系统信息：[root@col-sabs network-scripts]# uname -r2.6.32-642.el6.x86_64[root@col-sabs network-scripts]# lsb_release -aLSB Version::base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarchDistributor ID:CentOSDescription:CentOS release 6.8 (Final)Release:6.8Codename:Final安装docker：yum install https://get.docker.com/rpm/1.7.1/centos-6/RPMS/x86_64/docker-engine-1.7.1-1.el6.x86_64.rpm配置镜像：/etc/sysconfig/docker 中加一行代码：other_args="--registry-mirror=https://hub-mirror.c.163.com"启动docker：service docker start记录一下centos6设置自启[root@col-sabs network-scripts]# chkconfig --list dockerdocker 0:off1:off2:on3:on4:on5:on6:off2,3,4,5都是on，说明docker自启动服务已开启。关闭自启：chkconfig docker off补充：可使用的docker-compose版本docker-compose-1.5.2RHEL6 and Centos6 most commonly use ancient docker-1.7.1 as installed with yum. It's only compatible with docker-compose-1.5.2 (or older), for which you can still (as of 2018) download a compiled binary:curl -L https://github.com/docker/compose/releases/download/1.5.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-composechmod a+x /usr/local/bin/docker-composeldd /usr/local/bin/docker-compose linux-vdso.so.1 = (0x00007ffffaed8000) libdl.so.2 = /lib64/libdl.so.2 (0x00007f9d5e0c3000) libz.so.1 = /lib64/libz.so.1 (0x00007f9d5dead000) libc.so.6 = /lib64/libc.so.6 (0x00007f9d5db19000) /lib64/ld-linux-x86-64.so.2 (0x00007f9d5e2c7000)Remember, your docker-compose.yml is limited to syntax version 1. Although that link says docker 1.7.1 is unsupported, it will work; I use it without problems.docker-compose.yml，只能使用1版本的docker-compose文件api: image: xxx:latest ports: - '18080:5000' volumes: - ./file:/app/fileui: image: xx:latest ports: - '18081:80'

m1芯片使用docker不方便，嫌弃占用高，因此使用vps的docker daemon，客户端只需要安装docker-cli服务端1.生成CA私钥文件ca-key.pemopenssl genrsa -aes256 -out ca-key.pem 40962.生成CA公钥文件ca.pemopenssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem3.基于CA文件生成server-key.pem文件openssl genrsa -out server-key.pem 40964.基于server-key.pem文件生成server.csr文件openssl req -subj "/CN=192.168.22.65" -sha256 -new -key server-key.pem -out server.csr注意：生成过程中Common Name填写主机IP：192.168.22.655.输出subjectAltName属性到extfile.cnf文件2选1echo subjectAltName = DNS:$HOST,IP:192.168.22.65,IP:127.0.0.1 extfile.cnfecho subjectAltName = IP:192.168.22.65,IP:0.0.0.0 extfile.cnf注意：TLS连接可以通过域名或IP建立，所以这里DNS:$HOST中的$HOST应填写你的域名。但我的需求是docker主机本机和客户端主机能够访问就可以了192.168.22.65为服务端ip6.输出extendedKeyUsage属性到extfile.cnf文件echo extendedKeyUsage = serverAuth extfile.cnf7.生成签名证书server-cert.pem文件openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf8.创建客户端私钥文件key.pemopenssl genrsa -out key.pem 40969.基于key.pem文件生成client.csr文件openssl req -subj '/CN=client' -new -key key.pem -out client.csr10.输出extendedKeyUsage属性到extfile-client.cnf文件echo extendedKeyUsage = clientAuth extfile-client.cnf11.生成签名证书cert.pem文件openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile-client.cnf12.删除两个csr文件和extfile文件rm -v client.csr server.csr extfile.cnf extfile-client.cnf13.修改**文件权限为只允许所有者读取chmod -v 0400 ca-key.pem key.pem server-key.pem14.修改证书文件权限为只读chmod -v 0444 ca.pem server-cert.pem cert.pem15.将CA证书、服务端证书、服务端**文件拷贝到/etc/docker目录cp -v ca.pem server-cert.pem server-key.pem /etc/docker16.配置/etc/docker/daemon.json文件{ "tlsverify": true, "tlscacert": "/etc/docker/ca.pem", "tlscert": "/etc/docker/server-cert.pem", "tlskey": "/etc/docker/server-key.pem", "hosts": ["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"], "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]}17.修改/lib/systemd/system/docker.service文件中的配置ExecStart = /usr/bin/dockerd最后重启dockersystemctl daemon-reload systemctl restart docker客户端将CA证书、客户端证书、客户端**文件拷贝到/root/.docker目录cp -v ca.pem cert.pem key.pem /root/.docker设置环境变变量export DOCKER_HOST=tcp://192.168.22.65:2376export DOCKER_TLS_VERIFY=1转载自：https://blog.csdn.net/wendrewshay/article/details/88255002?spm=1001.2014.3001.5502

一台vps的ip地址被服务商更换了，没有开密码登录vnc登录不了无法配置ip，于是有了这个文章开机在选择启动项的时候按e，由于是vnc操作，手速要快。1. 在linux16这一行最后（我的是utf-8结尾），添加init=/bin/sh2. 这时候按ctrl+x就可以进入sh界面了3. 修改ip配置4. 开启密码登录vim /etc/ssh/sshd_config #允许使用密码登录PasswordAuthentication yes#允许root认证登录PermitRootLogin yessystemctl restart sshd顺便记一下密钥生成ssh-kengenssh-copy-id -i .ssh/id_rsa.pub root@172.0.0.3转载：https://www.cnblogs.com/guangdelw/p/17138904.htmlhttps://www.cnblogs.com/lemon-le/p/11168609.html注意事项：centos下，单用户模式下是不可写的需要手动挂载一下mount -o remount,rw /有一些命令找不到 需要通过绝对路径访问基本都在/sbin下面，你可以试一下/sbin/ifconfig

proxy_pass https://news.shopify.com;提示：nginx[28410]: nginx: [emerg] host not found in upstream "news.shopify.com" in /etc/nginx/conf.d/tzj.conf:27后面改成这样可以，不知道原因。set $pass_url news.shopify.com;proxy_pass https://$pass_url;另外遇到一个登录root账户使用acme.sh颁发证书后，nginx无法读取证书文件的问题：nginx: [emerg] cannot load certificate "/etc/nginx/cert/vms.20210502.xyz_ecc/fullchain.cer": BIO_new_file() failed (SSL: error:02001...:system lib)尝试关闭selinux可以正常启动，在网上找到这样的说明If your chmod and chown is all correct on the file, this is probably because you copied a file into a folder - maybe home folder (say) - then mv'd the file into position for NGINX. SeLinux remembers the original file creation location and applies the rights wherever the file is mv'd to - to reset the SeLinux permissions to the current location/file permissions userestorecon filename确实如他所说，证书是从/root/.acme.sh/domain.xxx/下复制过来的，后面将selinux打开，对两个证书文件执行 restorecon filename 命令可以正常启动nginx引用：https://stackoverflow.com/a/66257354/12484653