lywsvip/oneclickvirt.github.io
1
0
Fork 0
mirror of https://github.com/oneclickvirt/oneclickvirt.github.io.git synced 2026-06-08 07:45:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat:增加containerd和podman的说明

Browse Source
This commit is contained in:
spiritlhl
2026-03-02 03:25:27 +00:00
parent 23193aa7de
commit 9e6e5fb5ef
24 changed files with 1904 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
docs/.vitepress/config.mts
View File

@@ -52,18 +52,49 @@ export default defineConfig({
nav: [
{
text: '一键虚拟化项目',
link: '/',
activeMatch: '^/$|^/guide/'
link: '/'
},
{
text: '虚拟化平台',
activeMatch: '^/guide/',
items: [
{ text: 'OneClickVirt', link: '/guide/oneclickvirt/oneclickvirt_precheck.html' },
{ text: 'Proxmox VE', link: '/guide/pve/pve_precheck.html' },
{ text: 'Incus', link: '/guide/incus/incus_precheck.html' },
{ text: 'Docker', link: '/guide/docker/docker_precheck.html' },
{ text: 'LXD', link: '/guide/lxd/lxd_precheck.html' },
{ text: 'Containerd', link: '/guide/containerd/containerd_precheck.html' },
{ text: 'Podman', link: '/guide/podman/podman_precheck.html' },
{ text: '屏蔽滥用', link: '/guide/block/block_iptables.html' },
]
},
{
text: '其他虚拟化项目',
link: '/incomplete/index',
activeMatch: '^/incomplete/'
activeMatch: '^/incomplete/',
items: [
{ text: 'webvirtcloud', link: '/incomplete/webvirtcloud.html' },
{ text: 'webvirtcloud_retspen', link: '/incomplete/webvirtcloud_retspen.html' },
{ text: 'pterodactyl', link: '/incomplete/pterodactyl.html' },
{ text: 'convoy', link: '/incomplete/convoy.html' },
{ text: 'cockpit', link: '/incomplete/cockpit.html' },
{ text: 'virtfusion', link: '/incomplete/virtfusion.html' },
{ text: 'virtualizor-docker', link: '/incomplete/virtualizor-docker.html' },
{ text: 'bashvm', link: '/incomplete/bashvm.html' },
{ text: 'webvirtmgr', link: '/incomplete/webvirtmgr.html' },
]
},
{
text: '其他实用项目',
link: '/case/index',
activeMatch: '^/case/'
activeMatch: '^/case/',
items: [
{ text: '1. VPS融合怪服务器测评脚本', link: '/case/case1.html' },
{ text: '2. 一键修复与安装脚本', link: '/case/case2.html' },
{ text: '3. 自动更新测试服务器节点列表的网络基准测试脚本', link: '/case/case3.html' },
{ text: '4. 三网回程路由线路测试脚本', link: '/case/case4.html' },
{ text: '5. 服务器资源占用脚本', link: '/case/case5.html' },
{ text: '6. 为linux服务器增加swap分区', link: '/case/case6.html' },
{ text: '7. 为linux服务器启用zram设备', link: '/case/case7.html' },
]
},
{ text: '融合怪商家收录', link: 'https://paste.spiritlhl.net/' },
{ text: 'VPS余量监控', link: 'https://spiders.spiritlhl.net/' },
@@ -91,8 +122,36 @@ export default defineConfig({
pattern: 'https://github.com/oneclickvirt/oneclickvirt.github.io/edit/main/docs/:path',
},
nav: [
{ text: 'One Click Virtualization', link: '/en/', activeMatch: '^/en/guide/' },
{ text: 'Other Virtualization Projects', link: '/en/incomplete/index', activeMatch: '^/en/incomplete/' },
{ text: 'One Click Virtualization', link: '/en/' },
{
text: 'Virtualization Platforms',
activeMatch: '^/en/guide/',
items: [
{ text: 'OneClickVirt', link: '/en/guide/oneclickvirt/oneclickvirt_precheck.html' },
{ text: 'Proxmox VE', link: '/en/guide/pve/pve_precheck.html' },
{ text: 'Incus', link: '/en/guide/incus/incus_precheck.html' },
{ text: 'Docker', link: '/en/guide/docker/docker_precheck.html' },
{ text: 'LXD', link: '/en/guide/lxd/lxd_precheck.html' },
{ text: 'Containerd', link: '/en/guide/containerd/containerd_precheck.html' },
{ text: 'Podman', link: '/en/guide/podman/podman_precheck.html' },
{ text: 'Block Abuse', link: '/en/guide/block/block_iptables.html' },
]
},
{
text: 'Other Virtualization Projects',
activeMatch: '^/en/incomplete/',
items: [
{ text: 'webvirtcloud', link: '/en/incomplete/webvirtcloud.html' },
{ text: 'webvirtcloud_retspen', link: '/en/incomplete/webvirtcloud_retspen.html' },
{ text: 'pterodactyl', link: '/en/incomplete/pterodactyl.html' },
{ text: 'convoy', link: '/en/incomplete/convoy.html' },
{ text: 'cockpit', link: '/en/incomplete/cockpit.html' },
{ text: 'virtfusion', link: '/en/incomplete/virtfusion.html' },
{ text: 'virtualizor-docker', link: '/en/incomplete/virtualizor-docker.html' },
{ text: 'bashvm', link: '/en/incomplete/bashvm.html' },
{ text: 'webvirtmgr', link: '/en/incomplete/webvirtmgr.html' },
]
},
{ text: 'Merchant List', link: 'https://paste.spiritlhl.net/' },
{ text: 'VPS Stock Monitor', link: 'https://spiders.spiritlhl.net/' },
],
@@ -205,6 +264,26 @@ function getGuideSidebarZhCN() {
{ text: '在DOCKER上', link: '/guide/block/block_docker.html' },
]
},
{
text: 'Containerd',
items: [
{ text: '系统和配置要求', link: '/guide/containerd/containerd_precheck.html' },
{ text: 'Containerd主体安装', link: '/guide/containerd/containerd_install.html' },
{ text: 'Linux容器(LXC)', link: '/guide/containerd/containerd_build.html' },
{ text: '致谢', link: '/guide/containerd/containerd_thanks.html' },
{ text: '常见问题答疑', link: '/guide/containerd/containerd_qa.html' }
]
},
{
text: 'Podman',
items: [
{ text: '系统和配置要求', link: '/guide/podman/podman_precheck.html' },
{ text: 'Podman主体安装', link: '/guide/podman/podman_install.html' },
{ text: 'Linux容器(LXC)', link: '/guide/podman/podman_build.html' },
{ text: '致谢', link: '/guide/podman/podman_thanks.html' },
{ text: '常见问题答疑', link: '/guide/podman/podman_qa.html' }
]
},
{
text: '捐赠',
items: [
@@ -339,17 +418,37 @@ function getGuideSidebarEnUS() {
{
text: 'Block Abuse',
items: [
{ text: 'via iptables', link: '/guide/block/block_iptables.html' },
{ text: 'In PVE', link: '/guide/block/block_pve.html' },
{ text: 'In INCUS', link: '/guide/block/block_incus.html' },
{ text: 'In LXD', link: '/guide/block/block_lxd.html' },
{ text: 'In DOCKER', link: '/guide/block/block_docker.html' },
{ text: 'via iptables', link: '/en/guide/block/block_iptables.html' },
{ text: 'In PVE', link: '/en/guide/block/block_pve.html' },
{ text: 'In INCUS', link: '/en/guide/block/block_incus.html' },
{ text: 'In LXD', link: '/en/guide/block/block_lxd.html' },
{ text: 'In DOCKER', link: '/en/guide/block/block_docker.html' },
]
},
{
text: 'Containerd',
items: [
{ text: 'System & configuration requirements', link: '/en/guide/containerd/containerd_precheck.html' },
{ text: 'Containerd main installation', link: '/en/guide/containerd/containerd_install.html' },
{ text: 'Linux Container(LXC)', link: '/en/guide/containerd/containerd_build.html' },
{ text: 'Acknowledgements', link: '/en/guide/containerd/containerd_thanks.html' },
{ text: 'FAQ', link: '/en/guide/containerd/containerd_qa.html' }
]
},
{
text: 'Podman',
items: [
{ text: 'System & configuration requirements', link: '/en/guide/podman/podman_precheck.html' },
{ text: 'Podman main installation', link: '/en/guide/podman/podman_install.html' },
{ text: 'Linux Container(LXC)', link: '/en/guide/podman/podman_build.html' },
{ text: 'Acknowledgements', link: '/en/guide/podman/podman_thanks.html' },
{ text: 'FAQ', link: '/en/guide/podman/podman_qa.html' }
]
},
{
text: 'Donation',
items: [
{ text: 'Donation', link: '/guide/dashboardq.html' }
{ text: 'Donation', link: '/en/guide/dashboardq.html' }
]
}
];

