主题
局域网综合服务部署 - Docker版操作指南
📋 环境准备
系统要求
- 操作系统: CentOS 7.x 或 8.x / Ubuntu 18.04+
- CPU: 4核心或以上
- 内存: 8GB或以上
- 硬盘: 256GB SSD + 1TB HDD
- 网络: 千兆网卡
初始配置
1. 配置静态IP地址
bash
# 编辑网络配置文件 (CentOS)
sudo vim /etc/sysconfig/network-scripts/ifcfg-ens33
# 配置内容如下(根据实际网卡名称调整)
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DNS2=8.8.8.8
# 重启网络服务
sudo systemctl restart network
# 验证IP地址
ip addr show
ping 192.168.1.1
ping 8.8.8.81
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2. 配置主机名
bash
# 设置主机名
sudo hostnamectl set-hostname server.lan.local
# 编辑hosts文件
sudo vim /etc/hosts
# 添加以下内容
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.100 server.lan.local server ns mail www ftp dhcp
# 验证主机名
hostname1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
3. 更新系统
bash
# 更新系统软件包
sudo yum update -y
# 安装基础工具
sudo yum install -y vim wget curl net-tools git tree htop
# 关闭SELinux(临时关闭,生产环境建议配置SELinux)
sudo setenforce 0
sudo vim /etc/selinux/config
# 将SELINUX=enforcing改为SELINUX=disabled1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
4. 配置防火墙
bash
# 启动防火墙
sudo systemctl start firewalld
sudo systemctl enable firewalld
# 允许SSH服务
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
# 查看防火墙状态
sudo firewall-cmd --list-all1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
🐳 第一步:安装Docker
1.1 安装Docker CE
CentOS系统
bash
# 卸载旧版本
sudo yum remove docker docker-client docker-client-latest docker-common \
docker-latest docker-latest-logrotate docker-logrotate docker-engine
# 安装依赖
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 添加Docker仓库
sudo yum-config-manager --add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# 安装Docker CE
sudo yum install -y docker-ce docker-ce-cli containerd.io
# 启动Docker
sudo systemctl start docker
sudo systemctl enable docker
# 验证安装
sudo docker version
sudo docker info1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Ubuntu系统
bash
# 更新软件包索引
sudo apt-get update
# 安装依赖
sudo apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg \
lsb-release
# 添加Docker官方GPG密钥
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# 添加Docker仓库
echo \
"deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# 安装Docker CE
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
# 启动Docker
sudo systemctl start docker
sudo systemctl enable docker
# 验证安装
sudo docker version1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
1.2 配置Docker
bash
# 配置Docker镜像加速(可选)
sudo mkdir -p /etc/docker
sudo vim /etc/docker/daemon.json
# 添加以下内容
{
"registry-mirrors": [
"https://hub-mirror.c.163.com",
"https://mirror.ccs.tencentyun.com"
],
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"storage-driver": "overlay2"
}
# 重启Docker
sudo systemctl daemon-reload
sudo systemctl restart docker
# 将当前用户添加到docker组(可选,避免使用sudo)
sudo usermod -aG docker $USER
# 重新登录生效1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
1.3 安装Docker Compose
bash
# 下载Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/v2.20.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 添加执行权限
sudo chmod +x /usr/local/bin/docker-compose
