diff --git a/docs/src/docker/install-binary.md b/docs/src/docker/install-binary.md index b42aa41..f7cb599 100644 --- a/docs/src/docker/install-binary.md +++ b/docs/src/docker/install-binary.md @@ -1,6 +1,6 @@ # 用二进制文件安装Docker -> wandoubaba / 2024-11-04 +> wandoubaba / 2024-11-08 ## 说明 @@ -47,7 +47,7 @@ cp docker/* /usr/local/bin/ #### containerd.service ```sh -vim /usr/lib/systemd/system/containerd.service +vim /etc/systemd/system/containerd.service ``` 内容如下: @@ -84,7 +84,7 @@ WantedBy=multi-user.target #### docker.service ```sh -vim /usr/lib/systemd/system/docker.service +vim /etc/systemd/system/docker.service ``` 内容 @@ -97,10 +97,31 @@ After=network.target containerd.service Wants=containerd.service [Service] +# 启动 Docker 之前尝试加载overlay模块 +ExecStartPre=-/sbin/modprobe overlay ExecStart=/usr/local/bin/dockerd +# 服务类型 +Type=notify +# 允许 Docker 处理自己的 cgroup +Delegate=yes +# 结束方式 +KillMode=process +# 总是重启 Docker,以确保它在崩溃时自动重启 Restart=always +# 重启间隔 RestartSec=5 +# 此项用于定义 Docker 进程可以创建的最大进程数 +LimitNPROC=infinity +# 核心转储限制 +LimitCORE=infinity +# 打开的文件描述符限制 +LimitNOFILE=1048576 # 可以设置为更高的值以支持更多的并发连接 +# 最大任务数限制 +TasksMax=infinity +# OOM得分调整 +OOMScoreAdjust=-999 + [Install] WantedBy=multi-user.target ``` @@ -135,8 +156,32 @@ docker buildx install ### 配置网络 ```sh -modprobe br_netfilter +echo "br_netfilter" | sudo tee /etc/modules-load.d/br_netfilter.conf bash -c 'echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1" > /etc/sysctl.d/bridge.conf && modprobe br_netfilter' +vim /etc/systemd/system/sysctl-bridge.service +``` + +sysctl-bridge.service的文件内容: + +```sh +[Unit] +Description=Apply sysctl settings for bridge netfilter +Before=docker.service +WantedBy=multi-user.target + +[Service] +Type=oneshot +ExecStart=/sbin/sysctl -p /etc/sysctl.d/bridge.conf +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +``` + +让配置生效: + +```sh +systemctl enable --now sysctl-bridge.service sysctl -p /etc/sysctl.d/bridge.conf systemctl restart docker ```