docker 是一个典型的C/S架构
Docker在2017年以前时使用大版本号+小版本号来名，在2017年之后，采用YY.MM.N-xx格式，如 19.03.1-ce表示2019年3月份的第2个ce版本。以CentOS 7安装docker-ce版本为例

[root@docker-24-20 ~]# uname -r # 确认内核版本，要求大于3.8
3.10.0-862.el7.x86_64
[root@docker-24-20 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@docker-24-20 ~]# yum install -y docker-ce  # 安装docker-ce
[root@docker-24-20 ~]# vim /etc/docker/daemon.json  # 初始化配置
{
  "graph": "/data/docker",
  "storage-driver": "overlay2",
  "insecure-registries": ["registry.access.redhat.com","quay.io"],
  "registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
  "bip": "172.24.20.1/24",
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-opts": {"max-size":"32M", "max-file":"2"},
  "live-restore": true
}
[root@docker-24-20 ~]# mkdir -p /data/docker
[root@docker-24-20 ~]# systemctl start docker && systemctl enable docker
[root@docker-24-20 ~]# ip addr show dev docker0  # 确认IP地址
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:e7:6b:2d:f6 brd ff:ff:ff:ff:ff:ff
    inet 172.24.20.1/24 brd 172.24.20.255 scope global docker0
       valid_lft forever preferred_lft forever
~]# docker version #　查看版本
[root@docker-24-20 ~]# docker container run --rm hello-world  # 测试docker是否运行正常
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete 
Digest: sha256:4fe721ccc2e8dc7362278a29dc660d833570ec2682f4e4194f4ee23e415e1064
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/
For more examples and ideas, visit:
 https://docs.docker.com/get-started/

容器启动过程四个步骤

1. Docker客户端联系Docker服务端。
   2. Docker服务端从Docker中心拉取“hello-world”映像。
   3. Docker服务端(用新拉的镜像)创建了一个新的容器，该容器运行可执行文件(脚本)，生成您当前读取的输出。
   4. Docker服务端将信息流推到Docker客户端，由客户端展示在你的终端。 ```bash

   daemon.json 配置介绍

   { “graph”: “/data/docker”, “storage-driver”: “overlay2”, “insecure-registries”: [“registry.access.redhat.com”,”quay.io”], “registry-mirrors”: [“https://q2gr04ke.mirror.aliyuncs.com“], “bip”: “172.24.38.1/24”, “exec-opts”: [“native.cgroupdriver=systemd”], “live-restore”: true }

配置项注意点：

graph: 该关键字未来将被弃用，可以采用 “data-root” 替代

storage-driver: 存储驱动，即分层文件系统

insecure-registries: 不安全的docker registries，即使用http协议推拉镜象

registry-mirrors: 加速站点，一般可以使用阿里、网易云、docker中国(https://registry.docker-cn.com)的地址

bip: 指定docker bridge地址(不能以.0结尾)，生产中建议采用 172.xx.yy.1/24,其中xx.yy为宿主机ip后四位，方便定位问题

若启动失败，查看 /var/log/message 日志排错

```bash
[root@docker-24-20 ~]# docker info  # Docker 信息查看
Client:
 Debug Mode: false
Server:
 Containers: 0              # 容器数量
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 1                  # 镜像数量
 Server Version: 19.03.5    # server 版本
 Storage Driver: overlay2
  Backing Filesystem: xfs   # 宿主机上的底层文件系统
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: systemd     # Cgroups 驱动
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-862.el7.x86_64      # 宿主机的相关信息
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 3.685GiB
 Name: docker-24-20
 ID: ASZO:NO2O:EJ2W:WGN5:MWAL:MBMP:TURI:WKNC:YUPS:E4E2:MATG:MXV3
 Docker Root Dir: /data/docker              # docker 数据存储目录
 Debug Mode: false
 Registry: https://index.docker.io/v1/      # registry 地址
 Labels:
 Experimental: false
 Insecure Registries:
  quay.io
  registry.access.redhat.com
  127.0.0.0/8
 Registry Mirrors:                          # 加速站点
  https://q2gr04ke.mirror.aliyuncs.com/
 Live Restore Enabled: true
WARNING: bridge-nf-call-iptables is disabled    # 当前两个warn需要设置内核模块
WARNING: bridge-nf-call-ip6tables is disabled

Docker pull配置代理

部分场景中，下载国外镜像非常慢，因此可以配置相关代理进行加速，方法如下：

配置宿主机代理

1.  找到 Lantern 的代理服务器的http(s)监听地址，以当前宿主机 127.0.0.1:9768 为例
2.  配置windows端口的转发，将所有10.4.7.1的10080端口转发至 127.0.0.1:9768
    netsh interface portproxy add v4tov4 listenaddress=10.4.7.1 listenport=10080 connectaddress=127.0.0.1 connectport=9768
3.  配置windows防火墙策略，允许 10.4.7.0/24 网段访问 10.4.7.1:10080
4.  配置Linux机器的http和https代理
    [root@centos-7-50 ~]# export http_proxy="10.4.7.1:10080"
    [root@centos-7-50 ~]# export https_proxy="10.4.7.1:10080"
5.  测试
    [root@centos-7-50 ~]# curl -I https://www.google.com
    HTTP/1.1 200 OK
    Date: Friday, 20-Mar-20 09:55:18 CST
    Keep-Alive: timeout=58
    Content-Length: 0
# 实验环境的虚拟机使用的是 10.4.7.0/24 的NAT网络，宿主机地址为 10.4.7.1

配置docker代理

root@ubuntu-7-61:~# mkdir /etc/systemd/system/docker.service.d
root@ubuntu-7-61:~# vim /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://10.4.7.1:10080"
root@ubuntu-7-61:~# systemctl daemon-reload
root@ubuntu-7-61:~# systemctl restart docker
root@ubuntu-7-61:~# docker info 2>&1 | grep -i proxy
 HTTP Proxy: http://10.4.7.1:10080