docker学习以及基础web题目部署

0x01 前言

docker必须要会啊,虽然折磨了我好久好久

这里使用的是抽奖得到的DK盾Ubuntu22

0x02 action

安装

1
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

启动+拉取最简单的镜像

1
2
systemctl start docker
systemctl status docker

配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
sudo vim /etc/docker/daemon.json

{
"registry-mirrors": [
"https://registry.aliyuncs.com",
"https://docker.mirrors.ustc.edu.cn",
"https://hub-mirror.c.163.com"
]
}


sudo vim /etc/resolv.conf

nameserver 8.8.8.8
nameserver 8.8.4.4

root@dknbqF4vOoSucynS:~# nslookup registry-1.docker.io
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: registry-1.docker.io
Address: 162.125.18.133
Name: registry-1.docker.io
Address: 2a03:2880:f11f:83:face:b00c:0:25de

sudo vim /etc/hosts
162.125.18.133 registry-1.docker.io


sudo modprobe br_netfilter
sudo modprobe bridge

sudo sysctl net.bridge.bridge-nf-call-iptables=1
sudo sysctl net.bridge.bridge-nf-call-ip6tables=1
echo "br_netfilter" | sudo tee -a /etc/modules
echo "bridge" | sudo tee -a /etc/modules

重启
sudo systemctl daemon-reload
sudo systemctl restart docker

然后登录阿里docker凭证

1
2
3
4
注册在这个网址
https://cr.console.aliyun.com/cn-hangzhou/instance/credentials

sudo docker login --username=aliyun9090068806 crpi-l92fc6grcavaj4dv.cn-hangzhou.personal.cr.aliyuncs.com

发现还是走官网的,不知道为什么换源不成功,再换一次

1
2
3
4
5
6
7
8
9
10
11
12
13
sudo rm /etc/docker/daemon.json
sudo vim /etc/docker/daemon.json


{
"registry-mirrors": [
"https://docker.proxy.coolnom.cn",
"https://hub-us1.tianguyin.com/"
]
}

sudo systemctl daemon-reload
sudo systemctl restart docker

随便搞个镜像看看行不行,这里是一个php的RCE题目,代码在

1
https://q1anchen.com/2023/CTF/Web-docker/41683085.html

这位师傅写的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
sudo docker build -t webx:latest .

sudo docker run -d -p 8080:80 --name webx_container webx:latest

sudo docker ps
进入当前容器
sudo docker exec -it webx_container /bin/bash
退出当前容器

exit
停止容器
sudo docker stop webx_container
删除容器
sudo docker rm webx_container
删除镜像
sudo docker rmi webx:latest

终于成功了,谢谢两位师傅kongtianguyin

安装nginx

这里我是台新机器所以顺便安装一个

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
sudo apt update
如果这里之后有一个选项直接enter就行
sudo apt install nginx

开机自启动nginx,方便使用
sudo systemctl start nginx
sudo systemctl enable nginx

sudo apt install php-fpm php-mysql

自己按需求更改,这里我就改了个端口
sudo vim /etc/nginx/sites-available/default

sudo nginx -t
sudo systemctl restart nginx
sudo systemctl status nginx


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
root@dkcjbRCL8kgaNGz:/mysite/mysite# python3 app.py
* Serving Flask app 'app'
* Debug mode: on
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. * Running on all addresses (0.0.0.0)
* Running on http://127.0.0.1:5000
* Running on http://27.25.151.48:5000
Press CTRL+C to quit
* Restarting with stat
* Debugger is active!
* Debugger PIN: 925-107-116

root@dknbqF4vOoSucynS:/mysite/mysite# python3 app.py
* Serving Flask app 'app'
* Debug mode: on
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. * Running on all addresses (0.0.0.0)
* Running on http://127.0.0.1:5000
* Running on http://10.0.7.2:5000
Press CTRL+C to quit
* Restarting with stat
* Debugger is active!
* Debugger PIN: 329-014-986

然后我这里是搭建了一个flask的题目

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
unzip /mysite.zip -d /mysite

创建镜像
sudo docker build -t my_site:latest .

docker images

sudo docker run -d -p 5000:5000 --name my_site_container my_site:latest

sudo docker ps
停止容器
sudo docker stop my_site_container
删除容器
sudo docker rm my_site_container
删除镜像
sudo docker rmi my_site:latest
删除悬空镜像
sudo docker image prune
进容器内部
sudo docker exec -it my_site_container /bin/sh

我自己遇到的一些问题

1
2
3
4
5
6
7
8
9
10
11
12
13
Dockerfile写成dockerfile

mv dockerfile Dockerfile

格式不对Windows的文件格式和Linux不一样
file /mysite/mysite/start.sh
sudo apt-get install dos2unix
dos2unix /mysite/mysite/start.sh

ID问题,ID就是容器最前面那串数字
581cddd65fa6 my_site "/var/www/html/start…" 2 minutes ago Up 2 minutes 5000/tcp, 0.0.0.0:8000->80/tcp, [::]:8000->80/tcp inspiring_yonath

这里ID就是581cddd65fa6

打包

最后也是最重要的将Docker打包

1
sudo docker save -o my_site_image.tar my_site:latest

导出为镜像

1
2
3
4
5
sudo docker load -i /mysite/mysite/my_site_image.tar
直接做一个新镜像
sudo docker import my_site_image.tar my_site:latest

docker run -d -p 5000:5000 --name my_site_container my_site:latest /start.sh

或者是这种方式

1
2
3
4
5
6
7
8
9
sudo docker ps

sudo docker export 容器ID -o my_site.tar

sudo docker export 8e1bc2456012 -o my_site.tar
导出镜像为
sudo docker import my_site.tar my_site_exported:latest

docker run -d -p 5000:5000 my_site /start.sh

有时候可能会像我一样找不到路径emm没事

1
sudo find / -name my_site_image.tar

0x03 小结

写的比较乱,但是基础的命令是基本都有了,将就看看吧

谢谢中途对我有帮助的师傅!!