156
docs/en/guide/containerd/containerd_build.md Normal file
View File

@@ -0,0 +1,156 @@
---
outline: deep
---
# Preface
Two methods for provisioning containers.
## Single Container Provisioning
- Creates a single containerd container, automatically detects international or China mainland server
- Can configure binding of an independent IPv6 address (requires host with public IPv6 and containerd-ipv6 network configured during installation)
- Supports x86_64 and ARM64 architecture servers
### Download Script
International
```shell
wget -q https://raw.githubusercontent.com/oneclickvirt/containerd/main/scripts/onecontainerd.sh
chmod +x onecontainerd.sh
```
China Mainland
```shell
wget -q https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/scripts/onecontainerd.sh
chmod +x onecontainerd.sh
```
### Example
Supported variables for running:
```bash
./onecontainerd.sh <name> <cpu> <memory_mb> <password> <sshport> <startport> <endport> [independent_ipv6:y/n] [system] [disk_gb]
```
Currently supported `system` values:
- debian
- ubuntu
- alpine
- almalinux
- rockylinux
- openeuler
Default is debian if not specified.
```shell
./onecontainerd.sh ct1 1 512 MyPassword 25000 34975 35000 n debian 0
```
Example container information:
| Attribute | Value |
|-----------|-------|
| Container name | ct1 |
| SSH username | root |
| SSH password | MyPassword |
| CPU cores | 1 |
| Memory | 512MB |
| SSH port | 25000 |
| External/internal port range | 34975 to 35000 |
| System | debian |
| Independent IPv6 | N |
| Disk size | Unlimited |
### Related Operations
List all containers
```shell
nerdctl ps -a
```
Enter container
```shell
nerdctl exec -it ct1 bash
```
Enter Alpine container
```shell
nerdctl exec -it ct1 sh
```
Type `exit` to leave the container.
Delete container
```shell
nerdctl rm -f ct1
```
View container logs
```shell
nerdctl logs ct1
```
## Batch Container Provisioning
- Multiple runs inherit configuration and generate sequentially
- Auto-increments container name (ct1, ct2, ...), SSH port, and public ports
- Container information recorded to `ctlog` file
- Recommended to run in screen to avoid SSH disconnection
### Run
International
```shell
wget -q https://raw.githubusercontent.com/oneclickvirt/containerd/main/scripts/create_containerd.sh
chmod +x create_containerd.sh
./create_containerd.sh
```
China Mainland
```shell
wget -q https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/scripts/create_containerd.sh
chmod +x create_containerd.sh
./create_containerd.sh
```
### Query Batch Container Information
```shell
cat ctlog
```
Output format:
```
container_name ssh_port root_password cpu_cores memory_mb start_port end_port disk_gb
```
One line per container.
## Remove All Containers and Images
```shell
nerdctl ps -aq | xargs -r nerdctl rm -f
nerdctl images -q | xargs -r nerdctl rmi -f
rm -rf ctlog
```
## Restart All Containers After Host Reboot
By default, containers are not configured to auto-restart. Run the following command to start all stopped containers:
```shell
nerdctl ps -aq -f status=exited | xargs -r nerdctl start
```

67
docs/en/guide/containerd/containerd_install.md Normal file
View File

@@ -0,0 +1,67 @@
---
outline: deep
---
# Preface
Install the containerd environment, including containerd + runc + nerdctl + CNI + buildkitd full suite.
## Setting Up Virtual Memory
:::tip
Allocate some swap space to prevent your machine from crashing.
:::
Unit conversion: Inputting 1024 results in 1G of SWAP - virtual memory. Virtual memory occupies disk space and is automatically utilized when the physical memory is insufficient. However, this leads to high IO usage and CPU performance overhead.
It is recommended to allocate virtual memory twice the size of your physical memory.
```shell
curl -L https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```
## Environment Setup
- Supported systems: Ubuntu, Debian, RockyLinux 9+, AlmaLinux 9+, CentOS 9+, Alpine, Arch
- Installs containerd + runc + nerdctl + CNI + buildkitd (via nerdctl-full bundle)
- Automatically configures CNI network (containerd-net: 172.20.0.0/16) with iptables NAT rules
- Detects public IPv6 address; if present, automatically creates containerd-ipv6 CNI network and starts NDP Responder
- Installs DNS liveness check service (check-dns.service)
- Supports x86_64 and ARM64 architecture servers
International
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerdinstall.sh)
```
China Mainland
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerdinstall.sh)
```
:::tip
After installation, run `nerdctl ps -a` to verify the containerd environment is working correctly.
:::
## Uninstall containerd Environment
One-click uninstall of the entire containerd environment, including all containers, images, CNI networks, systemd services, and nerdctl/containerd binaries:
International
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerduninstall.sh)
```
China Mainland
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerduninstall.sh)
```
:::warning
The script requires entering `yes` to confirm before execution. This operation is irreversible. Deleted content includes all containers, images, and CNI network configurations.
Retest workflow: Run uninstall first, then run install to verify the entire installation process from scratch.
:::

62
docs/en/guide/containerd/containerd_precheck.md Normal file
View File

@@ -0,0 +1,62 @@
---
outline: deep
---
# Introduction
The following is an introduction to the non-customized sections. Please ensure that you don't confuse them with the customized parts.
If your host does not have an IPv6 subnet and you want to assign IPv6 addresses to containers, the host itself needs a public IPv6 address. The installation script will automatically detect and configure this.
:::warning
The containerd solution **does not support KVM/QEMU virtual machines**. It only supports Linux containers (LXC) and is suitable for environments without KVM hardware virtualization support.
:::
Feel free to give the project a ```Star``` for free support! --> [https://github.com/oneclickvirt/containerd](https://github.com/oneclickvirt/containerd)
## Project Features
Bulk or individual NAT server provisioning based on containerd + nerdctl runtime
- Installs containerd + runc + nerdctl + CNI + buildkitd via the [nerdctl-full](https://github.com/containerd/nerdctl) bundle
- Uses self-compiled base images (stored in GitHub Releases), with offline loading prioritized and fallback to official images
- Each container comes with 1 external SSH port, 25 consistent internal/external ports, with optional independent IPv6 address binding
- Default unprivileged containers, supports lxcfs mounting (if lxcfs is installed on the host)
- Supports disk limit parameters (requires xfs/btrfs snapshotter with storage-opt support)
- Supports China CDN acceleration
## Supported Systems
| System | amd64 | arm64 |
|--------|-------|-------|
| Ubuntu 22.04 | ✓ | ✓ |
| Debian 12 | ✓ | ✓ |
| Alpine latest | ✓ | ✓ |
| AlmaLinux 9 | ✓ | ✓ |
| RockyLinux 9 | ✓ | ✓ |
| OpenEuler 22.03 | ✓ | ✓ |
## Configuration Requirements
- Host OS: Ubuntu, Debian, RockyLinux 9+, AlmaLinux 9+, CentOS 9+, Alpine, Arch
- Architecture: x86_64 (amd64) or ARM64
- Kernel must support overlay filesystem
- Network must be able to connect to GitHub raw interface
- At least 3GB free disk space
- **No KVM hardware support required**
## Comparison with Docker
| Feature | containerd | docker |
|---------|-----------|--------|
| Runtime | containerd + runc | Docker daemon + runc |
| Management CLI | nerdctl | docker |
| Daemon required | Lightweight daemon | Heavy Docker daemon |
| Container support | Linux containers (LXC) | Linux containers + KVM VMs |
| Installation | nerdctl-full bundle | Docker official script |
It is recommended to add some SWAP virtual memory before provisioning NAT servers to avoid host crash due to sudden memory spikes.
```shell
curl -L https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```

