基于 Dockerfile 構建鏡像

1.準備構建上下文

[root@host1 ~]# mkdir dockerfile-test && cd dockerfile-test
[root@host1 dockerfile-test]# touch nginx.repo
[root@host1 dockerfile-test]# touch Dockerfile
[root@host1 dockerfile-test]# vi nginx.repo
[root@host1 dockerfile-test]# cat nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/9Stream/$basearch/
gpgcheck=1  
enabled=1   
gpgkey=https://nginx.org/keys/nginx_signing.key[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/9Stream/$basearch/
gpgcheck=1
enabled=0  
gpgkey=https://nginx.org/keys/nginx_signing.key

2.編寫 Dockerfile

[root@host1 dockerfile-test]# vi Dockerfile
[root@host1 dockerfile-test]# cat Dockerfile# 1. 基礎鏡像：使用 CentOS Stream 9 官方鏡像（匹配目標源版本）
FROM centos/stream9:latest# 2. 維護者信息（可選，標注鏡像歸屬）
LABEL maintainer="your-name <your-email@example.com>" \os.version="CentOS-Stream-9-20250903.0" \nginx.repo.version="stable"# 3. 復制本地適配 Stream 9 的 nginx.repo 到容器 YUM 源目錄
# 路徑 /etc/yum.repos.d/ 是 CentOS Stream 9 標準 YUM 源目錄
COPY nginx.repo /etc/yum.repos.d/# 4. 安裝 Nginx（適配 Stream 9 的 YUM 操作）
RUN set -eux; \# 1. 導入 Nginx GPG 密鑰（避免 Stream 9 下校驗失敗）rpm --import https://nginx.org/keys/nginx_signing.key; \# 2. 清理舊緩存，生成新緩存（Stream 9 推薦用 dnf，兼容 yum）dnf clean all; \dnf makecache fast; \# 3. 安裝 Nginx（--setopt=tsflags=nodocs 減少鏡像體積，不安裝文檔）dnf install -y nginx --setopt=tsflags=nodocs; \# 4. 清理緩存（進一步減小鏡像體積）dnf clean all; \# 5. 確保 Nginx 運行目錄權限（Stream 9 下默認權限可能更嚴格）chown -R nginx:nginx /var/log/nginx /var/run/nginx; \chmod 755 /var/log/nginx /var/run/nginx# 5. 暴露 Nginx 默認端口（80/tcp，與配置一致）
EXPOSE 80/tcp# 6. 配置 Nginx 前臺運行（關鍵：避免容器啟動后立即退出）
# Stream 9 下 Nginx 二進制路徑與傳統 CentOS 一致，無需調整
CMD ["nginx", "-g", "daemon off;"]

3.使用 docker build 命令構建鏡像

注意：訪問不了外網改用本地部署

4.離線環境下基于 CentOS 構建 Nginx Docker 鏡像

1.本地 CentOS 基礎鏡像制作（核心：替代在線鏡像）

# 打包系統根目錄（排除動態目錄與設備文件，避免鏡像異常）
sudo tar -czf centos-local-rootfs.tar.gz \--exclude=/proc --exclude=/sys --exclude=/dev --exclude=/tmp --exclude=/var/tmp \/

# 導入打包文件為Docker基礎鏡像
sudo docker import centos-local-rootfs.tar.gz centos-local:base

[root@host1 ~]# sudo tar -czf centos-local-rootfs.tar.gz \--exclude=/proc --exclude=/sys --exclude=/dev --exclude=/tmp --exclude=/var/tmp \/
tar: 從成員名中刪除開頭的“/”
tar: /run/docker.sock: 忽略套接字(socket)
tar: /run/docker/metrics.sock: 忽略套接字(socket)
tar: /run/docker/libnetwork/1d7343f57de7.sock: 忽略套接字(socket)
tar: /run/containerd/s/9084af067cbc0fd363a366468af18f682023e35e8d8440d8ee65311f80a1febb: 忽略套接字(socket)
tar: /run/containerd/containerd.sock: 忽略套接字(socket)
tar: /run/containerd/containerd.sock.ttrpc: 忽略套接字(socket)
tar: /run/vmware/guestServicePipe: 忽略套接字(socket)
tar: /run/chrony/chronyd.sock: 忽略套接字(socket)
tar: /run/mcelog-client: 忽略套接字(socket)
tar: /run/irqbalance/irqbalance995.sock: 忽略套接字(socket)
tar: /run/.heim_org.h5l.kcm-socket: 忽略套接字(socket)
tar: /run/avahi-daemon/socket: 忽略套接字(socket)
tar: /run/setroubleshoot/setroubleshoot_server: 忽略套接字(socket)
tar: /run/lsm/ipc/simc: 忽略套接字(socket)
tar: /run/lsm/ipc/sim: 忽略套接字(socket)
tar: /run/cups/cups.sock: 忽略套接字(socket)
tar: /run/lvm/lvmpolld.socket: 忽略套接字(socket)
tar: /run/user/0/pipewire-0-manager: 忽略套接字(socket)
tar: /run/user/0/pipewire-0: 忽略套接字(socket)
tar: /run/user/0/bus: 忽略套接字(socket)
tar: /run/user/0/systemd/private: 忽略套接字(socket)
tar: /run/user/0/systemd/notify: 忽略套接字(socket)
tar: /run/user/0/systemd/inaccessible/sock: 忽略套接字(socket)
tar: /run/user/42/wayland-0: 忽略套接字(socket)
tar: /run/user/42/pipewire-0-manager: 忽略套接字(socket)
tar: /run/user/42/pipewire-0: 忽略套接字(socket)
tar: /run/user/42/pulse/native: 忽略套接字(socket)
tar: /run/user/42/bus: 忽略套接字(socket)
tar: /run/user/42/systemd/private: 忽略套接字(socket)
tar: /run/user/42/systemd/notify: 忽略套接字(socket)
tar: /run/user/42/systemd/inaccessible/sock: 忽略套接字(socket)
tar: /run/udev/control: 忽略套接字(socket)
tar: /run/dbus/system_bus_socket: 忽略套接字(socket)
tar: /run/systemd/coredump: 忽略套接字(socket)
tar: /run/systemd/private: 忽略套接字(socket)
tar: /run/systemd/journal/io.systemd.journal: 忽略套接字(socket)
tar: /run/systemd/journal/stdout: 忽略套接字(socket)
tar: /run/systemd/journal/socket: 忽略套接字(socket)
tar: /run/systemd/journal/dev-log: 忽略套接字(socket)
tar: /run/systemd/io.system.ManagedOOM: 忽略套接字(socket)
tar: /run/systemd/userdb/io.systemd.DynamicUser: 忽略套接字(socket)
tar: /run/systemd/notify: 忽略套接字(socket)
tar: /run/systemd/inaccessible/sock: 忽略套接字(socket)
tar: /root/centos-local-rootfs.tar.gz: 在我們讀入文件時文件發生了變化
tar: 從硬連接目標中刪除開頭的“/”
[root@host1 ~]# sudo docker import centos-local-rootfs.tar.gz centos-local:base
sha256:e34186ee4bfa2e4b483206b0c4f9c26b329a7d900c5bf090f151010076210e1b

????????驗證鏡像

[root@host1 ~]# docker images | grep centos-local
centos-local                                                                       base      e34186ee4bfa   12 seconds ago   6.43GB

2.Nginx 離線 RPM 包下載（依賴本地 YUM 源）

[root@host1 ~]# yum install -y yum-utils
上次元數據過期檢查：7:51:09 前，執行于 2025年09月10日 星期三 15時04分04秒。
軟件包 yum-utils-4.3.0-22.el9.noarch 已安裝。
依賴關系解決。
無需任何處理。
完畢！
[root@host1 ~]# yumdownloader --resolve --destdir=nginx-rpms nginx
上次元數據過期檢查：7:51:15 前，執行于 2025年09月10日 星期三 15時04分04秒。
(1/4): nginx-filesystem-1.20.1-24.el9.noarch.rpm                      26 kB/s | 9.3 kB     00:00    
(2/4): nginx-1.20.1-24.el9.x86_64.rpm                                 74 kB/s |  36 kB     00:00    
(3/4): nginx-core-1.20.1-24.el9.x86_64.rpm                           856 kB/s | 570 kB     00:00    
(4/4): centos-logos-httpd-90.8-3.el9.noarch.rpm                      1.3 MB/s | 1.5 MB     00:01

? ? ? ? 驗證

[root@host1 ~]# ls -l nginx-rpms/
總用量 2168
-rw-r--r--. 1 root root 1579851  9月 10 22:55 centos-logos-httpd-90.8-3.el9.noarch.rpm
-rw-r--r--. 1 root root   37053  9月 10 22:55 nginx-1.20.1-24.el9.x86_64.rpm
-rw-r--r--. 1 root root  583889  9月 10 22:55 nginx-core-1.20.1-24.el9.x86_64.rpm
-rw-r--r--. 1 root root    9479  9月 10 22:55 nginx-filesystem-1.20.1-24.el9.noarch.rpm

3.修正Dockerfile

FROM centos-local:base
LABEL maintainer="tester@abc.com"
# 復制離線RPM包到容器內
COPY ./nginx-rpms /tmp/nginx-rpms
# 離線安裝Nginx（禁用外網源+忽略GPG校驗）
RUN yum localinstall -y /tmp/nginx-rpms/*.rpm \--nogpgcheck \--disablerepo=* \  # 新增反斜杠，確保命令連續性&& yum clean all \&& rm -rf /tmp/nginx-rpms  # 清理RPM包，減小鏡像體積
# 自定義Nginx首頁內容
RUN echo "Hello! This is nginx server (offline build)" > /usr/share/nginx/html/index.html
# 暴露Nginx默認端口
EXPOSE 80
# 前臺啟動Nginx（避免容器退出）
CMD ["nginx", "-g", "daemon off;"]

4.鏡像構建與問題排查

[root@host1 dockerfile-test]# docker build -t centos-with-nginx:1.0 .
[+] Building 0.0s (6/8)                                                               docker:default=> [internal] load build definition from Dockerfile                                            0.0s=> => transferring dockerfile: 475B                                                            0.0s=> [internal] load metadata for docker.io/library/centos-local:base                            0.0s=> [internal] load .dockerignore                                                               0.0s=> => transferring context: 2B                                                                 0.0s=> [internal] load build context                                                               0.0s=> => transferring context: 2B                                                                 0.0s=> [1/4] FROM docker.io/library/centos-local:base                                              0.0s=> ERROR [2/4] COPY ./nginx-rpms /tmp/nginx-rpms                                               0.0s
------> [2/4] COPY ./nginx-rpms /tmp/nginx-rpms:
------
Dockerfile:5
--------------------3 |     LABEL maintainer="tester@abc.com"4 |     5 | >>> COPY ./nginx-rpms /tmp/nginx-rpms6 |     7 |     RUN yum localinstall -y /tmp/nginx-rpms/*.rpm \
--------------------
ERROR: failed to build: failed to solve: failed to compute cache key: failed to calculate checksum of ref af1a50fb-c1e8-4693-96ea-aea71e06623b::ox2260dtgoy01masgivj3hc3a: "/nginx-rpms": not found
[root@host1 dockerfile-test]# sudo find / -name "nginx-rpms" -type d
/root/nginx-rpms
[root@host1 dockerfile-test]# mv /root/nginx-rpms /root/dockerfile-test/
[root@host1 dockerfile-test]# cd /root/dockerfile-test
[root@host1 dockerfile-test]# ls -l
總用量 4
-rw-r--r--. 1 root root 376  9月 10 23:08 Dockerfile
drwxr-xr-x. 2 root root 184  9月 10 22:55 nginx-rpms
[root@host1 dockerfile-test]# docker build -t centos-with-nginx:1.0 .
[+] Building 1.8s (9/9) FINISHED                                                      docker:default=> [internal] load build definition from Dockerfile                                            0.0s=> => transferring dockerfile: 475B                                                            0.0s=> [internal] load metadata for docker.io/library/centos-local:base                            0.0s=> [internal] load .dockerignore                                                               0.0s=> => transferring context: 2B                                                                 0.0s=> [internal] load build context                                                               0.0s=> => transferring context: 2.21MB                                                             0.0s=> CACHED [1/4] FROM docker.io/library/centos-local:base                                       0.0s=> [2/4] COPY ./nginx-rpms /tmp/nginx-rpms                                                     0.0s=> [3/4] RUN yum localinstall -y /tmp/nginx-rpms/*.rpm     --nogpgcheck     --disablerepo=*    1.4s=> [4/4] RUN echo "Hello! This is nginx server (offline build)" > /usr/share/nginx/html/index  0.2s=> exporting to image                                                                          0.2s => => exporting layers                                                                         0.2s => => writing image sha256:7c5315069664141b331877afb32716dc6f0a9918731e8717a449ff564560fc20    0.0s => => naming to docker.io/library/centos-with-nginx:1.0

5.鏡像功能驗證

[root@host1 dockerfile-test]# docker images | grep centos-with-nginx                                 
centos-with-nginx                                                                  1.0       7c5315069664   6 minutes ago    6.54GB
[root@host1 dockerfile-test]# docker run -d -p 8080:80 --name test-nginx centos-with-nginx:1.0
7ecac05c7dac295bd2d80a68dd540ae8cf7b19174609dfb614c11722b525e7a4
[root@host1 dockerfile-test]# docker ps | grep test-nginx
7ecac05c7dac   centos-with-nginx:1.0   "nginx -g 'daemon of…"   11 seconds ago   Up 11 seconds   0.0.
0.0:8080->80/tcp, [::]:8080->80/tcp       test-nginx
[root@host1 dockerfile-test]# curl http://localhost:8080
Hello! This is nginx server (offline build)