docker portainer的应用及实践
作者:warrah
这段文章主要讨论了在部署Portainer和Nacos过程中遇到的问题的解决方法,包括Portainer版本过旧需要升级、Docker iptables配置损坏的解决步骤以及haproxy和nginx配置调整等确保服务正常运行
portainer
docker volume create portainer_data docker run \ -v /etc/localtime:/etc/localtime \ -v /var/run/docker.sock:/var/run/docker.sock \ -v portainer_data:/data \ --publish published=8005,target=9000,protocol=tcp,mode=host \ --name portainer \ --restart always -d \ 10.101.10.9:8081/eayc/portainer/portainer-ce:2.16.2
我在新的一台机器上部署porainer,安装nacos的时候提示
Error response from daemon: client version 1.37 is too old. Minimum supported API version is 1.40, please upgrade your client to a newer version
这个根本原因是portainer有些旧,要重装了portainer/portainer-ce:2.33.0版本
调整后为
docker volume create portainer_data docker run \ -v /etc/localtime:/etc/localtime \ -v /var/run/docker.sock:/var/run/docker.sock \ -v portainer_data:/data \ --publish published=8005,target=9000,protocol=tcp,mode=host \ --name portainer \ --restart always -d \ 10.101.10.9:8081/eayc/portainer/portainer-ce:2.33.0
mysql8
docker run -d \ --name mysql8 \ --restart unless-stopped \ -p 3306:3306 \ -e MYSQL_ROOT_PASSWORD="123456" \ -e TZ=Asia/Shanghai \ -v /home/mysql/conf/my.cnf:/etc/mysql/my.cnf:ro \ -v /home/mysql/data:/var/lib/mysql \ -v /home/mysql/logs:/var/log/mysql \ 10.101.10.9:8081/eayc/mysql:8.0 \ --character-set-server=utf8mb4 \ --collation-server=utf8mb4_general_ci \ --default-authentication-plugin=mysql_native_password \ --lower_case_table_names=1
执行上面的命令提示
docker: Error response from daemon: driver failed programming external connectivity on endpoint mysql8 (8b856e1a86c3eaa0e6ea0cd3ebe035c8849de0494a39d69d64f6f6a6060eb297): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 3306 -j DNAT --to-destination 172.17.0.3:3306 ! -i docker0: iptables: No chain/target/match by that name. (exit status 1)).
这个问题确实是 Docker 的 iptables 配置损坏了,解决方案
# 停止所有容器 docker stop $(docker ps -aq) 2>/dev/null # 停止 Docker 服务 sudo systemctl stop docker # 清理 iptables sudo iptables -F sudo iptables -X sudo iptables -t nat -F sudo iptables -t nat -X sudo iptables -t mangle -F sudo iptables -t mangle -X # 设置默认策略 sudo iptables -P INPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -P OUTPUT ACCEPT # # 启动 Docker sudo systemctl start docker
使用stack启动的方式如下配置
version: '3.8'
services:
mysql:
image: 10.101.10.9:8081/eayc/mysql:8.0
container_name: mysql8-simple
restart: unless-stopped
# 明确使用相同的环境变量
environment:
- MYSQL_ROOT_PASSWORD=123456
- TZ=Asia/Shanghai
# 不要设置 MYSQL_CHARSET 和 MYSQL_COLLATION,使用命令行参数
ports:
- "3306:3306"
volumes:
- /home/mysql/conf/my.cnf:/etc/mysql/my.cnf:ro
- /home/mysql/data:/var/lib/mysql
- /home/mysql/logs:/var/log/mysql
# 使用与 docker run 完全相同的命令参数
command:
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_general_ci
- --default-authentication-plugin=mysql_native_password
- --lower_case_table_names=1
my.cnf
