docker运行的所有服务无法远程访问 问题描述{alert type="info"}　　在新安装的 ubuntu server 22.0.4 系统过程中本来勾选了安装 docker stable 版本，但实际上进入系统后却没有安装 docker 。只能通过 sudo apt-get install -y docker.io 安装。　　安装成功后安装了 mysql 8.0.26 镜像容器和 gitlab 镜像容器，本地使用 telnet 127.0.0.1 3306 是通的，且进入容器内用 root 账户登录也正常，说明容器服务是正常的。但是局域网内其他设备却无法连通 mysql 服务。并非本地主机或者局域网远程主机防火墙阻挡，因为 22 端口是可以正常访问的，且本地防火墙状态全关。　　最后解决问题了，知道问题是docker的虚拟网关存在问题。{/alert}一、网上参考解决方案原因：docker网卡地址冲突sudo apt-get install -y bridge-utils设置网卡信息sudo service docker stop sudo ip link set dev docker0 down sudo brctl delbr docker0 sudo iptables -t nat -F POSTROUTING sudo brctl addbr docker0 sudo ip addr add 172.17.0.1/24 dev docker0 sudo ip link set dev docker0 up 二、实际解决问题修改 daemon.json 文件centos上安装后有此文件，但是 ubuntu 上需要自己创建文件。vi /etc/docker/daemon.json示例: { "registry-mirrors": [ "https://cqiunwxe.mirror.aliyuncs.com", "https://registry.docker-cn.com", "http://hub-mirror.c.163.com", "https://docker.mirrors.ustc.edu.cn", "https://cr.console.aliyun.com", "https://mirror.ccs.tencentyun.com" ], "bip": "172.16.10.1/24" }重载配置并重启docker服务sudo systemctl daemon-reload && sudo systemctl restart docker

ubuntu安装、使用docker方法 一、安装1、查看内核uname -r2、更新包sudo apt-get update3、没有docker旧版本，忽略这一步。如果有则需要卸载旧的版本，主要为了防止新旧版本冲突sudo apt-get remove docker docker-engine docker.io containerd runc4、为了防止 apt 源使用 HTTPS 以确保软件下载过程中不被篡改。我们需要添加使用 HTTPS 传输的软件包及 CA 证书sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release5、确认下载软件包的合法性，需要添加软件源的 GPG 密钥，但因网络问题设置docker源改为国内源(阿里)curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg或curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -6、向 source.list 中添加 Docker CE 软件源sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"或使用https://mirrors.ustc.edu.cn源（失效）sudo add-apt-repository "deb [arch=armhf] https://mirrors.ustc.edu.cn/docker-ce/linux/raspbian $(lsb_release -cs) stable"7、安装sudo apt-get -y install docker.io或sudo apt-get install docker-ce docker-ce-cli containerd.io启动dockersudo systemctl start dockerdocker换源修改 /etc/docker/daemon.json (如果该文件不存在，则创建){ "registry-mirrors": [ "https://hub-mirror.c.163.com" ] }sudo systemctl daemon-reload && sudo systemctl restart docker添加用户到docker用户组

docker更换国内镜像源 通过配置文件启动Docker,修改 /etc/docker/daemon.json 文件并添加上 registry-mirrors 键值。sudo vim /etc/docker/daemon.json{ "registry-mirrors" : [ "https://registry.docker-cn.com", "http://hub-mirror.c.163.com", "https://docker.mirrors.ustc.edu.cn", "https://cr.console.aliyun.com", "https://mirror.ccs.tencentyun.com" ] }sudo service docker restart sudo systemctl daemon-reload #重载配置 sudo systemctl restart docker #重启docker查看配置是否成功：docker infoRegistry Mirrors：有截图中框起来的就说明配置成功。Docker中国区官方镜像：https://registry.docker-cn.com网易：http://hub-mirror.c.163.comustc：https://docker.mirrors.ustc.edu.cn中国科技大学：https://docker.mirrors.ustc.edu.cn阿里云：https://cr.console.aliyun.com/阿里云：https://<你的ID>.mirror.aliyuncs.com（打开此地址登录你的阿里云账号获取你的专属镜像源https://cr.console.aliyun.com/#/accelerator）腾讯云：https://mirror.ccs.tencentyun.com科大镜像：https://docker.mirrors.ustc.edu.cn/七牛云加速器：https://reg-mirror.qiniu.com