# 验证安装
docker-compose --version
# 或者使用pip安装
# sudo yum install -y python3-pip
# sudo pip3 install docker-compose1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
1.4 配置防火墙
bash
# 配置Docker使用firewalld
sudo firewall-cmd --permanent --zone=trusted --add-interface=docker0
sudo firewall-cmd --reload
# 开放Docker端口(如果需要远程访问)
sudo firewall-cmd --permanent --add-port=2375/tcp
sudo firewall-cmd --reload
# 查看防火墙规则
sudo firewall-cmd --list-all1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
📁 第二步:创建项目目录
2.1 创建目录结构
bash
# 创建项目根目录
mkdir -p ~/lan-services-docker
cd ~/lan-services-docker
# 创建目录结构
mkdir -p configs/{dns,dhcp,mail,dovecot,nginx,ftp}
mkdir -p data/{dns,mail,web,ftp}
mkdir -p ssl
mkdir -p logs/{mail,web,ftp}1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
2.2 验证目录结构
bash
# 查看目录结构
tree ~/lan-services-docker -L 2
# 应该看到以下结构
lan-services-docker/
├── configs/
│ ├── dhcp/
│ ├── dns/
│ ├── dovecot/
│ ├── ftp/
│ ├── mail/
│ └── nginx/
├── data/
│ ├── dns/
│ ├── ftp/
│ ├── mail/
│ └── web/
├── logs/
│ ├── ftp/
│ ├── mail/
│ └── web/
└── ssl/1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
🌐 第三步:部署DNS服务
3.1 创建DNS配置文件
bash
# 创建BIND9配置
vim configs/dns/named.conf1
2
2
配置内容:
conf
options {
listen-on port 53 { 192.168.1.100; 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
forwarders {
8.8.8.8;
8.8.4.4;
};
recursion yes;
dnssec-enable no;
dnssec-validation no;
};
zone "." IN {
type hint;
file "named.ca";
};
zone "lan.local" IN {
type master;
file "lan.local.zone";
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "1.168.192.rev";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
3.2 创建正向解析区域文件
bash
# 创建区域文件
vim configs/dns/lan.local.zone1
2
2
文件内容:
$TTL 86400
@ IN SOA ns.lan.local. admin.lan.local. (
2025010801 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Minimum
IN NS ns.lan.local.
IN MX 10 mail.lan.local.
ns IN A 192.168.1.100
server IN A 192.168.1.100
mail IN A 192.168.1.100
www IN A 192.168.1.100
ftp IN A 192.168.1.100
dhcp IN A 192.168.1.1001
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
3.3 创建反向解析区域文件
bash
# 创建反向解析文件
vim configs/dns/1.168.192.rev1
2
2
文件内容:
$TTL 86400
@ IN SOA ns.lan.local. admin.lan.local. (
2025010801 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ) ; Minimum
IN NS ns.lan.local.
100 IN PTR server.lan.local.
100 IN PTR ns.lan.local.
100 IN PTR mail.lan.local.
100 IN PTR www.lan.local.
100 IN PTR ftp.lan.local.
100 IN PTR dhcp.lan.local.1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
3.4 创建Docker Compose配置
bash
# 创建docker-compose.yml文件
vim docker-compose.yml1
2
2
添加DNS服务配置:
yaml
version: '3.8'
services:
dns:
image: ubuntu/bind9:latest
container_name: lan-dns
hostname: ns.lan.local
restart: unless-stopped
network_mode: host
ports:
- "53:53/tcp"
- "53:53/udp"
volumes:
- ./configs/dns/named.conf:/etc/bind/named.conf:ro
- ./configs/dns/lan.local.zone:/var/named/lan.local.zone:ro
- ./configs/dns/1.168.192.rev:/var/named/1.168.192.rev:ro
- ./data/dns:/var/named/data
healthcheck:
test: ["CMD", "nslookup", "www.lan.local", "localhost"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
3.5 启动DNS容器
bash
# 拉取镜像
docker pull ubuntu/bind9:latest
# 启动DNS容器
docker-compose up -d dns
# 查看容器状态
docker-compose ps
# 查看容器日志
docker-compose logs -f dns
# 进入容器测试
docker-compose exec dns nslookup www.lan.local 192.168.1.1001
2
3
4
5
6
7
8
9
10
11
12
13
14
2
3
4
5
6
7
8
9
10
11
12
13
14
3.6 测试DNS服务
bash
# 测试正向解析
nslookup www.lan.local 192.168.1.100
nslookup mail.lan.local 192.168.1.100
nslookup ftp.lan.local 192.168.1.100
# 测试反向解析
nslookup 192.168.1.100 192.168.1.100
# 测试MX记录
nslookup -type=mx lan.local 192.168.1.100
# 修改本机DNS为本地DNS服务器
sudo vim /etc/resolv.conf
# 添加: nameserver 192.168.1.100
# 再次测试
ping www.lan.local1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
📡 第四步:部署DHCP服务
4.1 创建DHCP配置文件
bash
# 创建DHCP配置
vim configs/dhcp/dhcpd.conf1
2
2
配置内容:
conf
# 全局配置
option domain-name "lan.local";
option domain-name-servers 192.168.1.100;
default-lease-time 600;
max-lease-time 7200;
authoritative;
# 网络配置
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.150 192.168.1.200;
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.100;
# 固定IP分配示例(可选)
host client1 {
hardware ethernet 00:11:22:33:44:55;
fixed-address 192.168.1.151;
}
}
# 日志配置
log-facility local7;1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
4.2 更新Docker Compose配置
bash
# 编辑docker-compose.yml
vim docker-compose.yml1
2
2
添加DHCP服务配置:
yaml
dhcp:
image: joebi/docker-dhcp:latest
container_name: lan-dhcp
hostname: dhcp.lan.local
restart: unless-stopped
network_mode: host
privileged: true
volumes:
- ./configs/dhcp/dhcpd.conf:/etc/dhcp/dhcpd.conf:ro
- ./data/dhcp:/var/lib/dhcp
healthcheck:
test: ["CMD", "pgrep", "dhcpd"]
interval: 30s
timeout: 10s
retries: 31
2
3
4
5
6
7
8
9
10
11
12
13
14
15
2
3
4
5
6
7
8
9
10
11
12
13
14
15
4.3 启动DHCP容器
bash
# 拉取镜像
docker pull joebi/docker-dhcp:latest
# 启动DHCP容器
docker-compose up -d dhcp
# 查看容器状态
docker-compose ps
# 查看容器日志
docker-compose logs -f dhcp
# 进入容器查看租约
docker-compose exec dhcp cat /var/lib/dhcp/dhcpd.leases1
2
3
4
5
6
7
8
9
10
11
12
13
14
2
3
4
5
6
7
8
9
10
11
12
13
14
4.4 测试DHCP服务
bash
# 方法1:使用另一台电脑测试
# 断开网络连接,重新连接,看是否获取到IP地址
# 方法2:查看DHCP日志
docker-compose logs dhcp
# 方法3:查看租约文件
docker-compose exec dhcp cat /var/lib/dhcp/dhcpd.leases1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
📧 第五步:部署邮件服务
5.1 创建SSL证书
bash
# 生成自签名证书
openssl req -new -x509 -days 365 -nodes \
-out ssl/mail.pem \
-keyout ssl/mail-key.pem
# 设置权限
chmod 600 ssl/mail-key.pem
chmod 644 ssl/mail.pem
# 合并证书(某些邮件服务器需要)
cat ssl/mail.pem ssl/mail-key.pem > ssl/mail-full.pem1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
5.2 创建邮件配置文件
bash
# 创建Postfix配置
vim configs/mail/main.cf1
2
2
配置内容:
conf
# 基本配置
myhostname = mail.lan.local
mydomain = lan.local
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
# 邮箱配置
home_mailbox = Maildir/
mailbox_command =
# 网络配置
mynetworks = 192.168.1.0/24, 127.0.0.0/8
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# SMTP认证
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
# TLS加密
smtpd_tls_cert_file = /etc/ssl/mail.pem
smtpd_tls_key_file = /etc/ssl/mail-key.pem
smtpd_use_tls = yes1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
5.3 创建Dovecot配置
bash
# 创建Dovecot主配置
vim configs/dovecot/dovecot.conf1
2
2
配置内容:
conf
protocols = imap pop3
listen = *
base_dir = /var/run/dovecot/
instance_name = dovecot
# 启用认证
auth_mechanisms = plain login
# 日志
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
bash
# 创建Dovecot邮件存储配置
vim configs/dovecot/10-mail.conf1
2
2
配置内容:
conf
mail_location = maildir:~/Maildir
mail_privileged_group = mail1
2
2
bash
# 创建Dovecot认证配置
vim configs/dovecot/10-auth.conf1
2
2
配置内容:
conf
disable_plaintext_auth = no
auth_mechanisms = plain login1
2
2
bash
# 创建Dovecot SSL配置
vim configs/dovecot/10-ssl.conf1
2
2
配置内容:
conf
ssl = yes
ssl_cert = </etc/ssl/mail.pem
ssl_key = </etc/ssl/mail-key.pem1
2
3
2
3
bash
# 创建Dovecot Master认证配置
vim configs/dovecot/10-master.conf1
2
2
配置内容:
conf
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
unix_listener auth-userdb {
mode = 0600
user = postfix
group = postfix
}1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
5.4 更新Docker Compose配置
bash
# 编辑docker-compose.yml
vim docker-compose.yml1
2
2
添加邮件服务配置:
yaml
mail:
image: tecnativa/postfix:latest
container_name: lan-mail
hostname: mail.lan.local
restart: unless-stopped
network_mode: host
ports:
- "25:25"
- "587:587"
volumes:
- ./configs/mail/main.cf:/etc/postfix/main.cf:ro
- ./data/mail:/var/mail
- ./ssl:/etc/ssl:ro
- ./logs/mail:/var/log/postfix
environment:
- TZ=Asia/Shanghai
- SMTP_HOST=mail.lan.local
- SMTP_PORT=25
depends_on:
- dns
healthcheck:
test: ["CMD", "nc", "-z", "localhost", "25"]
interval: 30s
timeout: 10s
retries: 31
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
yaml
dovecot:
image: dovecot/dovecot:latest
container_name: lan-dovecot
hostname: mail.lan.local
restart: unless-stopped
network_mode: host
ports:
- "143:143"
- "993:993"
volumes:
- ./configs/dovecot/dovecot.conf:/etc/dovecot/dovecot.conf:ro
- ./configs/dovecot/10-mail.conf:/etc/dovecot/conf.d/10-mail.conf:ro
- ./configs/dovecot/10-auth.conf:/etc/dovecot/conf.d/10-auth.conf:ro
- ./configs/dovecot/10-ssl.conf:/etc/dovecot/conf.d/10-ssl.conf:ro
- ./configs/dovecot/10-master.conf:/etc/dovecot/conf.d/10-master.conf:ro
- ./data/mail:/var/mail
- ./ssl:/etc/ssl:ro
- ./logs/mail:/var/log/dovecot
environment:
- TZ=Asia/Shanghai
depends_on:
- mail
healthcheck:
test: ["CMD", "nc", "-z", "localhost", "143"]
interval: 30s
timeout: 10s
retries: 31
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
5.5 启动邮件容器
bash
# 拉取镜像
docker pull tecnativa/postfix:latest
docker pull dovecot/dovecot:latest
# 启动邮件容器
docker-compose up -d mail dovecot
# 查看容器状态
docker-compose ps
# 查看容器日志
docker-compose logs -f mail
docker-compose logs -f dovecot1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
5.6 创建测试用户
bash
# 创建系统用户
sudo useradd -m -s /bin/bash user1
sudo useradd -m -s /bin/bash user2
# 设置密码
sudo passwd user1
sudo passwd user2
# 将用户添加到mail组(如果需要)
sudo usermod -aG mail user1
sudo usermod -aG mail user21
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
5.7 测试邮件服务
bash
# 测试SMTP连接
telnet localhost 25
# 输入以下命令:
# ehlo localhost
# mail from: user1@lan.local
# rcpt to: user2@lan.local
# data
# Subject: Test
#
# This is a test email.
# .
# quit
# 测试IMAP连接
telnet localhost 143
# 输入以下命令:
# a1 login user1 password
# a2 list "" *
# a3 select INBOX
# a4 logout
# 发送测试邮件
echo "This is a test email" | mail -s "Test Subject" user1@lan.local1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
🌐 第六步:部署网页服务
6.1 创建Nginx配置
bash
# 创建Nginx主配置
vim configs/nginx/nginx.conf1
2
2
配置内容:
conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/conf.d/*.conf;
}1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
bash
# 创建网站配置
vim configs/nginx/default.conf1
2
2
配置内容:
conf
server {
listen 80;
server_name www.lan.local;
root /var/www/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
6.2 创建测试网页
bash
# 创建测试页面
vim data/web/index.html1
2
2
页面内容:
html
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>局域网综合服务平台 - Docker版</title>
<style>
body {
font-family: Arial, sans-serif;
max-width: 1200px;
margin: 0 auto;
padding: 20px;
background-color: #f5f5f5;
}
.container {
background: white;
padding: 30px;
border-radius: 10px;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
}
h1 {
color: #333;
text-align: center;
}
.services {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));
gap: 20px;
margin-top: 30px;
}
.service {
background: #f8f9fa;
padding: 20px;
border-radius: 8px;
border-left: 4px solid #007bff;
}
.service h3 {
color: #007bff;
margin-top: 0;
}
.status {
display: inline-block;
padding: 5px 10px;
background: #28a745;
color: white;
border-radius: 20px;
font-size: 12px;
}
.docker-badge {
background: #0db7ed;
color: white;
padding: 5px 10px;
border-radius: 5px;
font-size: 12px;
margin-left: 10px;
}
</style>
</head>
<body>
<div class="container">
<h1>🌐 局域网综合服务平台 <span class="docker-badge">Docker</span></h1>
<p>欢迎访问局域网综合服务系统!本服务器提供以下服务:</p>
<div class="services">
<div class="service">
<h3>📧 邮件服务</h3>
<p>地址: mail.lan.local</p>
<p>SMTP: 25, 587</p>
<p>IMAP: 143, 993</p>
<p>容器: lan-mail, lan-dovecot</p>
<span class="status">运行中</span>
</div>
<div class="service">
<h3>🌐 网页服务</h3>
<p>地址: www.lan.local</p>
<p>HTTP: 80</p>
<p>HTTPS: 443</p>
<p>容器: lan-web</p>
<span class="status">运行中</span>
</div>
<div class="service">
<h3>📁 FTP服务</h3>
<p>地址: ftp.lan.local</p>
<p>端口: 21</p>
<p>被动: 30000-30009</p>
<p>容器: lan-ftp</p>
<span class="status">运行中</span>
</div>
<div class="service">
<h3>🌍 DNS服务</h3>
<p>地址: ns.lan.local</p>
<p>端口: 53</p>
<p>域名解析</p>
<p>容器: lan-dns</p>
<span class="status">运行中</span>
</div>
<div class="service">
<h3>📡 DHCP服务</h3>
<p>地址: dhcp.lan.local</p>
<p>IP分配: 192.168.1.150-200</p>
<p>动态配置</p>
<p>容器: lan-dhcp</p>
<span class="status">运行中</span>
</div>
</div>
<div style="margin-top: 30px; text-align: center; color: #666;">
<p>服务器信息: 192.168.1.100 | CentOS Linux | Docker部署</p>
</div>
</div>
</body>
</html>1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
6.3 更新Docker Compose配置
bash
# 编辑docker-compose.yml
vim docker-compose.yml1
2
2
添加Web服务配置:
yaml
web:
image: nginx:latest
container_name: lan-web
hostname: www.lan.local
restart: unless-stopped
network_mode: host
ports:
- "80:80"
- "443:443"
volumes:
- ./configs/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./configs/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
- ./data/web:/var/www/html:ro
- ./logs/web:/var/log/nginx
environment:
- TZ=Asia/Shanghai
depends_on:
- dns
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/"]
interval: 30s
timeout: 10s
retries: 31
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
6.4 启动Web容器
bash
# 拉取镜像
docker pull nginx:latest
# 启动Web容器
docker-compose up -d web
# 查看容器状态
docker-compose ps
# 查看容器日志
docker-compose logs -f web1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
6.5 测试网页服务
bash
# 本地测试
curl http://localhost
curl http://192.168.1.100
curl http://www.lan.local
# 客户端测试
# 在客户端浏览器访问:http://www.lan.local
# 检查服务
docker-compose exec web nginx -t1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
📁 第七步:部署FTP服务
7.1 创建FTP配置
bash
# 创建vsftpd配置
vim configs/ftp/vsftpd.conf1
2
2
配置内容:
conf
# 禁止匿名用户
anonymous_enable=NO
# 允许本地用户
local_enable=YES
# 允许写入
write_enable=YES
# 本地用户umask
local_umask=022
# 开启目录消息
dirmessage_enable=YES
# 开启上传下载日志
xferlog_enable=YES
# 标准日志格式
xferlog_std_format=YES
# 数据端口20
connect_from_port_20=YES
# 监听IPv4
listen=YES
listen_ipv6=NO
# PAM认证
pam_service_name=vsftpd
# 用户列表
userlist_enable=YES
userlist_deny=NO
# 被动模式配置
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30009
pasv_address=192.168.1.100
# 限制用户在主目录
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
# 允许写操作
allow_writeable_chroot=YES
# 本地用户时区
use_localtime=YES
# 端口
listen_port=211
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
7.2 创建FTP用户
bash
# 创建FTP用户目录
sudo mkdir -p ~/lan-services-docker/data/ftp/home/ftpuser
sudo mkdir -p ~/lan-services-docker/data/ftp/home/ftpuser/upload
sudo mkdir -p ~/lan-services-docker/data/ftp/home/ftpuser/download
# 创建测试文件
echo "FTP测试文件" | sudo tee ~/lan-services-docker/data/ftp/home/ftpuser/download/test.txt
# 创建系统用户(容器外)
sudo useradd -d /home/ftpuser -s /sbin/nologin ftpuser
sudo passwd ftpuser
# 创建用户列表文件
touch configs/ftp/user_list
echo "ftpuser" > configs/ftp/user_list
# 创建chroot列表
touch configs/ftp/chroot_list1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
7.3 更新Docker Compose配置
bash
# 编辑docker-compose.yml
vim docker-compose.yml1
2
2
添加FTP服务配置:
yaml
ftp:
image: fauria/vsftpd:latest
container_name: lan-ftp
hostname: ftp.lan.local
restart: unless-stopped
network_mode: host
ports:
- "21:21"
- "30000-30009:30000-30009"
volumes:
- ./configs/ftp/vsftpd.conf:/etc/vsftpd/vsftpd.conf:ro
- ./configs/ftp/user_list:/etc/vsftpd/user_list:ro
- ./configs/ftp/chroot_list:/etc/vsftpd/chroot_list:ro
- ./data/ftp/home:/home/vsftpd
- ./logs/ftp:/var/log/vsftpd
environment:
- FTP_USER=ftpuser
- FTP_PASS=yourpassword
- PASV_ADDRESS=192.168.1.100
- PASV_MIN_PORT=30000
- PASV_MAX_PORT=30009
- TZ=Asia/Shanghai
depends_on:
- dns
healthcheck:
test: ["CMD", "nc", "-z", "localhost", "21"]
interval: 30s
timeout: 10s
retries: 31
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
7.4 启动FTP容器
bash
# 拉取镜像
docker pull fauria/vsftpd:latest
# 启动FTP容器
docker-compose up -d ftp
# 查看容器状态
docker-compose ps
# 查看容器日志
docker-compose logs -f ftp1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
7.5 测试FTP服务
bash
# 使用命令行测试
ftp localhost
# 输入用户名: ftpuser
# 输入密码
# 测试命令:
# ls - 查看文件
# cd upload - 进入目录
# put test.txt - 上传文件
# get test.txt - 下载文件
# bye - 退出
# 使用lftp测试
sudo yum install -y lftp
lftp -u ftpuser ftp.lan.local