99
docs/en/guide/containerd/containerd_qa.md Normal file
View File

@@ -0,0 +1,99 @@
---
outline: deep
---
# FAQ
## nerdctl: command not found
The containerd environment is not correctly installed or `/usr/local/bin` is not in PATH.
Fix:
```shell
export PATH="/usr/local/bin:$PATH"
echo 'export PATH="/usr/local/bin:$PATH"' >> /etc/profile
source /etc/profile
```
If still not found, re-run the installation script:
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerdinstall.sh)
```
## containerd service not running
```shell
systemctl status containerd
systemctl restart containerd
```
View logs:
```shell
journalctl -u containerd -f
```
## Container cannot access external network (IPv4)
Check if iptables NAT rules exist:
```shell
iptables -t nat -L POSTROUTING -n -v | grep 172.20
```
If not present, add manually:
```shell
iptables -t nat -A POSTROUTING -s 172.20.0.0/16 ! -d 172.20.0.0/16 -j MASQUERADE
iptables -A FORWARD -s 172.20.0.0/16 -j ACCEPT
iptables -A FORWARD -d 172.20.0.0/16 -j ACCEPT
```
## Container IPv6 not working
1. Confirm the host has a public IPv6 address
2. Check if the containerd-ipv6 CNI network exists:
```shell
cat /etc/cni/net.d/20-containerd-ipv6.conflist
```
3. Check if the ndpresponder container is running:
```shell
nerdctl ps | grep ndpresponder
```
## Image pull failed
The script includes built-in CDN detection. You can also manually test CDN availability:
```shell
curl -4 -sL -k "https://cdn0.spiritlhl.top/https://raw.githubusercontent.com/spiritLHLS/ecs/main/back/test" --max-time 6
```
## How to completely reset the containerd environment
Uninstall, then reinstall:
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerduninstall.sh)
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerdinstall.sh)
```
## lxcfs related issues
If lxcfs is not installed on the host, containers will see the host's CPU/memory view. Install lxcfs:
```shell
apt-get install -y lxcfs # Debian/Ubuntu
yum install -y lxcfs # CentOS/RHEL
```
## Disk limit not working
Disk limits require xfs or btrfs snapshotter support. The default overlay snapshotter does not support container-level disk limits.
For disk limits, refer to the docker or incus solution documentation.

19
docs/en/guide/containerd/containerd_thanks.md Normal file
View File

@@ -0,0 +1,19 @@
## Acknowledgements
https://github.com/containerd/nerdctl
https://github.com/containerd/containerd
https://github.com/opencontainers/runc
https://github.com/containernetworking/cni
https://github.com/moby/buildkit
https://github.com/yoursunny/ndpresponder
https://github.com/lxc/lxcfs
https://github.com/SuperManito/LinuxMirrors
Thanks to [@spiritlhls](https://github.com/spiritlhls) for providing the containerd container runtime solution.

23
docs/en/guide/docker/docker_install.md
View File

@@ -62,4 +62,25 @@ Or specify a different storage limit size (in MB), the default test of the 500MB
```shell
# 1GB Limit
bash disk_test.sh 1000
```
```
## Uninstall Docker Environment
One-click uninstall of the entire Docker environment, including all containers, images, networks, systemd services, and binaries:
International
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/docker/main/dockeruninstall.sh)
```
China Mainland
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/docker/main/dockeruninstall.sh)
```
:::warning
The script requires entering `yes` to confirm before execution. This operation is irreversible. Deleted content includes all containers, images, and network configurations.
Retest workflow: Run uninstall first, then run install to verify the entire installation process from scratch.
:::

166
docs/en/guide/podman/podman_build.md Normal file
View File

@@ -0,0 +1,166 @@
---
outline: deep
---
# Preface
Two methods for provisioning containers.
## Single Container Provisioning
- Creates a single Podman container, automatically detects international or China mainland server
- Can configure binding of an independent IPv6 address (requires host with public IPv6 and podman-ipv6 network configured during installation)
- Supports x86_64 and ARM64 architecture servers
### Download Script
International
```shell
wget -q https://raw.githubusercontent.com/oneclickvirt/podman/main/scripts/onepodman.sh
chmod +x onepodman.sh
```
China Mainland
```shell
wget -q https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/scripts/onepodman.sh
chmod +x onepodman.sh
```
### Example
Supported variables for running:
```bash
./onepodman.sh <name> <cpu> <memory_mb> <password> <sshport> <startport> <endport> [independent_ipv6:y/n] [system] [disk_gb]
```
Currently supported `system` values:
- debian
- ubuntu
- alpine
- almalinux
- rockylinux
- openeuler
Default is debian if not specified.
```shell
./onepodman.sh ct1 1 512 MyPassword 25000 34975 35000 n debian 0
```
Example container information:
| Attribute | Value |
|-----------|-------|
| Container name | ct1 |
| SSH username | root |
| SSH password | MyPassword |
| CPU cores | 1 |
| Memory | 512MB |
| SSH port | 25000 |
| External/internal port range | 34975 to 35000 |
| System | debian |
| Independent IPv6 | N |
| Disk size | Unlimited |
### Related Operations
List all containers
```shell
podman ps -a
```
Enter container
```shell
podman exec -it ct1 bash
```
Enter Alpine container
```shell
podman exec -it ct1 sh
```
Type `exit` to leave the container.
Delete container
```shell
podman rm -f ct1
```
View container logs
```shell
podman logs ct1
```
## Batch Container Provisioning
- Multiple runs inherit configuration and generate sequentially
- Auto-increments container name (ct1, ct2, ...), SSH port, and public ports
- Container information recorded to `ctlog` file
- Recommended to run in screen to avoid SSH disconnection
### Run
International
```shell
wget -q https://raw.githubusercontent.com/oneclickvirt/podman/main/scripts/create_podman.sh
chmod +x create_podman.sh
./create_podman.sh
```
China Mainland
```shell
wget -q https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/scripts/create_podman.sh
chmod +x create_podman.sh
./create_podman.sh
```
### Query Batch Container Information
```shell
cat ctlog
```
Output format:
```
container_name ssh_port root_password cpu_cores memory_mb start_port end_port disk_gb
```
One line per container.
## Remove All Containers and Images
```shell
podman ps -aq | xargs -r podman rm -f
podman images -aq | xargs -r podman rmi -f
podman volume prune -f
podman system prune -af
rm -rf ctlog
```
## Restart All Containers After Host Reboot
Podman supports systemd integration. Generate auto-start service for a container:
```shell
# Generate systemd service for a specific container
podman generate systemd --name ct1 > /etc/systemd/system/container-ct1.service
systemctl enable container-ct1
```
Or manually start all stopped containers:
```shell
podman ps -aq -f status=exited | xargs -r podman start
```

67
docs/en/guide/podman/podman_install.md Normal file
View File

@@ -0,0 +1,67 @@
---
outline: deep
---
# Preface
Install the Podman environment, including podman + network configuration + DNS liveness check service.
## Setting Up Virtual Memory
:::tip
Allocate some swap space to prevent your machine from crashing.
:::
Unit conversion: Inputting 1024 results in 1G of SWAP - virtual memory. Virtual memory occupies disk space and is automatically utilized when the physical memory is insufficient. However, this leads to high IO usage and CPU performance overhead.
It is recommended to allocate virtual memory twice the size of your physical memory.
```shell
curl -L https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```
## Environment Setup
- Supported systems: Ubuntu, Debian, RockyLinux 9+, AlmaLinux 9+, CentOS 9+, Alpine, Arch
- Installs Podman via each distribution's official packages (daemonless architecture, no Docker daemon required)
- Automatically configures Podman network (podman-net: 172.21.0.0/16)
- Detects public IPv6 address; if present, automatically creates podman-ipv6 network and starts NDP Responder
- Installs DNS liveness check service (check-dns-podman.service)
- Supports x86_64 and ARM64 architecture servers
International
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/podman/main/podmaninstall.sh)
```
China Mainland
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/podmaninstall.sh)
```
:::tip
After installation, run `podman ps -a` to verify the Podman environment is working correctly.
:::
## Uninstall Podman Environment
One-click uninstall of the entire Podman environment, including all containers, images, networks, and auxiliary files:
International
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/podman/main/podmanuninstall.sh)
```
China Mainland
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/podmanuninstall.sh)
```
:::warning
The script requires entering `yes` to confirm before execution. This operation is irreversible. Deleted content includes all containers, images, and Podman network configurations.
Retest workflow: Run uninstall first, then run install to verify the entire installation process from scratch.
:::

