在Linux云VPS中再分小鸡出来（docker版）

在docker创建ubuntu22.04系统容器

1：创建网络

docker network create --driver bridge --subnet=10.247.88.0/24 net88
docker network ls

2：建立容器

nano docker-compose.yml

services:
  aapanel:
    container_name: 10.247.88.2
    image: ubuntu:22.04
    restart: unless-stopped
    volumes:
      - ./root:/root
      - ./www:/www
    networks:
      net88:
        ipv4_address: 10.247.88.2
    tty: true
    command: /bin/bash -c "mkdir -p /run/sshd || /usr/sbin/sshd -D || tail -f /dev/null"
networks:
  net88:
    external: true

3：启动容器

docker compose down
docker compose up -d
docker ps

4：进入容器操作

docker exec -it 10.247.88.2 bash

mkdir -p ~/.ssh&&echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINczVrP1nQt56KrtY0zFDRYvNGjMVS2MphwNWXH5j7yg xixi-ed25519-20240206'>>~/.ssh/authorized_keys&&cat ~/.ssh/authorized_keys
passwd
apt update
apt install openssh-server nano

5： 将主机的 22 端口映射到容器的 22 端口

iptables -t nat -F
iptables -t nat -A POSTROUTING -s 10.247.88.2 -j SNAT --to-source 154.12.247.88
iptables -t nat -A PREROUTING -p tcp -d 154.12.247.88 --dport 22 -j DNAT --to-destination 10.247.88.2:22

防火墙持久化

1：保存防火墙配置文件

iptables-save > /etc/network/iptables.up.rules

2:配置防火墙服务

nano /etc/systemd/system/iptables-load.service

[Unit]
Description=Load iptables rules

[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore /etc/network/iptables.up.rules
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

3：安装防火墙服务

systemctl daemon-reload
systemctl enable iptables-load.service
systemctl start iptables-load.service