docker运行svn 一、安装命令docker run -d \ --restart=unless-stopped \ --name svn \ -v /home/path:/var/opt/svn \ -p 3690:3690 \ garethflowers/svn-server二、开放端口查看端口是否开启firewall-cmd --list-all开启端口firewall-cmd --add-port=3690/tcp --permanent重启防火墙firewall-cmd --reload三、初始化仓库docker exec -it svn /bin/shcd /var/opt/svn && svnadmin create repos && cd repos打开 conf 配置文件资源仓库配置，修改 svnserve.confanon-access = none # 匿名用户不可读写，也可设置为只读 read auth-access = write # 授权用户可写 password-db = passwd # 密码文件路径，相对于当前目录 authz-db = authz # 访问控制文件 realm = /var/opt/svn/repos # 认证命名空间，会在认证提示界面显示，并作为凭证缓存的关键字，可以写仓库名称比如svn### users have read-only access to the repository, while authenticated ### users have read and write access to the repository. # anon-access = read # auth-access = write anon-access = none auth-access = write ### The password-db option controls the location of the password ### database file. Unless you specify a path starting with a /, ### the file's location is relative to the directory containing ### this configuration file. ### If SASL is enabled (see below), this file will NOT be used. ### Uncomment the line below to use the default password file. password-db = passwd ### The authz-db option controls the location of the authorization ### rules for path-based access control. Unless you specify a path ### starting with a /, the file's location is relative to the ### directory containing this file. The specified path may be a ### repository relative URL (^/) or an absolute file:// URL to a text ### file in a Subversion repository. If you don't specify an authz-db, ### no path-based access control is done. ### Uncomment the line below to use the default authorization file. authz-db = authz ### The groups-db option controls the location of the file with the ### group definitions and allows maintaining groups separately from the ### authorization rules. The groups-db file is of the same format as the ### authz-db file and should contain a single [groups] section with the ### group definitions. If the option is enabled, the authz-db file cannot ### contain a [groups] section. Unless you specify a path starting with ### a /, the file's location is relative to the directory containing this ### file. The specified path may be a repository relative URL (^/) or an ### absolute file:// URL to a text file in a Subversion repository. ### This option is not being used by default. # groups-db = groups ### This option specifies the authentication realm of the repository. ### If two repositories have the same authentication realm, they should ### have the same password database, and vice versa. The default realm ### is repository's uuid. # realm = My First Repository realm = /var/opt/svn/repos ### The force-username-case option causes svnserve to case-normalize ### usernames before comparing them against the authorization rules in the ### authz-db file configured above. Valid values are "upper" (to upper- ### case the usernames), "lower" (to lowercase the usernames), and ### "none" (to compare usernames as-is without case conversion, which ### is the default behavior). # force-username-case = none ### The hooks-env options specifies a path to the hook script environment ### configuration file. This option overrides the per-repository default ### and can be used to configure the hook script environment for multiple ### repositories in a single file, if an absolute path is specified. ### Unless you specify an absolute path, the file's location is relative ### to the directory containing this file. # hooks-env = hooks-env [sasl] ### This option specifies whether you want to use the Cyrus SASL ### library for authentication. Default is false. ### Enabling this option requires svnserve to have been built with Cyrus ### SASL support; to check, run 'svnserve --version' and look for a line ### reading 'Cyrus SASL authentication is available.' # use-sasl = true ### These options specify the desired strength of the security layer ### that you want SASL to provide. 0 means no encryption, 1 means ### integrity-checking only, values larger than 1 are correlated ### to the effective key length for encryption (e.g. 128 means 128-bit ### encryption). The values below are the defaults. # min-encryption = 0 # max-encryption = 256四、创建用户修改 passwd 文件，创建用户### This file is an example password file for svnserve. ### Its format is similar to that of svnserve.conf. As shown in the ### example below it contains one section labelled [users]. ### The name and password for each user follow, one account per line. [users] # harry = harryssecret # sally = sallyssecret admin = 123456 zhangsan = 123456 lisi = 123456五、分配权限修改 authz 文件，创建用户### This file is an example authorization file for svnserve. ### Its format is identical to that of mod_authz_svn authorization ### files. ### As shown below each section defines authorizations for the path and ### (optional) repository specified by the section name. ### The authorizations follow. An authorization line can refer to: ### - a single user, ### - a group of users defined in a special [groups] section, ### - an alias defined in a special [aliases] section, ### - all authenticated users, using the '$authenticated' token, ### - only anonymous users, using the '$anonymous' token, ### - anyone, using the '*' wildcard. ### ### A match can be inverted by prefixing the rule with '~'. Rules can ### grant read ('r') access, read-write ('rw') access, or no access ### (''). [aliases] # joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average [groups] # harry_and_sally = harry,sally # harry_sally_and_joe = harry,sally,&joe administrator = admin test = zhangsan dev = lisi # [/foo/bar] # harry = rw # &joe = r # * = # [repository:/baz/fuz] # @harry_and_sally = rw # * = r [/] @administrator = rw @test = r @dev = rw 六、导出和导入全部数据svnadmin dump /var/opt/svn/repos/ > /var/opt/svn/backup/fullsvn.baksvnadmin load /var/opt/svn/repos/ < /var/opt/svn/backup/fullsvn.bak

docker运行官方镜像embyserver docker run -d \ --name embyserver \ -v /path/to/programdata:/config \ # Configuration directory -v /path/to/share1:/mnt/share1 \ # Media directory -v /path/to/share2:/mnt/share2 \ # Media directory --net=host \ # Enable DLNA and Wake-on-Lan --device /dev/dri:/dev/dri \ # VAAPI/NVDEC/NVENC render nodes --device /dev/vchiq:/dev/vchiq \ # MMAL/OMX on Raspberry Pi --runtime=nvidia \ # Expose NVIDIA GPUs -p 8096:8096 \ # HTTP port -p 8920:8920 \ # HTTPS port -e UID=1000 \ # The UID to run emby as (default: 2) -e GID=100 \ # The GID to run emby as (default 2) -e GIDLIST=100 \ # A comma-separated list of additional GIDs to run emby as (default: 2) emby/embyserver:latest