65
docs/en/guide/podman/podman_precheck.md Normal file
View File

@@ -0,0 +1,65 @@
---
outline: deep
---
# Introduction
The following is an introduction to the non-customized sections. Please ensure that you don't confuse them with the customized parts.
If your host does not have an IPv6 subnet and you want to assign IPv6 addresses to containers, the host itself needs a public IPv6 address. The installation script will automatically detect and configure this.
:::warning
The Podman solution **does not support KVM/QEMU virtual machines**. It only supports Linux containers (LXC) and is suitable for environments without KVM hardware virtualization support.
:::
Feel free to give the project a ```Star``` for free support! --> [https://github.com/oneclickvirt/podman](https://github.com/oneclickvirt/podman)
## Project Features
Bulk or individual NAT server provisioning based on Podman (daemonless architecture) runtime
- Uses each distribution's official packages to install Podman (no daemon, daemonless architecture)
- Uses self-compiled base images (stored in GitHub Releases), with offline loading prioritized and fallback to ghcr.io images
- Each container comes with 1 external SSH port, 25 consistent internal/external ports, with optional independent IPv6 address binding
- Supports lxcfs mounting (if lxcfs is installed on the host), providing real /proc view inside containers
- Native rootless support (this solution runs as root to simplify network configuration)
- Supports China CDN acceleration
## Supported Systems
| System | amd64 | arm64 |
|--------|-------|-------|
| Ubuntu 22.04 | ✓ | ✓ |
| Debian 12 | ✓ | ✓ |
| Alpine latest | ✓ | ✓ |
| AlmaLinux 9 | ✓ | ✓ |
| RockyLinux 9 | ✓ | ✓ |
| OpenEuler 22.03 | ✓ | ✓ |
## Configuration Requirements
- Host OS: Ubuntu, Debian, RockyLinux 9+, AlmaLinux 9+, CentOS 9+, Alpine, Arch
- Architecture: x86_64 (amd64) or ARM64
- Kernel must support overlay filesystem
- Network must be able to connect to GitHub raw interface
- At least 3GB free disk space
- **No KVM hardware support required**
## Comparison with containerd and Docker
| Feature | podman (this project) | containerd | docker |
|---------|----------------------|-----------|--------|
| Daemon | None (daemonless) | Lightweight containerd | Heavy Docker daemon |
| Runtime | crun/runc | runc | runc |
| CLI | podman | nerdctl | docker |
| Rootless support | Native | Requires config | Requires config |
| Image format | OCI | OCI | OCI |
| Network backend | netavark/CNI | CNI | Docker bridge |
| Container support | Linux containers (LXC) | Linux containers (LXC) | Linux containers + KVM VMs |
| Installation | System package manager | nerdctl-full bundle | Docker official script |
It is recommended to add some SWAP virtual memory before provisioning NAT servers to avoid host crash due to sudden memory spikes.
```shell
curl -L https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```

101
docs/en/guide/podman/podman_qa.md Normal file
View File

@@ -0,0 +1,101 @@
---
outline: deep
---
# FAQ
## podman: command not found
The Podman environment is not correctly installed. Re-run the installation script:
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/podman/main/podmaninstall.sh)
```
## Container cannot access external network (IPv4)
Check if iptables NAT rules exist:
```shell
iptables -t nat -L POSTROUTING -n -v | grep 172.21
```
If not present, add manually:
```shell
iptables -t nat -A POSTROUTING -s 172.21.0.0/16 ! -d 172.21.0.0/16 -j MASQUERADE
iptables -A FORWARD -s 172.21.0.0/16 -j ACCEPT
iptables -A FORWARD -d 172.21.0.0/16 -j ACCEPT
```
## Container IPv6 not working
1. Confirm the host has a public IPv6 address
2. Check if the podman-ipv6 network exists:
```shell
podman network ls | grep ipv6
```
3. Check if the ndpresponder container is running:
```shell
podman ps | grep ndpresponder
```
## Podman vs Docker command comparison
| Function | Docker command | Podman command |
|----------|---------------|----------------|
| List containers | `docker ps -a` | `podman ps -a` |
| Enter container | `docker exec -it` | `podman exec -it` |
| Delete container | `docker rm -f` | `podman rm -f` |
| List images | `docker images` | `podman images` |
| Delete image | `docker rmi` | `podman rmi` |
| View logs | `docker logs` | `podman logs` |
## Image pull failed
Images are prioritized from GitHub Releases as offline tar packages, with fallback to ghcr.io:
```shell
ghcr.io/oneclickvirt/podman:<os>-amd64
ghcr.io/oneclickvirt/podman:<os>-arm64
ghcr.io/oneclickvirt/podman:<os> # multi-arch manifest
```
Manually pull image example:
```shell
podman pull ghcr.io/oneclickvirt/podman:debian-amd64
```
## How to completely reset the Podman environment
Uninstall, then reinstall:
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/podman/main/podmanuninstall.sh)
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/podman/main/podmaninstall.sh)
```
## Podman vs containerd: which to choose?
- For daemonless architecture with no background daemon, or if you prefer the system package manager, choose **Podman**
- For a lightweight daemon + nerdctl CLI experience, choose **containerd**
- For KVM virtual machines (Windows/macOS/Android), choose **docker** or **PVE/Incus/LXD** solutions
## DNS issues
Podman installation configures the `check-dns-podman.service`. Check if it's running:
```shell
systemctl status check-dns-podman
```
Manual DNS fix:
```shell
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
echo "nameserver 1.1.1.1" >> /etc/resolv.conf
```

21
docs/en/guide/podman/podman_thanks.md Normal file
View File

@@ -0,0 +1,21 @@
## Acknowledgements
https://github.com/containers/podman
https://github.com/containers/buildah
https://github.com/containers/netavark
https://github.com/containers/crun
https://github.com/opencontainers/runc
https://github.com/yoursunny/ndpresponder
https://github.com/lxc/lxcfs
https://github.com/SuperManito/LinuxMirrors
https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/
Thanks to [@spiritlhls](https://github.com/spiritlhls) for providing the Podman container runtime solution.

157
docs/guide/containerd/containerd_build.md Normal file
View File

@@ -0,0 +1,157 @@
---
outline: deep
---
# 前言
两种开设方式
## 单独开设
- 只生成一个 containerd 容器,自动判断国际服务器还是国内服务器
- 可配置绑定独立的 IPV6 地址(需安装时宿主机已有公网 IPV6 且安装脚本已配置 containerd-ipv6 网络)
- 支持 x86_64 和 ARM64 架构的服务器
### 下载脚本
国际
```shell
wget -q https://raw.githubusercontent.com/oneclickvirt/containerd/main/scripts/onecontainerd.sh
chmod +x onecontainerd.sh
```
国内
```shell
wget -q https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/scripts/onecontainerd.sh
chmod +x onecontainerd.sh
```
### 示例
运行支持的变量如下
```bash
./onecontainerd.sh <name> <cpu> <memory_mb> <password> <sshport> <startport> <endport> [independent_ipv6:y/n] [system] [disk_gb]
```
目前 system 仅支持选择:
- debian
- ubuntu
- alpine
- almalinux
- rockylinux
- openeuler
默认不填则是 debian
```shell
./onecontainerd.sh ct1 1 512 MyPassword 25000 34975 35000 n debian 0
```
以下为开设的示例容器的信息:
| 属性 | 值 |
|------|----|
| 容器名字 | ct1 |
| SSH 登录的用户名 | root |
| SSH 登录的密码 | MyPassword |
| CPU 核数 | 1 |
| 内存大小 | 512MB |
| SSH 端口 | 25000 |
| 内外网映射端口一致的区间 | 34975 到 35000 |
| 系统 | debian |
| 是否绑定独立的 IPV6 地址 | N |
| 硬盘大小 | 不限制 |
### 相关操作
查看所有容器
```shell
nerdctl ps -a
```
进入容器
```shell
nerdctl exec -it ct1 bash
```
进入 Alpine 容器
```shell
nerdctl exec -it ct1 sh
```
要退出容器就执行 `exit` 退出。
删除示例
```shell
nerdctl rm -f ct1
```
查看容器日志
```shell
nerdctl logs ct1
```
## 批量开设
- 批量多次运行继承配置生成
- 自动递增容器名ct1, ct2, ...、SSH 端口、公网端口
- 容器信息记录到 `ctlog` 文件
- 生成多个时为避免 SSH 连接中断建议在 screen 中执行
- 支持 x86_64 和 ARM64 架构的服务器
### 运行
国际
```shell
wget -q https://raw.githubusercontent.com/oneclickvirt/containerd/main/scripts/create_containerd.sh
chmod +x create_containerd.sh
./create_containerd.sh
```
国内
```shell
wget -q https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/scripts/create_containerd.sh
chmod +x create_containerd.sh
./create_containerd.sh
```
### 查询批量开设的信息
```shell
cat ctlog
```
输出格式
```
容器名字 SSH端口 登陆的root密码 核数 内存 外网端口起 外网端口止 硬盘大小
```
一行一个容器对应的信息
## 删除所有容器和镜像
```shell
nerdctl ps -aq | xargs -r nerdctl rm -f
nerdctl images -q | xargs -r nerdctl rmi -f
rm -rf ctlog
```
## 宿主机重启后重启所有容器
默认容器没有设置停止后自重启,需要执行以下命令启动所有停止的容器
```shell
nerdctl ps -aq -f status=exited | xargs -r nerdctl start
```

75
docs/guide/containerd/containerd_install.md Normal file
View File

@@ -0,0 +1,75 @@
---
outline: deep
---
# 前言
安装 containerd 环境,包含 containerd + runc + nerdctl + CNI + buildkitd 全套组件
## 开设虚拟内存
:::tip
内存开点 swap 免得机器炸了
:::
单位换算:输入 1024 产生 1G SWAP-虚拟内存虚拟内存占用硬盘空间当实际内存不够用时将自动使用虚拟内存做内存使用但随之带来IO高占用以及CPU性能占用
建议只开实际内存大小两倍大小的虚拟内存
国际
```shell
curl -L https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```
国内
```shell
curl -L https://cdn.spiritlhl.net/https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```
## 环境安装
- 支持系统Ubuntu、Debian、RockyLinux 9+、AlmaLinux 9+、CentOS 9+、Alpine、Arch
- 安装 containerd + runc + nerdctl + CNI + buildkitd通过 nerdctl-full bundle
- 自动配置 CNI 网络containerd-net172.20.0.0/16并设置 iptables NAT 规则
- 检测公网 IPV6 地址,若存在则自动创建 containerd-ipv6 CNI 网络并启动 NDP Responder
- 安装 DNS 保活服务check-dns.service持续检测 DNS 可用性
- 支持 x86_64 和 ARM64 架构的服务器
国际
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerdinstall.sh)
```
国内
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerdinstall.sh)
```
:::tip
安装完成后建议执行 `nerdctl ps -a` 验证 containerd 环境是否正常运行
:::
## 卸载 containerd 环境
一键卸载 containerd 全套环境包括所有容器、镜像、CNI 网络、systemd 服务、nerdctl/containerd 二进制文件:
国际
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerduninstall.sh)
```
国内
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerduninstall.sh)
```
:::warning
脚本会在执行前要求输入 `yes` 确认操作不可逆。删除内容包括所有容器、镜像、CNI 网络配置。
复测流程:先执行卸载,再执行安装,即可从零验证整个安装流程。
:::

70
docs/guide/containerd/containerd_precheck.md Normal file
View File

@@ -0,0 +1,70 @@
---
outline: deep
---
# 前言
以下为非自定义部分的介绍,自定义部分有自己对应的介绍,勿弄混了
如果你的宿主机本身没有IPV6的子网又想给容器分配IPV6地址需要宿主机本身已有公网IPV6地址安装脚本会自动检测并配置
:::warning
containerd 方案**不支持 KVM/QEMU 虚拟机**,仅支持 Linux 容器LXC适用于无 KVM 硬件虚拟化支持的环境。
:::
欢迎给项目一个 ```Star``` 进行免费的支持-->[https://github.com/oneclickvirt/containerd](https://github.com/oneclickvirt/containerd)
## 项目特点
基于 containerd + nerdctl 运行时,通过批量或单独开设 NAT 服务器
- 使用 [nerdctl-full](https://github.com/containerd/nerdctl) 安装 containerd + runc + nerdctl + CNI + buildkitd 全套组件
- 使用本仓库自编译的基础镜像(存储在 GitHub Releases优先离线加载无法获取时回退到官方镜像
- 每个容器自带 1 个外网 SSH 端口25 个内外网一致端口,可选择是否绑定独立 IPV6 地址
- 默认创建非特权容器,支持 lxcfs 挂载(若宿主机安装了 lxcfs
- 支持磁盘限制参数(需 xfs/btrfs snapshotter 支持 storage-opt
- 支持国内 CDN 镜像加速
## 支持的系统
| 系统 | amd64 | arm64 |
|------|-------|-------|
| Ubuntu 22.04 | ✓ | ✓ |
| Debian 12 | ✓ | ✓ |
| Alpine latest | ✓ | ✓ |
| AlmaLinux 9 | ✓ | ✓ |
| RockyLinux 9 | ✓ | ✓ |
| OpenEuler 22.03 | ✓ | ✓ |
## 配置要求
- 宿主机系统Ubuntu、Debian、RockyLinux 9+、AlmaLinux 9+、CentOS 9+、Alpine、Arch
- 架构x86_64amd64或 ARM64
- 内核需支持 overlay 文件系统
- 网络能连接 Github 的 raw 界面即可
- 空闲硬盘有 3G 以上即可
- **不需要 KVM 硬件支持**
## 与 docker 对比
| 特性 | containerd | docker |
|------|-----------|--------|
| 运行时 | containerd + runc | Docker daemon + runc |
| 管理命令 | nerdctl | docker |
| 是否需要守护进程 | 轻量级守护进程 | 重量级 Docker daemon |
| 容器支持 | Linux 容器LXC| Linux 容器 + KVM 虚拟机 |
| 安装方式 | nerdctl-full bundle | Docker 官方脚本 |
推荐在开设 NAT 服务器前先增加部分 SWAP 虚拟内存,避免突发的内存占用导致宿主机卡死
国际
```shell
curl -L https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```
国内
```shell
curl -L https://cdn.spiritlhl.net/https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```

117
docs/guide/containerd/containerd_qa.md Normal file
View File

@@ -0,0 +1,117 @@
---
outline: deep
---
# 常见问题答疑
## nerdctl: command not found
containerd 环境未正确安装或 `/usr/local/bin` 不在 PATH 中
解决方法:
```shell
export PATH="/usr/local/bin:$PATH"
echo 'export PATH="/usr/local/bin:$PATH"' >> /etc/profile
source /etc/profile
```
如果仍然没有,请重新执行安装脚本:
国际
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerdinstall.sh)
```
国内
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerdinstall.sh)
```
## containerd 服务未启动
```shell
systemctl status containerd
systemctl restart containerd
```
查看日志:
```shell
journalctl -u containerd -f
```
## 容器无法访问外网IPv4
检查 iptables NAT 规则是否存在:
```shell
iptables -t nat -L POSTROUTING -n -v | grep 172.20
```
如果没有,手动添加:
```shell
iptables -t nat -A POSTROUTING -s 172.20.0.0/16 ! -d 172.20.0.0/16 -j MASQUERADE
iptables -A FORWARD -s 172.20.0.0/16 -j ACCEPT
iptables -A FORWARD -d 172.20.0.0/16 -j ACCEPT
```
## 容器 IPv6 未生效
1. 确认宿主机有公网 IPv6 地址
2. 检查 containerd-ipv6 CNI 网络是否存在:
```shell
cat /etc/cni/net.d/20-containerd-ipv6.conflist
```
3. 检查 ndpresponder 容器是否运行:
```shell
nerdctl ps | grep ndpresponder
```
## 镜像拉取失败
优先尝试国内 CDN 加速,脚本内置 CDN 检测,也可手动切换:
```shell
# 测试 CDN 是否可用
curl -4 -sL -k "https://cdn0.spiritlhl.top/https://raw.githubusercontent.com/spiritLHLS/ecs/main/back/test" --max-time 6
```
## 如何完全重置 containerd 环境
先卸载,再重新安装:
国际
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerduninstall.sh)
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerdinstall.sh)
```
国内
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerduninstall.sh)
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/containerd/main/containerdinstall.sh)
```
## lxcfs 相关问题
如果宿主机未安装 lxcfs容器内查询的 CPU/内存为宿主机视图。安装 lxcfs
```shell
apt-get install -y lxcfs # Debian/Ubuntu
yum install -y lxcfs # CentOS/RHEL
```
## 磁盘限制不生效
磁盘限制需要 xfs 或 btrfs snapshotter 支持,默认 overlay snapshotter 不支持容器级磁盘限制。
如需磁盘限制,请查看 docker 方案或 incus 方案中对应的说明。

19
docs/guide/containerd/containerd_thanks.md Normal file
View File

@@ -0,0 +1,19 @@
## 致谢
https://github.com/containerd/nerdctl
https://github.com/containerd/containerd
https://github.com/opencontainers/runc
https://github.com/containernetworking/cni
https://github.com/moby/buildkit
https://github.com/yoursunny/ndpresponder
https://github.com/lxc/lxcfs
https://github.com/SuperManito/LinuxMirrors
感谢 [@spiritlhls](https://github.com/spiritlhls) 提供的 containerd 容器运行时方案

23
docs/guide/docker/docker_install.md
View File

@@ -83,4 +83,25 @@ curl -L https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt
```shell
# 1GB限制
bash disk_test.sh 1000
```
```
## 卸载 Docker 环境
一键卸载 Docker 全套环境包括所有容器、镜像、网络、systemd 服务、二进制文件:
国际
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/docker/main/dockeruninstall.sh)
```
国内
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/docker/main/dockeruninstall.sh)
```
:::warning
脚本会在执行前要求输入 `yes` 确认,操作不可逆。薐删内容包括所有容器、镜像、网络配置。
复测流程:先执行卸载,再执行安装,即可从零验证整个安装流程。
:::

167
docs/guide/podman/podman_build.md Normal file
View File

@@ -0,0 +1,167 @@
---
outline: deep
---
# 前言
两种开设方式
## 单独开设
- 只生成一个 Podman 容器,自动判断国际服务器还是国内服务器
- 可配置绑定独立的 IPV6 地址(需安装时宿主机已有公网 IPV6 且安装脚本已配置 podman-ipv6 网络)
- 支持 x86_64 和 ARM64 架构的服务器
### 下载脚本
国际
```shell
wget -q https://raw.githubusercontent.com/oneclickvirt/podman/main/scripts/onepodman.sh
chmod +x onepodman.sh
```
国内
```shell
wget -q https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/scripts/onepodman.sh
chmod +x onepodman.sh
```
### 示例
运行支持的变量如下
```bash
./onepodman.sh <name> <cpu> <memory_mb> <password> <sshport> <startport> <endport> [independent_ipv6:y/n] [system] [disk_gb]
```
目前 system 仅支持选择:
- debian
- ubuntu
- alpine
- almalinux
- rockylinux
- openeuler
默认不填则是 debian
```shell
./onepodman.sh ct1 1 512 MyPassword 25000 34975 35000 n debian 0
```
以下为开设的示例容器的信息:
| 属性 | 值 |
|------|----|
| 容器名字 | ct1 |
| SSH 登录的用户名 | root |
| SSH 登录的密码 | MyPassword |
| CPU 核数 | 1 |
| 内存大小 | 512MB |
| SSH 端口 | 25000 |
| 内外网映射端口一致的区间 | 34975 到 35000 |
| 系统 | debian |
| 是否绑定独立的 IPV6 地址 | N |
| 硬盘大小 | 不限制 |
### 相关操作
查看所有容器
```shell
podman ps -a
```
进入容器
```shell
podman exec -it ct1 bash
```
进入 Alpine 容器
```shell
podman exec -it ct1 sh
```
要退出容器就执行 `exit` 退出。
删除示例
```shell
podman rm -f ct1
```
查看容器日志
```shell
podman logs ct1
```
## 批量开设
- 批量多次运行继承配置生成
- 自动递增容器名ct1, ct2, ...、SSH 端口、公网端口
- 容器信息记录到 `ctlog` 文件
- 生成多个时为避免 SSH 连接中断建议在 screen 中执行
- 支持 x86_64 和 ARM64 架构的服务器
### 运行
国际
```shell
wget -q https://raw.githubusercontent.com/oneclickvirt/podman/main/scripts/create_podman.sh
chmod +x create_podman.sh
./create_podman.sh
```
国内
```shell
wget -q https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/scripts/create_podman.sh
chmod +x create_podman.sh
./create_podman.sh
```
### 查询批量开设的信息
```shell
cat ctlog
```
输出格式
```
容器名字 SSH端口 登陆的root密码 核数 内存 外网端口起 外网端口止 硬盘大小
```
一行一个容器对应的信息
## 删除所有容器和镜像
```shell
podman ps -aq | xargs -r podman rm -f
podman images -aq | xargs -r podman rmi -f
podman volume prune -f
podman system prune -af
rm -rf ctlog
```
## 宿主机重启后重启所有容器
Podman 支持 systemd 集成,可通过以下命令生成自启动服务:
```shell
# 为指定容器生成 systemd service
podman generate systemd --name ct1 > /etc/systemd/system/container-ct1.service
systemctl enable container-ct1
```
或者手动启动所有已停止的容器:
```shell
podman ps -aq -f status=exited | xargs -r podman start
```

75
docs/guide/podman/podman_install.md Normal file
View File

@@ -0,0 +1,75 @@
---
outline: deep
---
# 前言
安装 Podman 环境,包含 podman + 网络配置 + DNS 保活服务全套组件
## 开设虚拟内存
:::tip
内存开点 swap 免得机器炸了
:::
单位换算:输入 1024 产生 1G SWAP-虚拟内存虚拟内存占用硬盘空间当实际内存不够用时将自动使用虚拟内存做内存使用但随之带来IO高占用以及CPU性能占用
建议只开实际内存大小两倍大小的虚拟内存
国际
```shell
curl -L https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```
国内
```shell
curl -L https://cdn.spiritlhl.net/https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```
## 环境安装
- 支持系统Ubuntu、Debian、RockyLinux 9+、AlmaLinux 9+、CentOS 9+、Alpine、Arch
- 通过各发行版官方软件包安装 Podmandaemonless 架构,无需 Docker daemon
- 自动配置 Podman 网络podman-net172.21.0.0/16
- 检测公网 IPv6 地址,若存在则自动创建 podman-ipv6 网络并启动 NDP Responder
- 安装 DNS 保活服务check-dns-podman.service持续检测 DNS 可用性
- 支持 x86_64 和 ARM64 架构的服务器
国际
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/podman/main/podmaninstall.sh)
```
国内
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/podmaninstall.sh)
```
:::tip
安装完成后建议执行 `podman ps -a` 验证 Podman 环境是否正常运行
:::
## 卸载 Podman 环境
一键卸载 Podman 全套环境,包括所有容器、镜像、网络、辅助文件:
国际
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/podman/main/podmanuninstall.sh)
```
国内
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/podmanuninstall.sh)
```
:::warning
脚本会在执行前要求输入 `yes` 确认操作不可逆。删除内容包括所有容器、镜像、Podman 网络配置。
复测流程:先执行卸载,再执行安装,即可从零验证整个安装流程。
:::

73
docs/guide/podman/podman_precheck.md Normal file
View File

@@ -0,0 +1,73 @@
---
outline: deep
---
# 前言
以下为非自定义部分的介绍,自定义部分有自己对应的介绍,勿弄混了
如果你的宿主机本身没有IPV6的子网又想给容器分配IPV6地址需要宿主机本身已有公网IPV6地址安装脚本会自动检测并配置
:::warning
Podman 方案**不支持 KVM/QEMU 虚拟机**,仅支持 Linux 容器LXC适用于无 KVM 硬件虚拟化支持的环境。
:::
欢迎给项目一个 ```Star``` 进行免费的支持-->[https://github.com/oneclickvirt/podman](https://github.com/oneclickvirt/podman)
## 项目特点
基于 Podmandaemonless 架构)运行时,通过批量或单独开设 NAT 服务器
- 使用各发行版官方软件包安装 Podman无守护进程daemonless 架构)
- 使用本仓库自编译的基础镜像(存储在 GitHub Releases优先离线加载无法获取时回退到 ghcr.io 镜像
- 每个容器自带 1 个外网 SSH 端口25 个内外网一致端口,可选择是否绑定独立 IPV6 地址
- 支持 lxcfs 挂载(若宿主机安装了 lxcfs提供容器内真实 /proc 视图
- 原生支持 rootless本方案使用 root 运行以简化网络配置)
- 支持国内 CDN 镜像加速
## 支持的系统
| 系统 | amd64 | arm64 |
|------|-------|-------|
| Ubuntu 22.04 | ✓ | ✓ |
| Debian 12 | ✓ | ✓ |
| Alpine latest | ✓ | ✓ |
| AlmaLinux 9 | ✓ | ✓ |
| RockyLinux 9 | ✓ | ✓ |
| OpenEuler 22.03 | ✓ | ✓ |
## 配置要求
- 宿主机系统Ubuntu、Debian、RockyLinux 9+、AlmaLinux 9+、CentOS 9+、Alpine、Arch
- 架构x86_64amd64或 ARM64
- 内核需支持 overlay 文件系统
- 网络能连接 Github 的 raw 界面即可
- 空闲硬盘有 3G 以上即可
- **不需要 KVM 硬件支持**
## 与 containerd 和 docker 对比
| 特性 | podman本项目 | containerd | docker |
|------|----------------|-----------|--------|
| 守护进程 | 无daemonless| 轻量级 containerd | 重量级 Docker daemon |
| 运行时 | crun/runc | runc | runc |
| 管理命令 | podman | nerdctl | docker |
| rootless 支持 | 原生支持 | 需配置 | 需配置 |
| 镜像格式 | OCI | OCI | OCI |
| 网络后端 | netavark/CNI | CNI | Docker bridge |
| 容器支持 | Linux 容器LXC | Linux 容器LXC | Linux 容器 + KVM 虚拟机 |
| 安装方式 | 系统包管理器 | nerdctl-full bundle | Docker 官方脚本 |
推荐在开设 NAT 服务器前先增加部分 SWAP 虚拟内存,避免突发的内存占用导致宿主机卡死
国际
```shell
curl -L https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```
国内
```shell
curl -L https://cdn.spiritlhl.net/https://raw.githubusercontent.com/spiritLHLS/addswap/main/addswap.sh -o addswap.sh && chmod +x addswap.sh && bash addswap.sh
```

118
docs/guide/podman/podman_qa.md Normal file
View File

@@ -0,0 +1,118 @@
---
outline: deep
---
# 常见问题答疑
## podman: command not found
Podman 环境未正确安装,请重新执行安装脚本:
国际
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/podman/main/podmaninstall.sh)
```
国内
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/podmaninstall.sh)
```
## 容器无法访问外网IPv4
检查 iptables NAT 规则是否存在:
```shell
iptables -t nat -L POSTROUTING -n -v | grep 172.21
```
如果没有,手动添加:
```shell
iptables -t nat -A POSTROUTING -s 172.21.0.0/16 ! -d 172.21.0.0/16 -j MASQUERADE
iptables -A FORWARD -s 172.21.0.0/16 -j ACCEPT
iptables -A FORWARD -d 172.21.0.0/16 -j ACCEPT
```
## 容器 IPv6 未生效
1. 确认宿主机有公网 IPv6 地址
2. 检查 podman-ipv6 网络是否存在:
```shell
podman network ls | grep ipv6
```
3. 检查 ndpresponder 容器是否运行:
```shell
podman ps | grep ndpresponder
```
## Podman 与 Docker 命令对比
| 功能 | Docker 命令 | Podman 命令 |
|------|------------|------------|
| 查看容器 | `docker ps -a` | `podman ps -a` |
| 进入容器 | `docker exec -it` | `podman exec -it` |
| 删除容器 | `docker rm -f` | `podman rm -f` |
| 查看镜像 | `docker images` | `podman images` |
| 删除镜像 | `docker rmi` | `podman rmi` |
| 查看日志 | `docker logs` | `podman logs` |
## 镜像拉取失败
优先通过 GitHub Releases 下载离线 tar 包,无法访问时回退到 ghcr.io
```shell
ghcr.io/oneclickvirt/podman:<os>-amd64
ghcr.io/oneclickvirt/podman:<os>-arm64
ghcr.io/oneclickvirt/podman:<os> # multi-arch manifest
```
手动拉取镜像示例:
```shell
podman pull ghcr.io/oneclickvirt/podman:debian-amd64
```
## 如何完全重置 Podman 环境
先卸载,再重新安装:
国际
```shell
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/podman/main/podmanuninstall.sh)
bash <(wget -qO- https://raw.githubusercontent.com/oneclickvirt/podman/main/podmaninstall.sh)
```
国内
```shell
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/podmanuninstall.sh)
bash <(wget -qO- https://cdn.spiritlhl.net/https://raw.githubusercontent.com/oneclickvirt/podman/main/podmaninstall.sh)
```
## Podman 与 containerd 如何选择
- 如需 daemonless 无守护进程架构,或希望使用系统包管理安装,选 **Podman**
- 如需更轻量的守护进程 + nerdctl 命令行体验,选 **containerd**
- 如需同时运行 KVM 虚拟机Windows/macOS/Android**docker****PVE/Incus/LXD** 方案
## DNS 问题
Podman 安装时会配置 check-dns-podman.service 服务,检查是否运行:
```shell
systemctl status check-dns-podman
```
手动修复 DNS
```shell
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
echo "nameserver 1.1.1.1" >> /etc/resolv.conf
```

21
docs/guide/podman/podman_thanks.md Normal file
View File

@@ -0,0 +1,21 @@
## 致谢
https://github.com/containers/podman
https://github.com/containers/buildah
https://github.com/containers/netavark
https://github.com/containers/crun
https://github.com/opencontainers/runc
https://github.com/yoursunny/ndpresponder
https://github.com/lxc/lxcfs
https://github.com/SuperManito/LinuxMirrors
https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/
感谢 [@spiritlhls](https://github.com/spiritlhls) 提供的 Podman 容器运行时方案

49
package-lock.json generated
View File

@@ -158,7 +158,6 @@
"integrity": "sha512-9rUYcMIBOrCtYiLX49djyzxqdK9Dya/6Z/8sebPn94BekT+KLOpaZCuc6s0Fpfq7nx5J6YY5LIVFQrtioK9u0g==",
"dev": true,
"license": "MIT",
"peer": true,
"dependencies": {
"@algolia/client-common": "5.25.0",
"@algolia/requester-browser-xhr": "5.25.0",
@@ -1484,7 +1483,6 @@
"integrity": "sha512-n73BVorL4HIwKlfJKb4SEzAYkR3Buwfwbh+MYxg2mloFph2fFGV58E90QTzdbfzWrLn4HE5Czx/WTjI8fcHaMg==",
"dev": true,
"license": "MIT",
"peer": true,
"dependencies": {
"@algolia/client-abtesting": "5.25.0",
"@algolia/client-analytics": "5.25.0",
@@ -1683,7 +1681,6 @@
"integrity": "sha512-xx560wGBk7seZ6y933idtjJQc1l+ck+pI3sKvhKozdBV1dRZoKhkW5xoCaFv9tQiX5RH1xfSxjuNu6g+lmN/gw==",
"dev": true,
"license": "MIT",
"peer": true,
"dependencies": {
"tabbable": "^6.2.0"
}
@@ -2216,11 +2213,12 @@
}
},
"node_modules/undici-types": {
"version": "7.16.0",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
"integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
"version": "7.18.2",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
"integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
"dev": true,
"optional": true
"optional": true,
"peer": true
},
"node_modules/unist-util-is": {
"version": "6.0.0",
@@ -2366,6 +2364,17 @@
}
}
},
"node_modules/vitepress/node_modules/@types/node": {
"version": "25.3.3",
"resolved": "https://registry.npmjs.org/@types/node/-/node-25.3.3.tgz",
"integrity": "sha512-DpzbrH7wIcBaJibpKo9nnSQL0MTRdnWttGyE5haGwK86xgMOkFLp7vEyfQPGLOJh5wNYiJ3V9PmUMDhV9u8kkQ==",
"dev": true,
"optional": true,
"peer": true,
"dependencies": {
"undici-types": "~7.18.0"
}
},
"node_modules/vitepress/node_modules/@vitejs/plugin-vue": {
"version": "5.2.4",
"resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-5.2.4.tgz",
@@ -2386,7 +2395,6 @@
"integrity": "sha512-qO3aKv3HoQC8QKiNSTuUM1l9o/XX3+c+VTgLHbJWHZGeTPVAg2XwazI9UWzoxjIJCGCV2zU60uqMzjeLZuULqA==",
"dev": true,
"license": "MIT",
"peer": true,
"dependencies": {
"esbuild": "^0.21.3",
"postcss": "^8.4.43",
@@ -2447,7 +2455,6 @@
"integrity": "sha512-LbOm50/vZFG6Mhy6KscQYXZMQ0LMCC/y40HDJPPvGFQ+i/lUH+PJHR6C3assgOQiXdl6tAfsXHbXYVBZZu65ew==",
"dev": true,
"license": "MIT",
"peer": true,
"dependencies": {
"@vue/compiler-dom": "3.5.14",
"@vue/compiler-sfc": "3.5.14",
@@ -2583,7 +2590,6 @@
"resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.25.0.tgz",
"integrity": "sha512-9rUYcMIBOrCtYiLX49djyzxqdK9Dya/6Z/8sebPn94BekT+KLOpaZCuc6s0Fpfq7nx5J6YY5LIVFQrtioK9u0g==",
"dev": true,
"peer": true,
"requires": {
"@algolia/client-common": "5.25.0",
"@algolia/requester-browser-xhr": "5.25.0",
@@ -3366,7 +3372,6 @@
"resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.25.0.tgz",
"integrity": "sha512-n73BVorL4HIwKlfJKb4SEzAYkR3Buwfwbh+MYxg2mloFph2fFGV58E90QTzdbfzWrLn4HE5Czx/WTjI8fcHaMg==",
"dev": true,
"peer": true,
"requires": {
"@algolia/client-abtesting": "5.25.0",
"@algolia/client-analytics": "5.25.0",
@@ -3503,7 +3508,6 @@
"resolved": "https://registry.npmjs.org/focus-trap/-/focus-trap-7.6.4.tgz",
"integrity": "sha512-xx560wGBk7seZ6y933idtjJQc1l+ck+pI3sKvhKozdBV1dRZoKhkW5xoCaFv9tQiX5RH1xfSxjuNu6g+lmN/gw==",
"dev": true,
"peer": true,
"requires": {
"tabbable": "^6.2.0"
}
@@ -3847,10 +3851,12 @@
"dev": true
},
"undici-types": {
"version": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
"integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
"version": "7.18.2",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
"integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
"dev": true,
"optional": true
"optional": true,
"peer": true
},
"unist-util-is": {
"version": "6.0.0",
@@ -3946,6 +3952,17 @@
"vue": "^3.5.13"
},
"dependencies": {
"@types/node": {
"version": "25.3.3",
"resolved": "https://registry.npmjs.org/@types/node/-/node-25.3.3.tgz",
"integrity": "sha512-DpzbrH7wIcBaJibpKo9nnSQL0MTRdnWttGyE5haGwK86xgMOkFLp7vEyfQPGLOJh5wNYiJ3V9PmUMDhV9u8kkQ==",
"dev": true,
"optional": true,
"peer": true,
"requires": {
"undici-types": "~7.18.0"
}
},
"@vitejs/plugin-vue": {
"version": "5.2.4",
"resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-5.2.4.tgz",
@@ -3958,7 +3975,6 @@
"resolved": "https://registry.npmjs.org/vite/-/vite-5.4.19.tgz",
"integrity": "sha512-qO3aKv3HoQC8QKiNSTuUM1l9o/XX3+c+VTgLHbJWHZGeTPVAg2XwazI9UWzoxjIJCGCV2zU60uqMzjeLZuULqA==",
"dev": true,
"peer": true,
"requires": {
"esbuild": "^0.21.3",
"fsevents": "~2.3.3",
@@ -3973,7 +3989,6 @@
"resolved": "https://registry.npmjs.org/vue/-/vue-3.5.14.tgz",
"integrity": "sha512-LbOm50/vZFG6Mhy6KscQYXZMQ0LMCC/y40HDJPPvGFQ+i/lUH+PJHR6C3assgOQiXdl6tAfsXHbXYVBZZu65ew==",
"dev": true,
"peer": true,
"requires": {
"@vue/compiler-dom": "3.5.14",
"@vue/compiler-sfc": "3.5.14",