Docker

Docker 容器无法访问外网？nftables 下的 NAT 配置指南

Wednesday, September 3, 2025 Read

透過LinuxServer.io打包的Docker映像檔，將桌面程式轉成網頁版，透過瀏覽器即可使用

透過 LinuxServer.io 打包的 Docker 映像檔，將桌面程式轉成網頁版，透過瀏覽器即可使用 LinuxServer.io 官網

Friday, August 1, 2025 Read

Gluetun：讓Docker容器走VPN連線，沒網路就斷線，使用教學

Gluetun：讓 Docker 容器走 VPN 連線，沒網路就斷線，使用教學 Gluetun OpenVPN services: gluetun: image: qmcgaw/gluetun container_name: gluetun restart: unless-stopped cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - 8888:8888/tcp # HTTP proxy - 8388:8388/tcp # Shadowsocks - 8388:8388/udp # Shadowsocks volumes: - /home/user/gluetun:/gluetun environment: # 按照VPN供應商的OpenVPN設定檔填寫 - VPN_SERVICE_PROVIDER=protonvpn - VPN_TYPE=openvpn - OPENVPN_USER= # OpenVPN帳號 - OPENVPN_PASSWORD= # OpenVPN密碼 - SERVER_COUNTRIES=United Kingdom # 指定伺服器所在國家，以逗號分隔 networks: # (選擇性) 固定Gluetun容器的IP network: ipv4_address: 172.27.0.5 networks: # (選擇性) 固定Gluetun容器的IP network: driver: bridge ipam: config: - subnet: 172.27.0.0/16 gateway: 172.27.0.5 WireGuard services: gluetun: image: qmcgaw/gluetun container_name: gluetun restart: unless-stopped cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - 8888:8888/tcp # HTTP proxy - 8388:8388/tcp # Shadowsocks - 8388:8388/udp # Shadowsocks volumes: - /home/user/gluetun:/gluetun environment: - VPN_SERVICE_PROVIDER=protonvpn # 按照VPN供應商的WireGuard設定檔填寫 - VPN_TYPE=wireguard - WIREGUARD_PRESHARED_KEY= # 預共享密鑰 - WIREGUARD_PRIVATE_KEY= # 私鑰 - WIREGUARD_ADDRESSES= # 填IPV4與IPV6位址，以逗號分隔 - SERVER_COUNTRIES=United Kingdom # 指定伺服器所在國家，以逗號分隔 networks: # (選擇性) 固定Gluetun容器的IP network: ipv4_address: 172.27.0.5 networks: # (選擇性) 固定Gluetun容器的IP network: driver: bridge ipam: config: - subnet: 172.27.0.0/16 gateway: 172.27.0.5 讓容器走 Gluetun 的 VPN 連線如果容器服務跟 Gluetun 寫在同一個 docker-compose：加入網路模式 network_mode: “service:gluetun” 如果該容器跟 Gluetun 不是寫在同一個 docker-compose：加入 network_mode: “container:gluetun” 開啟 Gluetun 的 docker-compose 檔案，把 service 用到的通訊埠(ex:8080)加回來依序啟動 Gluetun 和走 Gluetun 的 VPN 連線的服務容器公共 IP 應當跟您選擇的 VPN 伺服器一致

Friday, August 1, 2025 Read

Container security fundamentals

Wednesday, October 4, 2023 Read

Faster Multi-Platform Builds: Dockerfile Cross-Compilation Guide

Faster Multi-Platform Builds: Dockerfile Cross-Compilation Guide method docker buildx create --use FROM --platform=linux/amd64 debian / FROM --platform=$BUILDPLATFORM debian variables BUILDPLATFORM — matches the current machine. (e.g. linux/amd64) BUILDOS — os component of BUILDPLATFORM, e.g. linux BUILDARCH — e.g. amd64, arm64, riscv64 BUILDVARIANT — used to set ARM variant, e.g. v7 TARGETPLATFORM — The value set with --platform flag on build TARGETOS - OS component from --platform, e.g. linux TARGETARCH - Architecture from --platform, e.g. arm64 TARGETVARIANT example before FROM golang:1.17-alpine AS build WORKDIR /src COPY . . RUN go build -o /out/myapp . FROM alpine COPY --from=build /out/myapp /bin after FROM --platform=$BUILDPLATFORM golang:1.17-alpine AS build WORKDIR /src ARG TARGETOS TARGETARCH RUN --mount=target=. \ --mount=type=cache,target=/root/.cache/go-build \ --mount=type=cache,target=/go/pkg \ GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /out/myapp . FROM alpine COPY --from=build /out/myapp /bin

Monday, September 4, 2023 Read

ElasticSearch 学习笔记

ElasticSearch 学习笔记安装中文分词插件 docker exec -it elasticsearch bash $ elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v8.4.1/elasticsearch-analysis-ik-8.4.1.zip Dev Tools content 类型为 text，写入时使用 ik_max_word 做分词，搜索时使用 ik_smart 分词。这两个的区别在于，前者产生尽可能多的分词，后者产生粗粒度的分词。 PUT /words { "mappings": { "properties": { "content": { "type": "text", "analyzer": "ik_max_word", "search_analyzer": "ik_smart" }, "age": { "type": "integer", "index": false } } } } { "acknowledged": true, "shards_acknowledged": true, "index": "words" }

Thursday, October 6, 2022 Read

為你的Go應用建立輕量級Docker映象？ | IT人

為你的 Go 應用建立輕量級 Docker 映象？ | IT 人 go build # default $ go build -o test1 main.go $ du -sh test1 14M test1 # 在程式編譯的時候可以加上 `-ldflags "-s -w"` 引數來優化編譯，原理是通過去除部分連結和除錯等資訊來減小編譯生成的可執行程式體積，具體引數如下： # -a：強制編譯所有依賴包 # -s：去掉符號表資訊，不過 panic 的時候 stack trace 就沒有任何檔名/行號資訊了 # -w：去掉 DWARF 除錯資訊，不過得到的程式就不能使用 gdb 進行除錯了 # 若對符號表無需求，-ldflags 直接新增 "-s" 即可 # 注：不建議-w和-s同時使用 $ go build -ldflags "-s -w" -o test2 main.go $ du -sh test2 11M test2 upx(brew/yum install upx) $ upx test2 Ultimate Packer for eXecutables Copyright (C) 1996 - 2020 UPX 3.96 Markus Oberhumer, Laszlo Molnar & John Reiser Jan 23rd 2020 File size Ratio Format Name -------------------- ------ ----------- ----------- 11490768 -> 4063248 35.36% macho/amd64 test2 Packed 1 file. $ upx --brute test2 $ du -sh test2 4.6M test2 upx 的壓縮選項

Monday, July 25, 2022 Read

Docker Introduction

Docker Concept VM vs Container VM - Base on OS Container - Base on Application (Linux Kernel: Namespace and Cgroup) Client to Server Docker daemon - containerd, docker-containerd-shim, docker-runc Docker client - cli command docker cli -> docker daemon -> containerd -> runc -> namespace & cgroup Image Snapshots Container Read-Only processes on image Hub / Registry Store images References Docker —— 從入門到實踐 docker docs Docker commands Dockerfile ARG dist="/tmp/password" ARG projectDir="/password" FROM golang:1.16-alpine3.14 AS builder RUN apk add build-base upx ARG dist ARG projectDir WORKDIR ${projectDir} COPY . . RUN go build -trimpath -o main cmd/main.go RUN upx -9 -o ${dist} main FROM scratch ARG dist ENV TZ=Asia/Taipei COPY --from=builder ${dist} /usr/local/bin/password Dockerfile1 FROM alpine CMD ["nc","-l","12345"] Dockerfile2 FROM alpine CMD ["echo","DOCKER"] docker build command docker build . -t program docker build . -f Dockerfile -t test_mysql docker build . -t hello:v1.1 --build-arg dist=/tmp/hello --build-arg projectDir=/hello docker build . docker/status echo -e "${GREEN}Before build${RESET}" docker image ls docker build . -f docker/Dockerfile1 -t test1 docker build . -f docker/Dockerfile2 -t test2 docker image . docker/status echo -e "${GREEN}After build${RESET}" docker image ls docker run AND rm . docker/status echo -e "${GREEN}Run container1${RESET}" docker run -d --name container1 test1 echo -e "${GREEN}Run container2${RESET}" docker run -d --name container2 test2 echo -e "${GREEN}List alive containers${RESET}" docker ps echo -e "${GREEN}List all containers${RESET}" docker ps -a echo -e "${GREEN}Remove alive container${RESET}" docker rm -f container1 echo -e "${GREEN}List all containers${RESET}" docker ps -a echo -e "${GREEN}Remove exit container${RESET}" docker rm container2 echo -e "${GREEN}List all containers${RESET}" docker ps -a docker pull AND rmi . docker/status echo -e "${GREEN}List all image${RESET}" docker image ls echo -e "${GREEN}Pull alpine image${RESET}" docker pull alpine echo -e "${GREEN}List all image${RESET}" docker image ls docker rmi . docker/status echo -e "${GREEN}Remove alpine image${RESET}" docker rmi alpine echo -e "${GREEN}List all image${RESET}" docker image ls prune docker system prune -f --volumes docker history . docker/status echo -e "${GREEN}History of test1${RESET}" docker history test1 echo -e "${GREEN}History of mysql:8${RESET}" docker history mysql:8 Docker remote Edit service file # /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375 Restart service systemctl daemon-reload systemctl restart docker Specify DOCKER_HOST . docker/status echo -e "${GREEN}List images on 192.168.185.9${RESET}" DOCKER_HOST=192.168.185.9:2375 docker images Docker-compose version: "3" services: svn: image: zeyanlin/svn environment: - LDAP_HOSTS=${LDAP_HOSTS} - LDAP_BASE_DN=${LDAP_BASE_DN} - LDAP_BIND_DN=${LDAP_BIND_DN} - LDAP_ADMIN_PASS=${LDAP_ADMIN_PASS} ports: - 8000:80 - 3690:3690 depends_on: - ldap ldap: image: zeyanlin/openldap environment: - LDAP_DOMAIN=${LDAP_DOMAIN} - LDAP_ADMIN_PASS=${LDAP_ADMIN_PASS} ports: - 389:389 - 636:636 php: image: zeyanlin/phpldapadmin environment: - LDAP_HOSTS=${LDAP_HOSTS} ports: - 80:80 depends_on: - ldap Env LDAP_HOSTS=ldap LDAP_DOMAIN="knowhow.fun" LDAP_BASE_DN="dc=knowhow,dc=fun" LDAP_BIND_DN="cn=admin" LDAP_ADMIN_PASS="123qwe"

Friday, September 17, 2021 Read