[mysqld] # 基础配置 port = 3306 datadir = /var/lib/mysql socket = /var/run/mysqld/mysqld.sock # 字符集配置 character-set-server = utf8mb4 collation-server = utf8mb4_general_ci # 表名大小写 lower_case_table_names = 1 # 连接配置 max_connections = 500 wait_timeout = 600 # InnoDB 配置(MySQL 8.0 使用新参数) # 删除旧的:innodb_log_file_size 和 innodb_log_files_in_group innodb_buffer_pool_size = 2G innodb_redo_log_capacity = 256M # 替换 innodb_log_file_size innodb_flush_log_at_trx_commit = 2 # 网络配置 skip-name-resolve max_allowed_packet = 64M # SQL 模式 sql_mode = STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION # 日志配置 slow_query_log = 1 slow_query_log_file = /var/log/mysql/slow.log long_query_time = 2 log_error = /var/log/mysql/error.log # 删除不存在的参数: # slow_query_log_always_write_time=1 # 这个参数不存在! [client] default-character-set = utf8mb4 [mysql] default-character-set = utf8mb4
导入备份文件
# 1. 将SQL文件复制到容器 docker cp nacos_2025-12-10_00-16-36.sql 66f54627cf8c:/tmp/nacos.sql # 2. 在容器内执行 docker exec 66f54627cf8c mysql -u root -p12345 nacos -e "source /tmp/nacos.sql" # 3. 清理 docker exec 66f54627cf8c rm /tmp/nacos.sql
如果提示
2025-12-17 21:41:51+08:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.44-1.el9 started. 2025-12-17 21:41:52+08:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql' 2025-12-17 21:41:52+08:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.44-1.el9 started. ls: cannot access '/docker-entrypoint-initdb.d/': Operation not permitted
version: '3.8'
services:
mysql:
image: 58.49.122.210:8081/eayc/mysql:8.0
container_name: mysql8-simple
restart: unless-stopped
# 添加在这里
privileged: true
environment:
- MYSQL_ROOT_PASSWORD=123456
- TZ=Asia/Shanghai
ports:
- "3306:3306"
volumes:
- /home/mysql/conf/my.cnf:/etc/mysql/my.cnf:ro
- mysql_data:/var/lib/mysql
- mysql_logs:/var/log/mysql
command:
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_general_ci
- --default-authentication-plugin=mysql_native_password
- --lower_case_table_names=1
volumes:
mysql_data:
mysql_logs:redis
version: '3.8'
services:
redis:
image: 10.101.10.9:8081/eayc/redis:7.4.0
container_name: redis
restart: unless-stopped
ports:
- "6379:6379"
volumes:
# 数据持久化
- /home/redis/data:/data
# 日志目录(可选)
- /home/redis/logs:/logs
environment:
- TZ=Asia/Shanghai
command: >
redis-server
--appendonly yes
--appendfsync everysec
--maxmemory 1gb
--maxmemory-policy allkeys-lru
--save 900 1
--save 300 10
--save 60 10000
--loglevel noticerabbitmq
version: '3.8'
services:
rabbitmq:
image: 10.101.10.9:8081/eayc/rabbitmq:3.8.17-management
container_name: rabbitmq
restart: unless-stopped
ports:
- "5672:5672" # AMQP 协议端口,供客户端连接
- "15672:15672" # Web 管理界面端口
environment:
- RABBITMQ_DEFAULT_USER=hbbwadmin # 设置默认用户名(强烈建议更改)
- RABBITMQ_DEFAULT_PASS=hbbw2015 # 设置默认密码(强烈建议更改)
# 如果你想使用更安全的密码哈希方式,可以定义 secret(高级用法)
# - RABBITMQ_DEFAULT_PASS_SECRET=my_password_secret
volumes:
- rabbitmq_data:/var/lib/rabbitmq # 持久化数据卷
# - ./enabled_plugins:/etc/rabbitmq/enabled_plugins # 如需自定义插件,可挂载此文件
volumes:
rabbitmq_data:
name: rabbitmq_datanacos
version: '3.8'
services:
nacos:
image: 10.101.10.9:8081/eayc/nacos/nacos-server:2.0.3
container_name: nacos
restart: always
environment:
MYSQL_SERVICE_HOST: 10.101.10.5 # 默认创建的数据库名
MYSQL_SERVICE_DB_NAME: nacos
MYSQL_SERVICE_USER: root # 超级用户账号
MYSQL_SERVICE_PASSWORD: '654123' # 超级用户密码
NACOS_AUTH_ENABLE: false
SPRING_DATASOURCE_PLATFORM: mysql
MODE: standalone
volumes:
- /etc/localtime:/etc/localtime # 初始化脚本(可选)
ports:
- "8848:8848" # 格式: 主机端口:容器端口
- "9848:9848" # 格式: 主机端口:容器端口
- "9849:9849" # 格式: 主机端口:容器端口firewall-cmd --zone=public --add-port=8848/tcp --permanent firewall-cmd --zone=public --add-port=9848/tcp --permanent firewall-cmd --zone=public --add-port=9849/tcp --permanent firewall-cmd --reload
应用
端口映射
version: '3.8'
# 声明使用外部网络
networks:
eayc-network:
external: true
services:
eayc-gateway-server:
image: 10.101.10.9:8081/eayc/eayc-gateway-server:3.0.0-2026.3.22-1
container_name: eayc-gateway-server
restart: unless-stopped
networks:
- eayc-network # 使用自定义网络
environment:
- SPRING_APPLICATION_JSON={"nacos":{"server-addr":"10.101.10.19:8848","namespace":"prod","dubbo-addr":"10.101.10.19:8848","dubbo-namespace":"dubbo-prod"}}
# Spring Profile 可以单独设置
- SPRING_PROFILES_ACTIVE=prod
volumes:
- eayc_gateway_server_logs:/application/logs # 将数据持久化到命名卷
- eayc_gateway_server_upload:/application/upload
ports:
- "31350:8350" # 格式: 主机端口:容器端口
volumes:
eayc_gateway_server_logs: # 声明一个命名卷
eayc_gateway_server_upload:
# driver: local # 默认就是local驱动,通常无需指定前端服务
前端启动提示下面的错误
/docker-entrypoint.sh: Configuration complete; ready for start up 2025/12/21 06:12:36 [emerg] 1#1: host not found in upstream "acc-mbms-server" in /etc/nginx/conf.d/mbms-front.conf:14 nginx: [emerg] host not found in upstream "acc-mbms-server" in /etc/nginx/conf.d/mbms-front.conf:14
配置如下
version: '3.8'
services:
mbms-front:
image: 10.101.10.9:8081/eayc/mbms-front:pro_2.0_639
container_name: mbms-front
restart: unless-stopped
volumes:
- mbms-front_logs:/var/log/nginx # 将数据持久化到命名卷
extra_hosts:
- "acc-mbms-server:10.101.10.5" # 先解决这个错误
# 暂时注释掉下面两个,如果需要再添加
# - "proxyServer:IP地址"
# - "openapiProxyServer:IP地址"
environment:
ENV: pro
ports:
- "30503:18009" # 格式: 主机端口:容器端口
volumes:
mbms-front_logs: # 声明一个命名卷
# driver: local # 默认就是local驱动,通常无需指定磁盘扩展
以下是rockylinux的配置
yum install -y cloud-utils-growpart lsblk sudo growpart /dev/sda 3 # 3. 等待系统识别新的分区大小 sleep 2 sudo partprobe /dev/sda || sudo partx -u /dev/sda # 4. 扩展物理卷(PV)以识别新增的空间 sudo pvresize /dev/sda3 # 5. 扩展逻辑卷(LV)到使用卷组中所有剩余空间 sudo lvextend -l +100%FREE /dev/mapper/rl_bs251-root # 6. 扩展XFS文件系统(根据你的df -T输出,确认是xfs) sudo xfs_growfs / # 7. 验证最终结果 echo "=== 分区情况 ===" lsblk echo "=== 根分区空间 ===" df -h / df -lh
haproxy
version: '3.8'
services:
haproxy:
image: 10.101.10.9:8081/mid/haproxy:2026.3.28
container_name: haproxy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "9000:9000"
- "8888:8888"
volumes:
# 修正:配置文件应该是文件,不是目录
- /home/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
# 子配置目录
- /home/haproxy/conf.d:/usr/local/etc/haproxy/conf.d:ro
# 日志目录
- /home/haproxy/logs:/var/log/haproxy
networks:
- haproxy-network
environment:
- TZ=Asia/Shanghai
command: >
haproxy -f /usr/local/etc/haproxy/haproxy.cfg -f /usr/local/etc/haproxy/conf.d
networks:
haproxy-network:
driver: bridge
haproxy.cfg
global
# 注释掉 group 和 user,让容器使用默认用户
# group haproxy
# user haproxy
daemon
log stdout format raw local0 notice
# 使用容器内可写的目录
pidfile /tmp/haproxy.pid
maxconn 20000
spread-checks 3
nbthread 4
defaults
log global
mode http
retries 3
option redispatch
timeout connect 5s
timeout client 50s
timeout server 50s
conf.d下配置
最后一行要有回车符
admin.cfg
listen admin
bind *:8888
mode http
stats enable
stats hide-version
stats uri /admin?status
stats auth ha:ha
stats refresh 5s
minio.cfg
# MinIO 服务
frontend minio-front
bind *:9000
mode tcp
option tcplog
default_backend minio-end
backend minio-end
mode tcp
# 移除 option tcplog
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server minio-node01 10.101.10.20:9001 check
server minio-node02 10.101.10.20:9002 check
server minio-node03 10.101.10.20:9003 check
server minio-node04 10.101.10.20:9004 check
nginx.cfg
# HTTP 前端配置
frontend www
bind *:80
mode http
option forwardfor
option http-keep-alive
option httplog
option dontlognull
option logasap
log global
timeout client 15s
# 移除 timeout server(frontend 不支持)
default_backend openresty
backend openresty
mode http
balance roundrobin
cookie SERVERID insert indirect nocache
option httpchk GET /health
http-check expect status 200
timeout connect 5s
timeout server 15s
server server-10-162 10.101.10.15:80 maxconn 5000 check inter 4000 rise 3 fall 5 weight 100
# HTTPS 前端配置
frontend https_frontend
bind *:443
mode tcp
log global
option tcplog
timeout client 3600s
backlog 4096
maxconn 1000000
default_backend https_back
backend https_back
mode tcp
option log-health-checks
option redispatch
balance roundrobin
timeout connect 5s
timeout queue 10s
timeout server 3600s
timeout tunnel 3600s
server server-10-162 10.101.10.15:443 maxconn 50000 check inter 4000 rise 3 fall 5 weight 100
nginx
更改了nginx配置,执行docker exec nginx-proxy nginx -s reload进行生效
version: '3.8'
services:
nginx:
image: 10.101.10.9:8081/eayc/openresty:alpine
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
# 配置文件映射(宿主机:容器)
- /home/nginx/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf:ro
- /home/nginx/waf:/usr/local/openresty/nginx/conf/waf:ro
- /home/nginx/extra:/usr/local/openresty/nginx/conf/extra:ro
- /home/nginx/upstream:/usr/local/openresty/nginx/conf/upstream:ro
- /home/nginx/conf.d:/usr/local/openresty/nginx/conf/conf.d:ro
- /home/nginx/logs:/usr/local/openresty/nginx/logs
- /home/nginx/html:/usr/local/openresty/nginx/html:ro
- /home/nginx/ssl:/usr/local/openresty/nginx/conf/ssl:ro
- /home/nginx/temp:/usr/local/openresty/temp:rw
- /home/nginx/jsonlogs:/usr/local/openresty/nginx/jsonlogs:rw
- /home/nginx/bw580.com:/usr/local/openresty/nginx/conf/bw580.com:ro
networks:
- proxy-net
restart: unless-stopped
networks:
proxy-net:
driver: bridge
总结
以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。