One, foreword
Following on from docker images and Containers, this article will show how to create a Dockerfile to build an image. As mentioned in the last article, building a custom image is manually built. Although the steps are clear, the operation is cumbersome and the image distribution is not very convenient. Therefore, it is necessary to replace this mode with a better way to create a custom image, so Dockerfile is the best alternative. No more talk, now let’s see how to write a Dockerfile file and create container image, first explain a running environment of this article, have read the last article friends should know, I use the docker image acceleration address is Ali cloud, I think this is the most painless environment I use docker.
Dockerfile example
# Base images
FROM centos
#MAINTAINER MAINTAINER information
MAINTAINER lorenwe
#ENV Sets the environment variable
ENV PATH /usr/local/nginx/sbin:$PATH
The #ADD file is placed in the current directory and will be automatically decompressed when copied
ADDNginx - 1.13.7. Tar. Gz/TMP /
#RUN RUN the following command
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 \
&& yum update -y \
&& yum install -y vim less wget curl gcc automake autoconf libtool make gcc-c++ zlib zlib-devel openssl openssl-devel perl perl-devel pcre pcre-devel libxslt libxslt-devel \
&& yum clean all \
&& rm -rf /usr/local/src/*
RUN useradd -s /sbin/nologin -M www
#WORKDIR corresponds to CD
WORKDIR/ TMP/nginx - 1.13.7
RUN ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-pcre && make && make install
RUN cd / && rm -rf /tmp/
COPY nginx.conf /usr/local/nginx/conf/
#EXPOSE Map port
EXPOSE 80 443
#ENTRYPOINT Run the following command
ENTRYPOINT ["nginx"]
#CMD Run the following command
CMD ["-h"]Copy the code
The above code example is a representative dockerfile file that I wrote. It does not involve much content, but basically uses all the dockerfile instructions, and also contains some details. In order to achieve the effect of the example, it is not the most concise dockerfile. Create a folder and put the above dockerfile in the file, then go to the nginx official website to package nginx source code into the folder, then open the command line window in the folder, preferably with administrator permission to open the command line window, so as to avoid some permissions error. The directory structure should look like this
3. Instruction analysis
The function of the base image also exists in the newly constructed image. Generally, the function used in the base image is the cleanest without any modification by any three parties. For example, I use the most basic centos, it is necessary to explain here, because I use ali cloud image acceleration source, so I pull centos is the mirror of ali cloud yum source, if you do not use Ali cloud image acceleration source, pull down the mirror yum source is different. Yum will have a lot of problems installing software (you know).
MAINTAINER is MAINTAINER information. Enter your own name
/usr/local/nginx/sbin:$PATH ENV /usr/local/nginx/sbin:$PATH /usr/local/nginx/sbin /usr/local/nginx/sbin /usr/local/nginx/sbin /usr/local/nginx/sbin
The source file can be a file or a URL. If the source file is a compressed package, it will be automatically unpacked during image building. Nginx-1.13.7.tar. gz/TMP/nginx-1.13.7.tar.gz must be in the dockefile directory. D:test/nginx-1.13.7.tar.gz: /nginx-1.13.7.tar.gz: /nginx-1.13.7.tar.gz: /nginx-1.13.7.tar.gz: /nginx-1.13.7.tar.gz
RUN can RUN multiple commands separated by &&. If the command is too long to wrap, add ‘\’ to the end of the command to wrap the command. The meaning of RUN is very simple: execute the command. Now take a look at the above examples to see what to look out for. RUN RPM –import /etc/pki/rpm-gpg/RPM -gpg-key-centos-7 is used to import the signature of the software package to verify whether the software package has been modified. To ensure security, the software must be trusted as well as official. Yum update-y yum update-y yum update-y yum update-y yum update-y yum update-y yum update-y yum update-y yum update-y It is easy to cause our newly installed software problems and error prompt without obvious we are hard to find the problem, to avoid such situation happen let us update software package and system, though that would make the docker build mirror time-varying slow but it is also worth it, as for the back of the command is to install a variety of natural tool library, Rm -rf /usr/local/src/yum -rm -rf /usr/local/src/yum -rm -rf /usr/local/src/yum -rm -rf /usr/local/src/yum -rm -rf /usr/local/src/yum -rm -rf /usr/local/src/yum -rm -rm -rf /usr/local/yum -rm The RUN command can be written step by step. For example, the RUN command above can be split into the following:
# is not recommended
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 \
RUN yum update -y \
RUN yum install -y vim less wget curl gcc automake autoconf libtool make gcc-c++ zlib zlib-devel openssl openssl-devel perl perl-devel pcre pcre-devel libxslt libxslt-devel \
RUN yum clean all \
RUN rm -rf /usr/local/src/*Copy the code
This is fine, but it’s best not to do this, because when dockerfile builds an image, each key command is executed to create a version of the image. This is a bit like git version management, for example, after executing the first RUN command, the second RUN command is executed in a new version of the image. It is not recommended to write multiple runs, but it is not recommended to put all operations in the same RUN. It is a rule to put all related operations in the same RUN. For example, when I update yum, Install the libraries, clear the cache in one RUN, and compile and install nginx in another RUN.
