Compared with the first two categories, more basic operating system images, such as Ubuntu, Debian, CentOS, etc.

Of course, if you don’t want to start the image construction based on these official images, but want to start from scratch, this is also possible.
Docker has a special image namedscratchIt is a virtual concept that represents a blank image.

Direct useFROM scratchIt will make the image smaller.

The next series of copy instructions are well understood.
After the dockerfile is developed, execute the command:

docker build -t jerry-nginx:1.0 .

It means to build an image based on the current directory, and pay attention to the at the end.Indispensable, representing “current directory”.

adoptdocker buildThe log of execution output can observe that the instructions of each line inside are executed line by line:

Docker practical tutorial from introduction to improvement (III)

The last line of log prompt label isjerry-nginx:1.0The image of was successfully built.

Run a container based on the newly created image with the following command:

docker run -d -p 443:443 -p 1082:80 jerry-nginx:1.0

There is no problem accessing based on HTTP protocol:
http://localhost:1082

Docker practical tutorial from introduction to improvement (III)

HTTPS based access also works:
https://localhost:443

Docker practical tutorial from introduction to improvement (III)

So far, the nginx image supporting SSL has been successfully created.

summary

Through two practical exercises, this paper introduces how to modify the default homepage based on the standard nginx image, and the steps of making an SSL supported nginx image, and explains the working principle of dockerfile from practical examples.

Links to the first two articles in this series: