{"id":13338,"date":"2024-11-15T17:28:56","date_gmt":"2024-11-15T09:28:56","guid":{"rendered":"https:\/\/fwq.ai\/blog\/13338\/"},"modified":"2024-11-15T17:28:56","modified_gmt":"2024-11-15T09:28:56","slug":"docker%e4%b8%ad%e7%9a%84%e5%af%86%e9%92%a5%e7%ae%a1%e7%90%86%ef%bc%9a%e5%a6%82%e4%bd%95%e9%80%9a%e8%bf%87docker%e5%ae%9e%e7%8e%b0%e5%8a%a0%e5%af%86%e4%b8%8e%e5%ae%89%e5%85%a8%e4%bc%a0%e8%be%93","status":"publish","type":"post","link":"https:\/\/fwq.ai\/blog\/13338\/","title":{"rendered":"Docker\u4e2d\u7684\u5bc6\u94a5\u7ba1\u7406\uff1a\u5982\u4f55\u901a\u8fc7Docker\u5b9e\u73b0\u52a0\u5bc6\u4e0e\u5b89\u5168\u4f20\u8f93"},"content":{"rendered":"

Docker\u4e2d\u7684\u5bc6\u94a5\u7ba1\u7406\uff1a\u5982\u4f55\u901a\u8fc7Docker\u5b9e\u73b0\u52a0\u5bc6\u4e0e\u5b89\u5168\u4f20\u8f93<\/h1>\n

\u5728\u73b0\u4ee3\u8f6f\u4ef6\u5f00\u53d1\u4e2d\uff0c\u5b89\u5168\u6027\u662f\u4e00\u4e2a\u4e0d\u53ef\u5ffd\u89c6\u7684\u91cd\u8981\u56e0\u7d20\u3002\u968f\u7740\u5bb9\u5668\u5316\u6280\u672f\u7684\u666e\u53ca\uff0cDocker\u6210\u4e3a\u4e86\u8bb8\u591a\u5f00\u53d1\u8005\u548c\u8fd0\u7ef4\u4eba\u5458\u7684\u9996\u9009\u5de5\u5177\u3002\u7136\u800c\uff0c\u5982\u4f55\u5728Docker\u73af\u5883\u4e2d\u6709\u6548\u5730\u7ba1\u7406\u5bc6\u94a5\u548c\u654f\u611f\u4fe1\u606f\uff0c\u786e\u4fdd\u6570\u636e\u7684\u52a0\u5bc6\u4e0e\u5b89\u5168\u4f20\u8f93\uff0c\u4ecd\u7136\u662f\u4e00\u4e2a\u4e9f\u5f85\u89e3\u51b3\u7684\u95ee\u9898\u3002<\/p>\n

\u5bc6\u94a5\u7ba1\u7406\u7684\u91cd\u8981\u6027<\/h2>\n

\u5bc6\u94a5\u7ba1\u7406\u662f\u4fe1\u606f\u5b89\u5168\u7684\u6838\u5fc3\u7ec4\u6210\u90e8\u5206\u3002\u65e0\u8bba\u662fAPI\u5bc6\u94a5\u3001\u6570\u636e\u5e93\u51ed\u8bc1\uff0c\u8fd8\u662fSSL\u8bc1\u4e66\uff0c\u59a5\u5584\u7ba1\u7406\u8fd9\u4e9b\u654f\u611f\u4fe1\u606f\u5bf9\u4e8e\u4fdd\u62a4\u5e94\u7528\u7a0b\u5e8f\u548c\u7528\u6237\u6570\u636e\u81f3\u5173\u91cd\u8981\u3002\u5728Docker\u4e2d\uff0c\u5bb9\u5668\u7684\u5feb\u901f\u90e8\u7f72\u548c\u7075\u6d3b\u6027\u4f7f\u5f97\u5bc6\u94a5\u7ba1\u7406\u53d8\u5f97\u66f4\u52a0\u590d\u6742\uff0c\u56e0\u6b64\u9700\u8981\u91c7\u53d6\u6709\u6548\u7684\u7b56\u7565\u6765\u786e\u4fdd\u5b89\u5168\u6027\u3002<\/p>\n

Docker\u4e2d\u7684\u5bc6\u94a5\u7ba1\u7406\u7b56\u7565<\/h2>\n

1. \u4f7f\u7528Docker Secrets<\/h3>\n

Docker\u63d0\u4f9b\u4e86\u4e00\u4e2a\u540d\u4e3aDocker Secrets\u7684\u529f\u80fd\uff0c\u4e13\u95e8\u7528\u4e8e\u7ba1\u7406\u654f\u611f\u6570\u636e\u3002Docker Secrets\u5141\u8bb8\u7528\u6237\u5728Swarm\u6a21\u5f0f\u4e0b\u5b89\u5168\u5730\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u94a5\u3002\u901a\u8fc7Docker Secrets\uff0c\u7528\u6237\u53ef\u4ee5\u5c06\u654f\u611f\u4fe1\u606f\u4ee5\u52a0\u5bc6\u7684\u5f62\u5f0f\u5b58\u50a8\uff0c\u5e76\u5728\u9700\u8981\u65f6\u5c06\u5176\u5b89\u5168\u5730\u4f20\u9012\u7ed9\u5bb9\u5668\u3002<\/p>\n

docker secret create my_secret my_secret.txt<\/code><\/pre>\n
\u5728\u521b\u5efa\u4e86\u5bc6\u94a5\u540e\uff0c\u53ef\u4ee5\u5728\u670d\u52a1\u4e2d\u4f7f\u7528\u8be5\u5bc6\u94a5\uff1a<\/p>\n
docker service create --name my_service --secret my_secret my_image<\/code><\/pre>\n
2. \u73af\u5883\u53d8\u91cf\u7684\u4f7f\u7528<\/h3>\n
\u867d\u7136\u73af\u5883\u53d8\u91cf\u662f\u4f20\u9012\u914d\u7f6e\u548c\u5bc6\u94a5\u7684\u5e38\u89c1\u65b9\u5f0f\uff0c\u4f46\u5b83\u4eec\u5e76\u4e0d\u662f\u6700\u5b89\u5168\u7684\u9009\u62e9\u3002\u73af\u5883\u53d8\u91cf\u53ef\u4ee5\u88ab\u5bb9\u5668\u5185\u7684\u4efb\u4f55\u8fdb\u7a0b\u8bbf\u95ee\uff0c\u56e0\u6b64\u5728\u4f7f\u7528\u65f6\u9700\u8981\u8c28\u614e\u3002\u4e3a\u4e86\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u53ef\u4ee5\u4f7f\u7528Docker Compose\u6587\u4ef6\u4e2d\u7684\u73af\u5883\u53d8\u91cf\uff0c\u5e76\u7ed3\u5408Docker Secrets\u4f7f\u7528\u3002<\/p>\n
version: '3.1'\nservices:\n  my_service:\n    image: my_image\n    environment:\n      - MY_SECRET=${MY_SECRET}\n    secrets:\n      - my_secret\n\nsecrets:\n  my_secret:\n    external: true<\/code><\/pre>\n
3. \u4f7f\u7528\u5916\u90e8\u5bc6\u94a5\u7ba1\u7406\u5de5\u5177<\/h3>\n
\u9664\u4e86Docker\u5185\u7f6e\u7684\u5bc6\u94a5\u7ba1\u7406\u529f\u80fd\uff0c\u8bb8\u591a\u5916\u90e8\u5de5\u5177\u4e5f\u53ef\u4ee5\u5e2e\u52a9\u7ba1\u7406\u5bc6\u94a5\u3002\u4f8b\u5982\uff0cHashiCorp Vault\u3001AWS Secrets Manager\u548cAzure Key Vault\u7b49\u3002\u8fd9\u4e9b\u5de5\u5177\u63d0\u4f9b\u4e86\u66f4\u5f3a\u5927\u7684\u529f\u80fd\uff0c\u5982\u52a8\u6001\u5bc6\u94a5\u751f\u6210\u3001\u8bbf\u95ee\u63a7\u5236\u548c\u5ba1\u8ba1\u65e5\u5fd7\u7b49\u3002<\/p>\n
\u52a0\u5bc6\u4e0e\u5b89\u5168\u4f20\u8f93<\/h2>\n
\u5728Docker\u4e2d\uff0c\u786e\u4fdd\u6570\u636e\u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u7684\u5b89\u5168\u6027\u540c\u6837\u91cd\u8981\u3002\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u51e0\u79cd\u65b9\u5f0f\u5b9e\u73b0\u6570\u636e\u7684\u52a0\u5bc6\u4e0e\u5b89\u5168\u4f20\u8f93\uff1a<\/p>\n
1. \u4f7f\u7528TLS\u52a0\u5bc6<\/h3>\n
\u5728Docker\u4e2d\uff0c\u53ef\u4ee5\u901a\u8fc7\u542f\u7528TLS\u6765\u52a0\u5bc6Docker\u5b88\u62a4\u8fdb\u7a0b\u4e0e\u5ba2\u6237\u7aef\u4e4b\u95f4\u7684\u901a\u4fe1\u3002\u901a\u8fc7\u914d\u7f6eTLS\u8bc1\u4e66\uff0c\u53ef\u4ee5\u786e\u4fdd\u6570\u636e\u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u4e0d\u88ab\u7a83\u53d6\u6216\u7be1\u6539\u3002<\/p>\n
2. \u7f51\u7edc\u9694\u79bb<\/h3>\n
Docker\u63d0\u4f9b\u4e86\u7f51\u7edc\u9694\u79bb\u7684\u529f\u80fd\uff0c\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u81ea\u5b9a\u4e49\u7f51\u7edc\u6765\u9650\u5236\u5bb9\u5668\u4e4b\u95f4\u7684\u901a\u4fe1\u3002\u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f\uff0c\u53ef\u4ee5\u6709\u6548\u5730\u51cf\u5c11\u6f5c\u5728\u7684\u653b\u51fb\u9762\u3002<\/p>\n
3. \u4f7f\u7528VPN<\/h3>\n
\u5728\u9700\u8981\u8de8\u7f51\u7edc\u4f20\u8f93\u654f\u611f\u6570\u636e\u65f6\uff0c\u53ef\u4ee5\u8003\u8651\u4f7f\u7528VPN\u3002VPN\u53ef\u4ee5\u4e3a\u6570\u636e\u4f20\u8f93\u63d0\u4f9b\u989d\u5916\u7684\u52a0\u5bc6\u5c42\uff0c\u786e\u4fdd\u6570\u636e\u5728\u516c\u5171\u7f51\u7edc\u4e2d\u7684\u5b89\u5168\u6027\u3002<\/p>\n
\u603b\u7ed3<\/h2>\n
\u5728Docker\u73af\u5883\u4e2d\uff0c\u5bc6\u94a5\u7ba1\u7406\u548c\u6570\u636e\u5b89\u5168\u4f20\u8f93\u662f\u786e\u4fdd\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u7684\u5173\u952e\u3002\u901a\u8fc7\u4f7f\u7528Docker Secrets\u3001\u73af\u5883\u53d8\u91cf\u3001\u5916\u90e8\u5bc6\u94a5\u7ba1\u7406\u5de5\u5177\u4ee5\u53ca\u52a0\u5bc6\u6280\u672f\uff0c\u53ef\u4ee5\u6709\u6548\u5730\u4fdd\u62a4\u654f\u611f\u4fe1\u606f\u548c\u6570\u636e\u4f20\u8f93\u7684\u5b89\u5168\u3002\u5bf9\u4e8e\u5e0c\u671b\u5728\u4e91\u73af\u5883\u4e2d\u5b9e\u73b0\u66f4\u9ad8\u5b89\u5168\u6027\u7684\u7528\u6237\uff0c\u9009\u62e9\u5408\u9002\u7684\u670d\u52a1\u5668\u548c\u670d\u52a1\u63d0\u4f9b\u5546\u81f3\u5173\u91cd\u8981\u3002\u7c73\u4e91\u63d0\u4f9b\u591a\u79cd\u89e3\u51b3\u65b9\u6848\uff0c\u5305\u62ec\u7f8e\u56fdVPS<\/a>\u3001\u4e91\u670d\u52a1\u5668<\/a>\u7b49\uff0c\u5e2e\u52a9\u7528\u6237\u5728\u5b89\u5168\u7684\u73af\u5883\u4e2d\u90e8\u7f72\u548c\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
Docker\u4e2d\u7684\u5bc6\u94a5\u7ba1\u7406\uff1a\u5982\u4f55\u901a\u8fc7Docker\u5b9e\u73b0\u52a0\u5bc6\u4e0e\u5b89\u5168\u4f20\u8f93 \u5728\u73b0\u4ee3\u8f6f\u4ef6\u5f00\u53d1\u4e2d\uff0c\u5b89\u5168\u6027\u662f\u4e00\u4e2a\u4e0d\u53ef\u5ffd\u89c6\u7684\u91cd\u8981\u56e0\u7d20\u3002\u968f\u7740\u5bb9\u5668\u5316\u6280\u672f\u7684\u666e\u53ca\uff0cDocker\u6210\u4e3a\u4e86\u8bb8\u591a\u5f00\u53d1\u8005\u548c\u8fd0\u7ef4\u4eba\u5458\u7684\u9996\u9009\u5de5\u5177\u3002\u7136\u800c\uff0c\u5982\u4f55\u5728Docker\u73af\u5883\u4e2d\u6709\u6548\u5730\u7ba1\u7406\u5bc6\u94a5\u548c\u654f\u611f\u4fe1\u606f\uff0c\u786e\u4fdd\u6570\u636e\u7684\u52a0\u5bc6\u4e0e\u5b89\u5168\u4f20\u8f93\uff0c\u4ecd\u7136\u662f\u4e00\u4e2a\u4e9f\u5f85\u89e3\u51b3\u7684\u95ee\u9898\u3002 \u5bc6\u94a5\u7ba1\u7406\u7684\u91cd\u8981\u6027 \u5bc6\u94a5\u7ba1\u7406\u662f\u4fe1\u606f\u5b89\u5168\u7684\u6838\u5fc3\u7ec4\u6210\u90e8\u5206\u3002\u65e0\u8bba\u662fAPI\u5bc6\u94a5\u3001\u6570\u636e\u5e93\u51ed\u8bc1\uff0c\u8fd8\u662fSSL\u8bc1\u4e66\uff0c\u59a5\u5584\u7ba1\u7406\u8fd9\u4e9b\u654f\u611f\u4fe1\u606f\u5bf9\u4e8e\u4fdd\u62a4\u5e94\u7528\u7a0b\u5e8f\u548c\u7528\u6237\u6570\u636e\u81f3\u5173\u91cd\u8981\u3002\u5728Docker\u4e2d\uff0c\u5bb9\u5668\u7684\u5feb\u901f\u90e8\u7f72\u548c\u7075\u6d3b\u6027\u4f7f\u5f97\u5bc6\u94a5\u7ba1\u7406\u53d8\u5f97\u66f4\u52a0\u590d\u6742\uff0c\u56e0\u6b64\u9700\u8981\u91c7\u53d6\u6709\u6548\u7684\u7b56\u7565\u6765\u786e\u4fdd\u5b89\u5168\u6027\u3002 Docker\u4e2d\u7684\u5bc6\u94a5\u7ba1\u7406\u7b56\u7565 1. \u4f7f\u7528Docker Secrets Docker\u63d0\u4f9b\u4e86\u4e00\u4e2a\u540d\u4e3aDocker Secrets\u7684\u529f\u80fd\uff0c\u4e13\u95e8\u7528\u4e8e\u7ba1\u7406\u654f\u611f\u6570\u636e\u3002Docker Secrets\u5141\u8bb8\u7528\u6237\u5728Swarm\u6a21\u5f0f\u4e0b\u5b89\u5168\u5730\u5b58\u50a8\u548c\u7ba1\u7406\u5bc6\u94a5\u3002\u901a\u8fc7Docker Secrets\uff0c\u7528\u6237\u53ef\u4ee5\u5c06\u654f\u611f\u4fe1\u606f\u4ee5\u52a0\u5bc6\u7684\u5f62\u5f0f\u5b58\u50a8\uff0c\u5e76\u5728\u9700\u8981\u65f6\u5c06\u5176\u5b89\u5168\u5730\u4f20\u9012\u7ed9\u5bb9\u5668\u3002 docker secret create my_secret my_secret.txt \u5728\u521b\u5efa\u4e86\u5bc6\u94a5\u540e\uff0c\u53ef\u4ee5\u5728\u670d\u52a1\u4e2d\u4f7f\u7528\u8be5\u5bc6\u94a5\uff1a docker service create –name my_service –secret my_secret my_image 2. \u73af\u5883\u53d8\u91cf\u7684\u4f7f\u7528 \u867d\u7136\u73af\u5883\u53d8\u91cf\u662f\u4f20\u9012\u914d\u7f6e\u548c\u5bc6\u94a5\u7684\u5e38\u89c1\u65b9\u5f0f\uff0c\u4f46\u5b83\u4eec\u5e76\u4e0d\u662f\u6700\u5b89\u5168\u7684\u9009\u62e9\u3002\u73af\u5883\u53d8\u91cf\u53ef\u4ee5\u88ab\u5bb9\u5668\u5185\u7684\u4efb\u4f55\u8fdb\u7a0b\u8bbf\u95ee\uff0c\u56e0\u6b64\u5728\u4f7f\u7528\u65f6\u9700\u8981\u8c28\u614e\u3002\u4e3a\u4e86\u63d0\u9ad8\u5b89\u5168\u6027\uff0c\u53ef\u4ee5\u4f7f\u7528Docker Compose\u6587\u4ef6\u4e2d\u7684\u73af\u5883\u53d8\u91cf\uff0c\u5e76\u7ed3\u5408Docker Secrets\u4f7f\u7528\u3002 version: ‘3.1’ services: my_service: image: my_image environment: – MY_SECRET=${MY_SECRET} secrets: – my_secret secrets: my_secret: external: true 3. \u4f7f\u7528\u5916\u90e8\u5bc6\u94a5\u7ba1\u7406\u5de5\u5177 \u9664\u4e86Docker\u5185\u7f6e\u7684\u5bc6\u94a5\u7ba1\u7406\u529f\u80fd\uff0c\u8bb8\u591a\u5916\u90e8\u5de5\u5177\u4e5f\u53ef\u4ee5\u5e2e\u52a9\u7ba1\u7406\u5bc6\u94a5\u3002\u4f8b\u5982\uff0cHashiCorp Vault\u3001AWS Secrets Manager\u548cAzure Key Vault\u7b49\u3002\u8fd9\u4e9b\u5de5\u5177\u63d0\u4f9b\u4e86\u66f4\u5f3a\u5927\u7684\u529f\u80fd\uff0c\u5982\u52a8\u6001\u5bc6\u94a5\u751f\u6210\u3001\u8bbf\u95ee\u63a7\u5236\u548c\u5ba1\u8ba1\u65e5\u5fd7\u7b49\u3002 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-13338","post","type-post","status-publish","format-standard","hentry","category-docker"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/13338","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=13338"}],"version-history":[{"count":0,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/13338\/revisions"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=13338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=13338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=13338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}