The WORKDIR command is used to convert the mirror active directory to the specified directory, which is similar to the CD command used in Linux. There is no need to use this command. Install nginx from nginx without switching directories.
RUN cd/ TMP/nginx - 1.13.7
RUN ./configureCopy the code
Can do so, I want to read in front of the friend should know the answer, here or repetitive again, this is the wrong can’t find the configure file, the reason is very simple, because the two commands are not performed in the same image, the first image CD into the directory does not mean the back of the mirror also entered.
COPY is a simple command to COPY a file to a directory in the image. Note that the source file must also be in the directory where the dockerfile is located
user www;
worker_processes 2;
daemon off;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}Copy the code
The configuration is very simple, just take the comments out of the official configuration file, notice the daemon off; By default, the docker container will count whether the first process inside the container is active or not as whether the docker container is running or not. If the Docker container exits after running, the docker container will exit directly. If you use nginx, then the nginx program will run in the background. In this case, nginx is not the first program to execute, but the bash that executes the nginx command will hang. If we start nginx with daemon off, then nginx will always occupy the command window. Of course, bash will not be able to exit so the container will always be active.
The EXPOSE sample comment describes mapped ports, but I think it’s more appropriate to describe them as exposed ports, because no ports are mapped when you create a container with dockerFile. Mapped ports are specified when you use docker Run. For example, if I map port 80 of the container to port 8080 of the local machine, to successfully map the port, I must first expose the port, which is similar to the function of firewall, and open some ports.
ENTRYPOINT and CMD together, both have similar functionality, but are relatively unique in that they both enable images to run commands inside the container while creating it. The ENTRYPOINT and CMD commands can be used independently of each other when executing a Docker run. They do not have to exist at the same time.
For example, if the ENTRYPOINT line of a dockerfile is deleted, CMD will fill in [“nginx”]. Docker run Lorenwe /centos_nginx docker ps/ngixn Docker run lorenwe/centos_nginx bin/bash: / bin/bash: / bin/bash: / bin/bash: / bin/bash: / bin/bash: / bin/bash It can also be thought of as a default command for container startup that can be changed manually.
ENTRYPOINT, on the other hand, cannot be overridden. That is, when you start a container with a value, whatever command you write in ENTRYPOINT will be executed. Usually ENTRYPOINT is used to specify the application that must run for an image. For example, if I’m building a centos_nginx image, that is, the image only runs nGIxn, then I can say [“nginx”] in ENTRYPOINT, Some people build their base image (the base image has only the necessary libraries installed) with CMD and write [‘bin/bash’]. When ENTRYPOINT and CMD both exist, the commands in CMD will start the container as arguments to the commands in ENTRYPOINT. For example, in the dockerfile example above, the container will be started with the command nginx -h. Unfortunately, this will not keep the container running. So it can be start docker run – it lorenwe/centos_nginx – c/usr/local/nginx/conf/nginx. Conf, The container startup command is nginx – c/usr/local/nginx/conf/nginx. Conf, isn’t it interesting, you can customize the boot parameters.
Of course, there are some unused commands:
The ARG directive is used to define the parameters needed for the build. For example, you can write ARG a_NOther_name =a_default_value in the dockerfile. The ARG directive defines the parameters. — build-arg a_name=a_value — build-arg a_name=a_value
The VOLUME command creates a mount point that can be mounted from the local host or other containers. It is used in many ways. Docker can also be used as a data container. The VOLUME command is used to create the image of the dockerfile. The VOLUME command is used to create the image of the dockerfile. The VOLUME command is used to create the image of the dockerfile.
USER. USER is used to switch the identity of the running owner. The default docker user is root, but if not necessary, it is recommended to change the user identity, after all, root permission is too large, the use of security risks. LABEL, defines an image LABEL.
Build the demo
The command to build an image from dockerfile is very simple. In my example, MY command is “docker build -t lorenwe/centos_nginx. “note that the dot is not omitted, which means to find the dockerfile from the current directory to build the image
D:\docker\lorenwe>docker build -t lorenwe/centos_nginx. Sending build context to Docker daemon 995.8KB Step 1/13: FROM centos ---> d123f4e55e12
Step 2/13 : MAINTAINER lorenwe
---> Running in e5c7274f50e8
---> 606f7222e69a
Removing intermediate container e5c7274f50e8
Step 3/13 : ENV PATH /usr/local/nginx/sbin:$PATH
---> Running in 23716b428809
---> 5d8ee1b5a899. Successfully built eaee6b40b151 Successfully tagged lorenwe/centos_nginx:latestCopy the code
After all, some software needs to be installed. If you are the container source of Aliyun configured like me, there should be no problem when you build. Because I have pulled centos before, I directly use the local centos when I build. If you do not pull centos, you will pull centos down during build
D:\docker\lorenwe>docker images REPOSITORY TAG IMAGE ID CREATED SIZE lorenwe/centos_nginx latest eaee6b40b151 7 minutes ago 427MB lorenwe/centos_net_tools latest 35f8073cede1 6 days ago 277MB centos latest d123f4e55e12 3 weeks ago 197MB D4w /nsenter latest 9e4f13A0901e 14 months ago 83.8KB D:\docker\lorenwe>docker run-itd --name nginx1 lorenwe/centos_nginx 15d4f108dab7c2f276209ebeb501cac0d3be828e1e81bae22d3fd97c617439eb D:\docker\lorenwe>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES D:\docker\lorenwe>docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 15d4f108dab7 lorenwe/centos_nginx "nginx -h" nginx1 D:\docker\lorenwe>docker run -itd --name nginx2 lorenwe/centos_nginx -c /usr/local/nginx/conf/nginx.conf b6b0e962ca3056d67c24145b08975ffddb9cc050fce5f09f65310fb323ffc1c3 D:\docker\lorenwe>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b6b0e962ca30 lorenwe/centos_nginx "nginx -c /usr/loc..." 80/tcp nginx2 D:\docker\lorenwe>docker run -itd -p 8080:80 --name nginx3 lorenwe/centos_nginx -c /usr/local/nginx/conf/nginx.conf 2f6997745641e3e3edbbfe5213e6235cab3b5a929f116a2c132df504156090c6 D:\docker\lorenwe>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2f6997745641 lorenwe/centos_nginx "nginx -c /usr/loc..." 0.0.0.0:8080->80/ TCP nginx3 b6b0e962ca30 Lorenwe /centos_nginx "nginx -c /usr/loc... 80/tcp nginx2 D:\docker\lorenwe>docker stop nginx2 nginx2Copy the code
Where “docker run itd – p – 8080:80 – name nginx3 lorenwe/centos_nginx – c/usr/local/nginx/conf/nginx. Conf” -p in 8080:80 Mapping host port 8080 to container port 80, because we exposed port 80 in dockerfile earlier, With the port mapping done, you can now open a browser on your host to access 127.0.0.1:8080 and see the welcome page of nginx (^v^).
D:\docker\lorenwe>docker run -itd -v D:/docker/lorenwe/html:/usr/local/nginx/html -p 8081:80 --name nginx4 lorenwe/centos_nginx -c /usr/local/nginx/conf/nginx.conf
cd2d4eb70a39057aed3bfcb64e1f03433e2054d7ff5d50098f49d2e6f2d9e02eCopy the code
I added -v to the original parameter, which is used to mount a local host directory to the container. This directory is a shared state, and can be modified on both sides. This is the shared volume of the container. Now let’s create a new folder called HTML under D:\docker\ Lorenwe, Create a new index.html file in the HTML folder and write a little bit of content. Then go to your host browser and visit 127.0.0.1:8081 to see what you want to see. Although the -v parameter can be used for most applications, docker VOLUME has other better uses. For more information, see next time.