Docker基础教学文档<\/h1>

一、Docker核心概念<\/h2>

1. Docker三大核心组件<\/h3>

Docker镜像(Image)<\/strong>: 只读模板，用于创建容器的基础。由多个层(layer)组成。<\/li>
Docker容器(Container)<\/strong>: 轻量级沙箱，用于运行和隔离应用。<\/li>

Docker仓库(Repository)<\/strong>: 存储Docker镜像的地方，类似代码仓库。<\/li> <\/ul>
2. 标识方式<\/h3>

通过id<\/code>或name:tag<\/code>来区分不同的镜像和容器。<\/li> <\/ul> 二、Docker安装<\/h2> 1. 官方安装渠道<\/h3> 官方文档: https:\/\/docs.docker.com\/<\/li> <\/ul> 2. 国内镜像源建议<\/h3> 中科大镜像源: https:\/\/docker.mirrors.ustc.edu.cn<\/li> <\/ul> 三、镜像操作<\/h2> 1. 获取镜像<\/h3> docker pull kalilinux\/kali-linux-docker <\/span><\/span># 使用非官方仓库<\/span> <\/span><\/span>docker pull hub.c.163.com\/public\/ubuntu:14.04 <\/span><\/span><\/code><\/pre>2. 列出镜像<\/h3> docker images <\/span><\/span><\/code><\/pre>输出字段说明:<\/p> REPOSITORY: 镜像来源仓库<\/li> TAG: 镜像标签<\/li> IMAGE ID: 唯一标识镜像的ID<\/li> CREATED: 创建时间<\/li> SIZE: 镜像大小<\/li> <\/ul> 3. 添加镜像标签<\/h3> docker tag kalilinux\/kali-linux-docker:latest kalilinux:latest <\/span><\/span><\/code><\/pre>4. 查看镜像详细信息<\/h3> docker inspect kalilinux:latest <\/span><\/span><\/code><\/pre>5. 查看镜像历史<\/h3> docker history kalilinux:latest <\/span><\/span><\/code><\/pre>6. 搜索镜像<\/h3> docker search --filter=<\/span>is-automated=<\/span>true --filter=<\/span>stars=<\/span>3<\/span> kali <\/span><\/span><\/code><\/pre>7. 删除镜像<\/h3> # 删除标签<\/span> <\/span><\/span>docker rmi kalilinux\/kali-linux-docker:latest <\/span><\/span># 强制删除镜像(包括所有标签)<\/span> <\/span><\/span>docker rmi -f 8ececeaf404d <\/span><\/span><\/code><\/pre>8. 创建镜像<\/h3> 基于已有容器创建<\/h4> # 创建容器并安装软件<\/span> <\/span><\/span>docker run -it kalilinux:latest \/bin\/bash <\/span><\/span>apt update &&<\/span> apt install metasploit-framework <\/span><\/span>exit <\/span><\/span> <\/span><\/span># 提交为新镜像<\/span> <\/span><\/span>docker commit -m "install msf"<\/span> -a "zeroyu"<\/span> de573c5f5dc6 kalilinux:0.1 <\/span><\/span><\/code><\/pre>基于本地模板导入<\/h4> docker import ... <\/span><\/span><\/code><\/pre>9. 镜像导出与导入<\/h3> 导出镜像<\/h4> docker save -o docker_for_msf.tar kalilinux:0.1 <\/span><\/span># 或<\/span> <\/span><\/span>docker export 77e93d18a6a5 > test.tar <\/span><\/span><\/code><\/pre>导入镜像<\/h4> docker load --input docker_for_msf.tar <\/span><\/span># 或<\/span> <\/span><\/span>docker load < docker_for_msf.tar <\/span><\/span><\/code><\/pre>10. 上传镜像<\/h3> docker push kalilinux:0.1 <\/span><\/span><\/code><\/pre>四、容器操作<\/h2> 1. 容器创建与启动<\/h3> 创建容器(不自动启动)<\/h4> docker create -it kalilinux:0.1 <\/span><\/span><\/code><\/pre>启动容器<\/h4> docker start 2bc48b88a424 <\/span><\/span><\/code><\/pre>创建并启动容器<\/h4> docker run kalilinux:0.1 \/bin\/echo 'zeroyu'<\/span> <\/span><\/span><\/code><\/pre>交互式运行容器<\/h4> docker run -it kalilinux:0.1 \/bin\/bash <\/span><\/span><\/code><\/pre>守护态运行容器<\/h4> docker run -d kalilinux:0.1 \/bin\/sh -c "while true; do echo zeroyu; sleep 1; done"<\/span> <\/span><\/span><\/code><\/pre>2. 容器终止<\/h3> docker stop 8888<\/span> <\/span><\/span>docker start 073<\/span> # 重新启动<\/span> <\/span><\/span>docker restart 073<\/span> # 先终止再启动<\/span> <\/span><\/span><\/code><\/pre>3. 进入容器<\/h3> 使用attach命令<\/h4> docker attach stupefied_gates <\/span><\/span><\/code><\/pre>使用exec命令<\/h4> docker exec -it 77e93d18a6a5 \/bin\/bash <\/span><\/span><\/code><\/pre>4. 删除容器<\/h3> docker stop 77e93d18a6a5 <\/span><\/span>docker rm 77e93d18a6a5 <\/span><\/span><\/code><\/pre>5. 容器导出与导入<\/h3> 导出容器<\/h4> docker export -o test.tar 77e93d18a6a5 <\/span><\/span><\/code><\/pre>导入容器<\/h4> docker import test.tar - test\/kalilinux:v1.0 <\/span><\/span><\/code><\/pre>五、数据管理<\/h2> 1. 挂载本地目录<\/h3> docker run -it -P --name db -v \/tmp:\/opt\/tmp_test:rw kalilinux:0.1 \/bin\/sh <\/span><\/span><\/code><\/pre>六、网络与端口<\/h2> 1. 端口映射<\/h3> # 映射到任意端口<\/span> <\/span><\/span>docker run -it -d -P kalilinux:v0.2 <\/span><\/span> <\/span><\/span># 指定端口映射<\/span> <\/span><\/span>docker run -it -d -p 5000:5000 kalilinux:v0.2 <\/span><\/span><\/code><\/pre>七、实用案例<\/h2> 1. 在Docker中使用Empire框架<\/h3> # 启动Empire容器<\/span> <\/span><\/span>docker run -it -d -p 5000:5000 kalilinux:v0.2 <\/span><\/span> <\/span><\/span># 进入容器<\/span> <\/span><\/span>docker attach container_id <\/span><\/span> <\/span><\/span># 启动Empire<\/span> <\/span><\/span>cd \/home\/Empire <\/span><\/span>.\/empire <\/span><\/span><\/code><\/pre>2. 设置监听器<\/h3> (Empire) > listeners (Empire: listeners) > uselistener http (Empire: listeners\/http) > set Name docker (Empire: listeners\/http) > set Host http:\/\/your_vps_ip:5000 (Empire: listeners\/http) > execute <\/code><\/pre> 3. 生成Payload<\/h3> (Empire: listeners) > usestager windows\/launcher (Empire: stager\/windows\/launcher) > set Listener docker (Empire: stager\/windows\/launcher) > generate <\/code><\/pre> 八、最佳实践<\/h2> 使用国内镜像源加速下载<\/li> 为镜像添加有意义的标签<\/li> 使用数据卷管理持久化数据<\/li> 合理规划端口映射<\/li> 定期清理无用镜像和容器<\/li> 使用Dockerfile构建标准化镜像<\/li> 为生产环境配置适当的安全策略<\/li> <\/ol> 九、常见问题<\/h2> 删除镜像失败<\/strong>: 确保没有容器在使用该镜像<\/li> 端口冲突<\/strong>: 检查主机端口是否已被占用<\/li> 权限问题<\/strong>: 使用sudo<\/code>或将用户加入docker组<\/li> 存储空间不足<\/strong>: 定期清理无用镜像和容器<\/li> 网络连接问题<\/strong>: 检查防火墙和网络配置<\/li> <\/ol>