Docker compose 无法启动服务并出现错误 'unknown option' 但 docker-compose 在同一命令上构建成功
Docker compose fails to start a service with an error 'unknown option' but docker-compose build on the same command is a success
我有一个项目,其中有一个 docker-compose 文件和一个 Docker 文件。
该项目在这里打开GitHub
我正在构建一个演示项目:
- Traefik
- 喷鼻息 3
- 一个 NodeJS API 用于测试的假人
问题是在我的 Docker 文件中,我有一个这样的命令 运行 on Snort
# Validates the configuration of Snort
RUN ${MY_PATH}/bin/snort -c /etc/snort/etc/snort.lua
# Runs Snort
CMD ["/usr/local/snort/bin/snort", "-i", "eth0", "-c", "/etc/snort/etc/snort.lua", "-A", "fast", "-s", "65535", "-k", "none"]
当我使用 docker-compose build
构建项目时,命令执行正常并且配置通过了检查。
当我 运行 docker-compose up
Snort 服务失败 运行 并出现下一个错误
❯ docker-compose up
Docker Compose is now in the Docker CLI, try `docker compose up`
Starting snort3demo_back-end_1 ... done
Starting traefik ... done
Recreating snort3demo_snort_1 ... done
Attaching to snort3demo_back-end_1, snort3demo_snort_1, traefik
snort_1 | ERROR: unknown option - /usr/local/snort/bin/snort
snort_1 | FATAL: see prior 1 errors
snort_1 | Fatal Error, Quitting..
back-end_1 | Server ready
snort3demo_snort_1 exited with code 1
traefik | time="2021-06-07T09:51:57Z" level=info msg="Configuration loaded from flags."
没有 运行我们有 /usr/local/snort/bin/snort
的命令,但是当我构建时没有问题。
我不知道可能是什么问题,我的撰写看起来如下
version: "3.8"
services:
snort:
cap_add:
- NET_ADMIN
image: demo-snort3
env_file:
- ./config.env
build:
context: ./
dockerfile: snort3.dockerfile
networks:
- "demo-net"
reverse-proxy:
image: "traefik:v2.4"
container_name: "traefik"
restart: always
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
networks:
- "demo-net"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
back-end:
image: demo-node
build:
context: ./
dockerfile: node.dockerfile
networks:
- "demo-net"
labels:
- "traefik.enable=true"
- "traefik.http.routers.backend.rule=Host(`demo-node.localhost`)"
- "traefik.http.routers.backend.entrypoints=web"
networks:
demo-net:
我需要对撰写进行任何更改才能使其 运行 正确,或者我犯了任何其他错误。
根据需要Docker文件
FROM ubuntu:latest
## Install Dependencies
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \
wget \
build-essential \
libpcap-dev \
libpcre3-dev \
libnet1-dev \
zlib1g-dev \
luajit \
hwloc \
libdnet-dev \
libdumbnet-dev \
bison \
flex \
liblzma-dev \
openssl \
libssl-dev \
pkg-config \
libhwloc-dev \
cmake \
cpputest \
libsqlite3-dev \
uuid-dev \
libcmocka-dev \
libnetfilter-queue-dev \
libmnl-dev \
autotools-dev \
libluajit-5.1-dev \
libunwind-dev \
iproute2 \
net-tools \
sudo \
ethtool \
libtool \
git \
autoconf \
ragel \
libboost-dev \
libboost-all-dev \
systemd \
libcrypt-ssleay-perl \
liblwp-useragent-determined-perl \
&& apt-get clean && rm -rf /var/cache/apt/*
# Define working directory.
WORKDIR /opt
# Safec for runtime bounds checks on certain legacy C-library calls
ENV SAFEC_VERSION 02092020
RUN wget https://github.com/rurban/safeclib/releases/download/v02092020/libsafec-${SAFEC_VERSION}.tar.gz \
&& tar xvfz libsafec-${SAFEC_VERSION}.tar.gz \
&& cd libsafec-${SAFEC_VERSION}.0-g6d921f \
&& ./configure \
&& make \
&& sudo make install
# Hyperscan critical to Snort3 operations and performance
# uses to fast pattern matching
# dependencies: PCRE, gperftools, ragel, Boost C++, flatbuffers, colm
ENV PCRE_VERSION 10.37
RUN wget https://ftp.pcre.org/pub/pcre/pcre2-${PCRE_VERSION}.tar.gz \
&& tar xzvf pcre2-${PCRE_VERSION}.tar.gz \
&& cd pcre2-${PCRE_VERSION} \
&& ./configure && make && sudo make install
ENV GP_TOOLS_VERSION 2.9.1
RUN wget https://github.com/gperftools/gperftools/releases/download/gperftools-${GP_TOOLS_VERSION}/gperftools-${GP_TOOLS_VERSION}.tar.gz \
&& tar xzvf gperftools-${GP_TOOLS_VERSION}.tar.gz \
&& cd gperftools-${GP_TOOLS_VERSION} \
&& ./configure && make && sudo make install
ENV HYPERSCAN_VESRSION 5.4.0-2
RUN wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/hyperscan/5.4.0-2/hyperscan_5.4.0.orig.tar.gz \
&& tar xvzf hyperscan_5.4.0.orig.tar.gz \
&& mkdir hyperscan-${HYPERSCAN_VESRSION}-build \
&& cd hyperscan-${HYPERSCAN_VESRSION}-build \
&& cmake -DCMAKE_INSTALL_PREFIX=/usr/local ../hyperscan-5.4.0 \
&& make && sudo make install
ENV FLATBUFFERS_VESRSION 2.0.0
RUN wget https://github.com/google/flatbuffers/archive/refs/tags/v${FLATBUFFERS_VESRSION}.tar.gz -O flatbuffers-v${FLATBUFFERS_VESRSION}.tar.gz \
&& tar xvzf flatbuffers-v${FLATBUFFERS_VESRSION}.tar.gz \
&& mkdir flatbuffers-build \
&& cd flatbuffers-build \
&& cmake ../flatbuffers-${FLATBUFFERS_VESRSION} \
&& make && sudo make install
# DAQ
ENV DAQ_VERSION 3.0.3
RUN wget https://github.com/snort3/libdaq/archive/refs/tags/v${DAQ_VERSION}.tar.gz \
&& tar xvfz v${DAQ_VERSION}.tar.gz \
&& cd libdaq-${DAQ_VERSION} \
&& ./bootstrap \
&& ./configure \
&& make \
&& make install
RUN ldconfig
# Snort 3.1.0
ENV MY_PATH=/usr/local/snort
ENV SNORT_VERSION 3.1.5.0
RUN wget https://github.com/snort3/snort3/archive/refs/tags/${SNORT_VERSION}.tar.gz \
&& tar xvfz ${SNORT_VERSION}.tar.gz \
&& cd snort3-${SNORT_VERSION} \
&& ./configure_cmake.sh --prefix=${MY_PATH} \
&& cd build \
&& make -j $(nproc) install
RUN ldconfig
# OpenAppID - Device detection
ENV OPEN_APP_ID 17843
RUN wget https://www.snort.org/downloads/openappid/${OPEN_APP_ID} -O OpenAppId-${OPEN_APP_ID}.tgz \
&& tar xvfz OpenAppId-${OPEN_APP_ID}.tgz \
&& cp -R odp /usr/local/lib/
# For this to work you MUST have downloaded the snort3 subscribers ruleset.
# This has to be located in the directory we are currently in.
ENV SNORT_RULES_SNAPSHOT 3150
COPY snortrules-snapshot-${SNORT_RULES_SNAPSHOT} /opt/
COPY *.sh /opt
RUN mkdir -p /var/log/snort && \
mkdir -p /usr/local/lib/snort_dynamicrules && \
mkdir -p /etc/snort && \
mkdir -p /etc/snort/rules && \
mkdir -p /etc/snort/preproc_rules && \
mkdir -p /etc/snort/etc && \
cp -r /opt/rules /etc/snort && \
cp -r /opt/so_rules /etc/snort && \
cp -r /opt/etc /etc/snort && \
cp -r /opt/builtins /etc/snort && \
# Custom rules goes to local.rules
# Will be copied an external file to Docker
# COPY local.rules /etc/snort/rules/local.rules
touch /etc/snort/rules/local.rules && \
touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules
# Pulledpork
RUN wget https://github.com/shirkdog/pulledpork/archive/master.tar.gz -O pulledpork-master.tar.gz \
&& tar xzvf pulledpork-master.tar.gz \
&& cd pulledpork-master \
&& cp pulledpork.pl /usr/bin/ \
&& chmod 755 /usr/bin/pulledpork.pl \
&& cp etc/* /etc/snort/ \
&& cpan install LWP::Protocol::https \
&& cpan install Crypt::SSLeay \
&& cpan Mozilla::CA IO::Socket::SSL
# Check Pulledpork was installed
RUN /usr/bin/pulledpork.pl -V && sleep 15
# Pulledpork conf
COPY pulledpork.conf /etc/snort/pulledpork.conf
COPY disablesid.conf /etc/snort/disablesid.conf
# COPY local rules across
COPY /rules/local.rules /etc/snort/rules/local.rules
# Clean up APT when done.
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
/opt/${SNORT_VERSION}.tar.gz /opt/v${DAQ_VERSION}.tar.gz
ENV INTERFACE 'eth0'
ENV LUA_PATH=${MY_PATH}/include/snort/lua/\?.lua\;\;
ENV SNORT_LUA_PATH=${MY_PATH}/etc/snort
ENV PATH="/usr/local/snort/bin:$PATH"
RUN cd /usr/local/snort/bin/ && ls -la && sleep 30
# Network interface service --> Not working
# RUN ls -la /lib/systemd/system/ && sleep 30
# COPY ethtool.service /lib/systemd/system/
# RUN sudo service enable --now ethtool \
# && sudo service ethtool start
# HOME_NET config --> chage this with the right IP adresses where snort should monitoring
ARG SNORT_HOME_NET="192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,172.17.0.0/16"
RUN sed -i "s#^HOME_NET =.*#HOME_NET = '$SNORT_HOME_NET'#" /etc/snort/etc/snort.lua
