In the first two articles of this series, we have learned the installation steps of docker. Through practical examples, we have learned the implementation principle of mutual isolation between docker and host operating system file directories, as well as the working principle of docker volume:
- Docker practical tutorial from introduction to improvement (I)
- Docker practical tutorial from introduction to improvement (II)
This article continues to learn how to edit docker images and how to use dockerfile to make self-made images through actual combat.
- Exercise 1: working principle and usage of docker image submission command commit
After creating a container locally, you can create a local image based on this container, and push this image to the docker hub for download and use on the network.
Now let’s practice.
docker pull nginx:1.15.3
Start a container with the command line:
docker run -d -p 1080:80 –name jerry-nginx nginx:1.15.3
Visit URL localhost:1080 to see the default homepage of nginx:
Enter the shell of the container:
docker exec -it jerry-nginx /bin/bash
Check the default homepage of this nginx image:
I want to use WGet in the container, so first install:
apt-get update && apt-get -y install wget
Use the WGet command to download an image file and an HTML file to the location where the nginx server stores the web page:
wget --no-check-certificate -O /usr/share/nginx/html/evil.jpg https://github.com/raw/slvi/docker-k8s-training/master/docker/res/evil.jpg
wget --no-check-certificate -O /usr/share/nginx/html/index.html https://github.com/raw/slvi/docker-k8s-training/master/docker/res/evil.htmlRefresh the page again. The page we see now has become the page downloaded by WGet:
We now hope to solidify the modifications found in this container so that others can use it.
docker commit jerry-nginx jerry-modify-nginx:1.0
sha256:7e243a7b4c0796e3a787fe963224fdf1fe81d9fe9b283f6f3e4f17e1defa0c96
Use the command to set 1.0 to latest tag:
docker tag jerry-modify-nginx:1.0 jerry-modify-nginx:latest
usedocker stop jerry-nginxStop the old container and start the modified containerjerry-modify-nginx:
docker historyName to view the history of this new image:
Execute the command to label the new image:
docker tag jerry-modify-nginx:latest registry.ingress.shcw46.k8s-train.k8s-hana.ondemand.com/jerry-modify-nginx:760d7ca6
Push the tagged image to the far end:
docker push registry.ingress.shcw46.k8s-train.k8s-hana.ondemand.com/jerry-modify-nginx:760d7ca6
In this way, other developers on the network can use the docker image that has modified the homepage of nginx.
- Exercise 2: create an nginx image that supports SSL
What is dockerfile? Simply put, it is a script file in text format, which contains instructions. Each instruction is responsible for describing how to build the current layer of the image.
Here is a specific example to learn how to write dockerfile.
Create a new dbuild folder and create a custom nginx homepage. The logic is very simple, and display a custom image file train.jpg
I want to make some modifications based on the standard nginx image to make nginx support SSL. SSL (Secure Sockets Layer secure socket layer) and its successor transport layer security (TLS) are a security protocol that provides security and data integrity for network communication.
TLS and SSL encrypt network connections at the transport layer.
To do this, I first need to create a configuration file for SSL.
cat << '__EOF' > ssl.conf
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
__EOFUse the following command to createnginx.keyandnginx.crtFile:
openssl req -x509 -nodes -newkey rsa:4096 -keyout nginx.key -out nginx.crt -days 365 -subj “/CN=$(hostname)”
When everything is ready, it is time to create a dockerfile:
FROM nginx:stable
# copy the custom website into the image
COPY train.jpg /usr/share/nginx/html/
COPY index.html /usr/share/nginx/html/
# copy the SSL configuration file into the image
COPY ssl.conf /etc/nginx/conf.d/ssl.conf
# download the SSL key and certificate into the image
COPY nginx.key /etc/nginx/ssl/nginx.key
COPY nginx.crt /etc/nginx/ssl/nginx.crt
# expose the https port
EXPOSE 443For all dockerfile files, the first line of instructions must beFROM XXXX.
The function of from is to specify the base image. This dockerfile is customized based on the image specified after from.
stayDocker StoreThere are many high-quality official images on, which are mainly divided into the following three categories:
- Out of the box service images, such as network server nginx, and database servers such as redis, Mongo, mysql, etc;
- It is convenient to develop, build and run images of various language applications, such as node, openjdk, python, etc.
- Compared with the first two categories, more basic operating system images, such as Ubuntu, Debian, CentOS, etc.
Of course, if you don’t want to start the image construction based on these official images, but want to start from scratch, this is also possible.
Docker has a special image namedscratchIt is a virtual concept that represents a blank image.
Direct useFROM scratchIt will make the image smaller.
The next series of copy instructions are well understood.
After the dockerfile is developed, execute the command:
docker build -t jerry-nginx:1.0 .
It means to build an image based on the current directory, and pay attention to the at the end.Indispensable, representing “current directory”.
adoptdocker buildThe log of execution output can observe that the instructions of each line inside are executed line by line:
The last line of log prompt label isjerry-nginx:1.0The image of was successfully built.
Run a container based on the newly created image with the following command:
docker run -d -p 443:443 -p 1082:80 jerry-nginx:1.0
There is no problem accessing based on HTTP protocol:
http://localhost:1082
HTTPS based access also works:
https://localhost:443
So far, the nginx image supporting SSL has been successfully created.
summary
Through two practical exercises, this paper introduces how to modify the default homepage based on the standard nginx image, and the steps of making an SSL supported nginx image, and explains the working principle of dockerfile from practical examples.
Links to the first two articles in this series: