One Command Docker
本文收集了常用 Docker 应用的一键部署命令
1. 代理
1.1 Zerotier 内网穿透神器
需要首先到官网注册账号
docker run --restart always --name zerotier --network host --cap-add NET_ADMIN --device /dev/net/tun \
-v /var/lib/zerotier-one:/var/lib/zerotier-one -m 64MB -d zerotier/zerotier:1.10.6 <网络ID>
1.2 frp 内网穿透的反向代理
# 客户端
sudo tee /etc/frp/frpc.ini << EOF
[common]
token = <密钥>
server_addr = <服务端IP>
server_port = 7000
EOF
docker run --restart always --name frpc --network host -v /etc/frp:/etc/frp \
-v /etc/localtime:/etc/localtime:ro -m 128MB -d snowdreamtech/frpc:0.48.0
# 服务端
sudo tee /etc/frp/frps.ini << EOF
[common]
bind_port = 7000
bind_udp_port = 7000
vhost_http_port = 8080
vhost_https_port = 8443
token = <TOKEN>
EOF
docker run --restart always --name frps --network host -v /etc/frp:/etc/frp \
-p 0.0.0.0:7000:7000 -p 0.0.0.0:7000:7000/udp -m 128MB \
-v /etc/localtime:/etc/localtime:ro -d snowdreamtech/frps:0.48.0
详细配置参考 https://gofrp.org/docs/
1.3 Traefik 动态配置的云原生反向代理
docker run --restart always --name traefik --network host -v traefik:/data \
-e ALICLOUD_ACCESS_KEY -e ALICLOUD_SECRET_KEY -m 64MB \
-v /var/run/docker.sock:/var/run/docker.sock -d traefik \
--providers.docker.exposedbydefault=false \
--accesslog.filepath=/dev/stdout \
--entrypoints.web.address=:80 \
--entrypoints.web.http.redirections.entryPoint.to=websecure \
--entrypoints.websecure.address=:443 \
--entrypoints.websecure.http.tls.certResolver=leresolver \
--entrypoints.websecure.http.tls.domains[0].main=domain.com \
--entrypoints.websecure.http.tls.domains[0].sans=*.domain.com \
--certificatesresolvers.leresolver.acme.email=admin@domain.com \
--certificatesresolvers.leresolver.acme.storage=/data/acme.json \
--certificatesresolvers.leresolver.acme.dnschallenge.provider=alidns
官方文档 https://doc.traefik.io/traefik/https/acme/
2. 证书签发
# 创建守护进程
docker run --restart always --name acme --network host -v /opt/certs:/acme.sh --env-file /opt/acme.env -d neilpang/acme.sh daemon
# 第一次使用创建账户
docker exec -it acme acme.sh --register-account -m admin@domain.com
# 申请泛域名证书
docker exec -it acme acme.sh --issue --dns dns_ali -d domain.com -d *.domain.com
3. 数据存储
3.1 NextCloud 私有网盘
sudo tee /opt/apache/000-default.conf << EOF
<VirtualHost *:80>
ServerName domain.com
Redirect permanent / https://domain.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName domain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/apache2/sites-available/domain.com.pem
SSLCertificateKeyFile /etc/apache2/sites-available/domain.com.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
EOF
docker build -t nextcloud -<<EOF
FROM nextcloud:stable
RUN a2enmod ssl
EOF
docker run --restart always --name nextcloud --network host -h domain.com \
-e SMTP_HOST=smtpdm.aliyun.com -e SMTP_SECURE=ssl -e SMTP_NAME -e SMTP_PASSWORD \
-v /opt/apache:/etc/apache2/sites-available -v /media/nextcloud:/var/www/html \
-m 1024MB -d nextcloud
官方仓库 https://github.com/nextcloud/docker
3.2 FileBrowser 轻量级 HTTP 文件服务器
touch filebrowser.db
docker run --restart always --name filebrowser --network host -v /media:/srv --no-healthcheck \
-l 'traefik.http.routers.filebrowser.rule=Host(`pan.domain.com`) && ClientIP(`192.168.1.0/16`)' \
-l 'traefik.http.services.filebrowser.loadbalancer.server.port=8380' -l 'traefik.enable=true' \
-v $(pwd)/filebrowser.db:/database.db -m 256MB -d filebrowser/filebrowser:v2 -a 127.0.0.1 -p 8380
官方文档 https://filebrowser.org/
3.3 Cloudreve 公私兼备的网盘系统
mkdir -p uploads avatar && touch cloudreve.db
# 基于 Traefik 部署
docker run --restart always --name cloudreve --network kind \
-v $(pwd)/cloudreve.db:/cloudreve/cloudreve.db \
-v $(pwd)/uploads:/cloudreve/uploads --tmpfs /data \
-v $(pwd)/avatar:/cloudreve/avatar \
-l 'traefik.http.routers.cloudreve.rule=Host(`pan.domain.com`)' \
-l 'traefik.http.services.cloudreve.loadbalancer.server.port=5212' \
-l 'traefik.enable=true' -m 128MB -d cloudreve/cloudreve
# 独立部署
sudo tee conf.ini << EOF
[SSL]
Listen = :443
CertPath = /data/fullchain.cer
KeyPath = /data/domain.com.key
[Database]
DBFile = cloudreve.db
EOF
docker run --restart always --name cloudreve --network host \
-v $(pwd)/conf.ini:/cloudreve/conf.ini \
-v $(pwd)/cloudreve.db:/cloudreve/cloudreve.db \
-v $(pwd)/uploads:/cloudreve/uploads \
-v $(pwd)/avatar:/cloudreve/avatar \
-v /opt/certs/domain.com:/data -m 128MB -d cloudreve/cloudreve
官方文档 https://docs.cloudreve.org/
3.4 Rclone
docker run --restart always --network host --name rclone -v /media/downloads:/srv \
-d rclone/rclone serve http /srv --read-only
官方文档 https://rclone.org/docs/
3.5 icloudpd iCloud同步工具
docker run --rm --network host --name icloudpd -e TZ=Asia/Shanghai \
-v /media/Photos:/data -v icloudpd:/cookies \
-it icloudpd/icloudpd:1.13.0 icloudpd --size original \
--directory /data --cookie-directory /cookies \
--folder-structure {:%Y/%Y-%m-%d} \
--username testuser@example.com \
--password pass1234
4. 下载工具
4.1 迅雷
docker run --restart always --name=xunlei --network host -h `hostname` --privileged \
-e UID=$(id -u) -e GID=$(id -g) -e XL_WEB_ADDRESS=127.0.0.1 --cpus 1.0 -m 1GB \
-l 'traefik.http.routers.xunlei.rule=Host(`xl.domain.com`) && ClientIP(`192.168.1.0/16`)' \
-l 'traefik.http.services.xunlei.loadbalancer.server.port=2345' -l 'traefik.enable=true' \
-v xunlei:/xunlei/data -v /media/downloads:/xunlei/downloads -d cnk3x/xunlei:3.5.2
4.2 Aria2 轻量级下载工具
- 推荐安装 Chrome 扩展 Aria2 Explorer
docker run --restart always --name aria2 --network host -h `hostname` \
-e RPC_SECRET=dietpi -e PUID=$(id -u) -e PGID=$(id -g) -m 512MB \
-l 'traefik.http.routers.aria2.rule=Host(`aria2.domain.com`) && ClientIP(`192.168.1.0/16`)' \
-l 'traefik.http.services.aria2.loadbalancer.server.port=6800' -l 'traefik.enable=true' \
-v aria2:/config -v /media/downloads:/downloads -d p3terx/aria2-pro
更好用的 Aria2 Docker 容器镜像
4.3 Transmission
docker run --restart always --name transmission --network host -h `hostname` \
-e PUID=$(id -u) -e PGID=$(id -g) -e TZ=Asia/Shanghai -e WHITELIST=127.0.0.1 -m 512MB \
-l 'traefik.http.routers.transmission.rule=Host(`dl.domain.com`) && ClientIP(`192.168.1.0/16`)' \
-l 'traefik.http.services.transmission.loadbalancer.server.port=9091' -l 'traefik.enable=true' \
-v transmission:/config -v /media/downloads:/downloads -d linuxserver/transmission:4.0.2
4.4 百度云盘
docker run --restart always --name baidunetdisk --network host -v baidunetdisk:/config \
-l 'traefik.http.routers.baidunetdisk.rule=Host(`baidu.domain.com`) && ClientIP(`192.168.1.0/16`)' \
-l 'traefik.http.services.baidunetdisk.loadbalancer.server.port=5800' -l 'traefik.enable=true' \
-v /media/downloads:/config/baidunetdiskdownload -d johngong/baidunetdisk