# 检查服务
docker-compose exec ftp ps aux1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
🔍 第八步:综合测试
8.1 检查所有容器状态
bash
# 查看所有容器状态
docker-compose ps
# 查看容器详细信息
docker-compose ps -a
# 查看容器资源使用
docker stats
# 查看容器网络
docker network ls1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
8.2 创建服务检查脚本
bash
# 创建检查脚本
vim ~/lan-services-docker/check_services.sh1
2
2
脚本内容:
bash
#!/bin/bash
echo "========================================="
echo " 局域网综合服务状态检查 - Docker版"
echo "========================================="
echo ""
# 检查DNS服务
echo "1. DNS服务 (lan-dns):"
if docker-compose ps dns | grep -q "Up"; then
echo " ✓ 运行中"
docker-compose logs --tail=5 dns
else
echo " ✗ 未运行"
fi
echo ""
# 检查DHCP服务
echo "2. DHCP服务 (lan-dhcp):"
if docker-compose ps dhcp | grep -q "Up"; then
echo " ✓ 运行中"
docker-compose logs --tail=5 dhcp
else
echo " ✗ 未运行"
fi
echo ""
# 检查邮件服务
echo "3. 邮件服务 (lan-mail):"
if docker-compose ps mail | grep -q "Up"; then
echo " ✓ 运行中"
docker-compose logs --tail=5 mail
else
echo " ✗ 未运行"
fi
echo ""
echo "4. 邮件服务 (lan-dovecot):"
if docker-compose ps dovecot | grep -q "Up"; then
echo " ✓ 运行中"
docker-compose logs --tail=5 dovecot
else
echo " ✗ 未运行"
fi
echo ""
# 检查网页服务
echo "5. 网页服务 (lan-web):"
if docker-compose ps web | grep -q "Up"; then
echo " ✓ 运行中"
docker-compose logs --tail=5 web
else
echo " ✗ 未运行"
fi
echo ""
# 检查FTP服务
echo "6. FTP服务 (lan-ftp):"
if docker-compose ps ftp | grep -q "Up"; then
echo " ✓ 运行中"
docker-compose logs --tail=5 ftp
else
echo " ✗ 未运行"
fi
echo ""
# 检查网络连接
echo "7. 网络连接:"
echo " IP地址: $(ip addr show | grep 192.168.1.100 | awk '{print $2}')"
echo " 网关: $(ip route | grep default | awk '{print $3}')"
echo ""
# 检查DNS解析
echo "8. DNS解析测试:"
nslookup www.lan.local 192.168.1.100 | grep -A 1 "Name:"
echo ""
echo "========================================="
echo " 检查完成"
echo "========================================="1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
设置执行权限:
bash
chmod +x ~/lan-services-docker/check_services.sh
# 运行检查
cd ~/lan-services-docker
./check_services.sh1
2
3
4
5
2
3
4
5
8.3 端口测试
bash
# 检查所有服务端口
netstat -tlnp | grep -E '53|67|25|143|80|21'
# 使用nc测试端口
nc -zv 192.168.1.100 53
nc -zv 192.168.1.100 25
nc -zv 192.168.1.100 80
nc -zv 192.168.1.100 211
2
3
4
5
6
7
8
2
3
4
5
6
7
8
8.4 域名解析测试
bash
# 测试所有域名
for domain in www.lan.local mail.lan.local ftp.lan.local ns.lan.local; do
echo "测试: $domain"
nslookup $domain 192.168.1.100
echo ""
done1
2
3
4
5
6
2
3
4
5
6
8.5 服务功能测试
bash
# 测试DNS
docker-compose exec dns nslookup www.lan.local
# 测试网页
curl -I http://www.lan.local
# 测试FTP
lftp -u ftpuser -e "ls; bye" ftp.lan.local
# 测试邮件
echo "测试邮件" | mail -s "测试" user1@lan.local1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
📊 第九步:监控与日志
9.1 查看容器日志
bash
# 查看所有容器日志
docker-compose logs
# 查看特定容器日志
docker-compose logs dns
docker-compose logs mail
docker-compose logs web
# 实时查看日志
docker-compose logs -f dns
# 查看最近100行日志
docker-compose logs --tail=100 dns1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
9.2 容器资源监控
bash
# 实时监控资源使用
docker stats
# 查看容器详细信息
docker inspect lan-dns
# 查看容器进程
docker-compose exec dns ps aux1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
9.3 数据卷管理
bash
# 查看所有数据卷
docker volume ls
# 查看数据卷详细信息
docker volume inspect lan-services-docker_dns-data
# 备份数据卷
docker run --rm -v lan-services-docker_mail-data:/data -v $(pwd):/backup ubuntu tar czf /backup/mail-data-backup.tar.gz /data
# 恢复数据卷
docker run --rm -v lan-services-docker_mail-data:/data -v $(pwd):/backup ubuntu tar xzf /backup/mail-data-backup.tar.gz -C /1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
🛠️ 第十步:维护与管理
10.1 容器管理命令
bash
# 启动所有服务
cd ~/lan-services-docker
docker-compose up -d
# 启动特定服务
docker-compose up -d dns
# 停止所有服务
docker-compose stop
# 停止特定服务
docker-compose stop dns
# 重启所有服务
docker-compose restart
# 重启特定服务
docker-compose restart dns
# 删除所有容器
docker-compose down
# 删除容器和数据卷
docker-compose down -v
# 查看服务状态
docker-compose ps1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
10.2 更新镜像
bash
# 拉取最新镜像
docker-compose pull
# 重新创建并启动容器
docker-compose up -d --force-recreate
# 更新特定服务
docker-compose pull dns
docker-compose up -d --force-recreate dns1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
10.3 备份配置文件
bash
# 创建备份目录
mkdir -p ~/lan-services-docker/backup
# 备份配置文件
cd ~/lan-services-docker
tar czf backup/configs-backup-$(date +%Y%m%d).tar.gz configs/
# 备份数据
tar czf backup/data-backup-$(date +%Y%m%d).tar.gz data/
# 备份docker-compose.yml
cp docker-compose.yml backup/1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
10.4 用户管理
bash
# 添加邮件用户
sudo useradd -m -s /bin/bash newuser
sudo passwd newuser
# 添加FTP用户
sudo useradd -d /home/newftp -s /sbin/nologin newftp
sudo passwd newftp
sudo mkdir -p data/ftp/home/newftp/{upload,download}
sudo chown -R newftp:newftp data/ftp/home/newftp
# 删除用户
sudo userdel -r olduser1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
❓ 常见问题排查
问题1: DNS无法解析
bash
# 检查DNS容器状态
docker-compose ps dns
# 查看DNS日志
docker-compose logs dns
# 检查DNS配置
docker-compose exec dns named-checkconf /etc/bind/named.conf
docker-compose exec dns named-checkzone lan.local /var/named/lan.local.zone
# 测试DNS
nslookup www.lan.local 192.168.1.100
dig www.lan.local @192.168.1.1001
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
问题2: DHCP无法分配IP
bash
# 检查DHCP容器状态
docker-compose ps dhcp
# 查看DHCP日志
docker-compose logs dhcp
# 查看租约文件
docker-compose exec dhcp cat /var/lib/dhcp/dhcpd.leases
# 检查网络接口
docker-compose exec dhcp ip addr show1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
问题3: 邮件无法发送
bash
# 检查邮件容器状态
docker-compose ps mail dovecot
# 查看邮件日志
docker-compose logs mail
docker-compose logs dovecot
# 测试SMTP连接
telnet localhost 25
# 检查邮件存储
ls -la /var/mail/1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
问题4: 网页无法访问
bash
# 检查Web容器状态
docker-compose ps web
# 查看Web日志
docker-compose logs web
# 测试本地访问
curl http://localhost
# 检查Nginx配置
docker-compose exec web nginx -t1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
问题5: FTP无法连接
bash
# 检查FTP容器状态
docker-compose ps ftp
# 查看FTP日志
docker-compose logs ftp
# 测试FTP连接
ftp localhost
# 检查用户权限
id ftpuser
ls -la data/ftp/home/1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
问题6: 容器无法启动
bash
# 查看详细错误信息
docker-compose logs
# 检查Docker状态
sudo systemctl status docker
# 查看容器详细信息
docker inspect lan-dns
# 重新创建容器
docker-compose down
docker-compose up -d1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
📚 学习总结
完成本项目后,您已掌握:
Docker容器化技术
- Docker核心概念和架构
- 镜像、容器、卷、网络管理
- Docker Compose编排
容器化服务部署
- DNS、DHCP、邮件、FTP、Web服务容器化
- 容器间网络和存储配置
- 服务依赖管理
容器运维管理
- 容器监控和日志
- 备份和恢复
- 故障排查
现代部署实践
- 容器化部署优势
- 持续集成基础
- 微服务架构入门
扩展学习方向
- Kubernetes容器编排
- Docker Swarm集群
- CI/CD流水线
- 容器安全加固
- 容器监控(Prometheus + Grafana)
🎉 项目完成
恭喜您!您已成功使用Docker在单台服务器上部署了完整的局域网综合服务系统。
现在您的局域网已经具备了:
- ✅ 域名解析服务(DNS)- lan-dns容器
- ✅ IP地址自动分配(DHCP)- lan-dhcp容器
- ✅ 邮件收发服务 - lan-mail + lan-dovecot容器
- ✅ 网站访问服务 - lan-web容器
- ✅ 文件传输服务 - lan-ftp容器
所有服务以容器形式协同工作,为局域网内的客户端提供完整的网络服务!