当我尝试通过PHP启动Docker容器时出现以下错误
level="fatal" msg="Get http:///var/run/docker.sock/v1.16/containers/json?limit=1: dial unix
/var/run/docker.sock: permission denied. Are you trying to connect to a TLS-enabled daemon
without TLS?"
我尝试通过shell_exec执行docker run命令,因此在Ubuntu 14.04上执行的用户是www-data。作为一种很好的措施,我尝试将docker命令作为sudo运行,但没有任何区别。在Google搜索中搜索“您在尝试...吗?”,它会显示一些链接,这些链接很可能包含一些相关信息-例如here-但是我还无法完全理解它。
同样很好的是,我将要执行的docker comamnd输出到stderr,将其复制并直接通过SSH执行。这是命令
docker run -h user118 -d -p 8406:443 -v /var/docks/user118/logs:/var/log/apache2 -v
/var/docks/user118/mysql:/var/lib/mysql -v /var/docks/user118/redis:/var/lib/redis -v
/var/docks/user118/secure:/var/secure -v /var/docks/user118/site:/var/www/html lamp
其次是
docker ps -a
然后浏览到该容器-没问题,一切正常。
我知道该命令将引发“每个容器只能有一个应用程序”的注释。这不是这里的问题。
我是在这里尝试不可能的事,还是有一种相对简单的方法通过PHP脚本和shell_exec来操纵docker?我将非常感谢您的帮助
最佳答案
我认为您可以通过将www-data
用户添加到docker
组来解决此问题。
从https://docs.docker.com/installation/ubuntulinux/#giving-non-root-access:
Giving non-root access
The docker daemon always runs as the root user, and since Docker version 0.5.2, the docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root, and so, by default, you can access it with sudo.
Starting in version 0.5.3, if you (or your Docker installer) create a Unix group called docker and add users to it, then the docker daemon will make the ownership of the Unix socket read/writable by the docker group when the daemon starts. The docker daemon must always run as the root user, but if you run the docker client as a user in the docker group then you don't need to add sudo to all the client commands. As of 0.9.0, you can specify that a group other than docker should own the Unix socket with the -G option.
Example:
sudo groupadd docker
sudo gpasswd -a ${USER} docker
sudo service docker restart
docker.io
代替: sudo service docker.io restart
newgrp docker
或注销/登录以激活对组的更改。关于php - 从PHP启动Docker容器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27782595/