在Linux云VPS中再分小鸡出来(docker版)
在Linux云VPS中再分小鸡出来(docker版)
在docker创建ubuntu22.04系统容器
1:创建网络
docker network create --driver bridge --subnet=10.247.88.0/24 net88
docker network ls
2:建立容器
nano docker-compose.yml
services:
aapanel:
container_name: 10.247.88.2
image: ubuntu:22.04
restart: unless-stopped
volumes:
- ./root:/root
- ./www:/www
networks:
net88:
ipv4_address: 10.247.88.2
tty: true
command: /bin/bash -c "mkdir -p /run/sshd || /usr/sbin/sshd -D || tail -f /dev/null"
networks:
net88:
external: true
3:启动容器
docker compose down
docker compose up -d
docker ps
4:进入容器操作
docker exec -it 10.247.88.2 bash
mkdir -p ~/.ssh&&echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINczVrP1nQt56KrtY0zFDRYvNGjMVS2MphwNWXH5j7yg xixi-ed25519-20240206'>>~/.ssh/authorized_keys&&cat ~/.ssh/authorized_keys
passwd
apt update
apt install openssh-server nano
5: 将主机的 22 端口映射到容器的 22 端口
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 10.247.88.2 -j SNAT --to-source 154.12.247.88
iptables -t nat -A PREROUTING -p tcp -d 154.12.247.88 --dport 22 -j DNAT --to-destination 10.247.88.2:22
防火墙持久化
1:保存防火墙配置文件
iptables-save > /etc/network/iptables.up.rules
2:配置防火墙服务
nano /etc/systemd/system/iptables-load.service
[Unit]
Description=Load iptables rules
[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore /etc/network/iptables.up.rules
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
3:安装防火墙服务
systemctl daemon-reload
systemctl enable iptables-load.service
systemctl start iptables-load.service
本文来自博客园,作者:项希盛,转载请注明原文链接:https://www.cnblogs.com/xiangxisheng/p/18503153