# Validate an installation
RUN ${MY_PATH}/bin/snort -c /etc/snort/etc/snort.lua
RUN chmod a+x /opt/*
# Add the script that allows the rules to be updated when the container is running
ARG PPORK_OINKCODE
RUN if [ ! -z $PPORK_OINKCODE ]; then bash update-rules.sh "$PPORK_OINKCODE"; fi
# Exposed port
EXPOSE 8080
# Let's run snort!
# CMD ["-i", "eth0"]
ENTRYPOINT ["/opt/entrypoint.sh"]
# CMD ["/usr/local/snort/bin/snort", "-d", "-i", "eth0", "-c", "/etc/snort/etc/snort.lua"]
CMD ["/usr/local/snort/bin/snort", "-i", "eth0", "-c", "/etc/snort/etc/snort.lua", "-A", "fast", "-s", "65535", "-k", "none"]
您的入口点与您要执行的命令冲突运行:
ENTRYPOINT ["/opt/entrypoint.sh"]
CMD ["/usr/local/snort/bin/snort", "-i", "eth0", "-c", "/etc/snort/etc/snort.lua", "-A", "fast", "-s", "65535", "-k", "none"]
将它们连接起来以作为您的容器执行以下操作:
/opt/entrypoint.sh /usr/local/snort/bin/snort -i eth0 -c /etc/snort/etc/snort.lua -A fast -s 65535 -k none
并且由于您的入口点包含:
#!/bin/sh
exec /usr/local/snort/bin/snort -c /etc/snort/etc/snort.lua "$@"
这变成了运行的以下命令:
/usr/local/snort/bin/snort -c /etc/snort/etc/snort.lua /usr/local/snort/bin/snort -i eth0 -c /etc/snort/etc/snort.lua -A fast -s 65535 -k none
所以 snort 是正确的,它正在接收它不知道如何处理的选项 /usr/local/snort/bin/snort
。只有当您 运行 容器时才会发生这种情况,构建图像时不执行 ENTRYPOINT 和 CMD。
要修复,请删除 ENTRYPOINT,或将 CMD 设置为仅附加在该 exec 命令末尾的值。
我有一个项目,其中有一个 docker-compose 文件和一个 Docker 文件。 该项目在这里打开GitHub
我正在构建一个演示项目:
- Traefik
- 喷鼻息 3
- 一个 NodeJS API 用于测试的假人
问题是在我的 Docker 文件中,我有一个这样的命令 运行 on Snort
# Validates the configuration of Snort
RUN ${MY_PATH}/bin/snort -c /etc/snort/etc/snort.lua
# Runs Snort
CMD ["/usr/local/snort/bin/snort", "-i", "eth0", "-c", "/etc/snort/etc/snort.lua", "-A", "fast", "-s", "65535", "-k", "none"]
当我使用 docker-compose build
构建项目时,命令执行正常并且配置通过了检查。
当我 运行 docker-compose up
Snort 服务失败 运行 并出现下一个错误
❯ docker-compose up
Docker Compose is now in the Docker CLI, try `docker compose up`
Starting snort3demo_back-end_1 ... done
Starting traefik ... done
Recreating snort3demo_snort_1 ... done
Attaching to snort3demo_back-end_1, snort3demo_snort_1, traefik
snort_1 | ERROR: unknown option - /usr/local/snort/bin/snort
snort_1 | FATAL: see prior 1 errors
snort_1 | Fatal Error, Quitting..
back-end_1 | Server ready
snort3demo_snort_1 exited with code 1
traefik | time="2021-06-07T09:51:57Z" level=info msg="Configuration loaded from flags."
没有 运行我们有 /usr/local/snort/bin/snort
的命令,但是当我构建时没有问题。
我不知道可能是什么问题,我的撰写看起来如下
version: "3.8"
services:
snort:
cap_add:
- NET_ADMIN
image: demo-snort3
env_file:
- ./config.env
build:
context: ./
dockerfile: snort3.dockerfile
networks:
- "demo-net"
reverse-proxy:
image: "traefik:v2.4"
container_name: "traefik"
restart: always
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
networks:
- "demo-net"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
back-end:
image: demo-node
build:
context: ./
dockerfile: node.dockerfile
networks:
- "demo-net"
labels:
- "traefik.enable=true"
- "traefik.http.routers.backend.rule=Host(`demo-node.localhost`)"
- "traefik.http.routers.backend.entrypoints=web"
networks:
demo-net:
我需要对撰写进行任何更改才能使其 运行 正确,或者我犯了任何其他错误。
根据需要Docker文件
FROM ubuntu:latest
## Install Dependencies
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -yq \
wget \
build-essential \
libpcap-dev \
libpcre3-dev \
libnet1-dev \
zlib1g-dev \
luajit \
hwloc \
libdnet-dev \
libdumbnet-dev \
bison \
flex \
liblzma-dev \
openssl \
libssl-dev \
pkg-config \
libhwloc-dev \
cmake \
cpputest \
libsqlite3-dev \
uuid-dev \
libcmocka-dev \
libnetfilter-queue-dev \
libmnl-dev \
autotools-dev \
libluajit-5.1-dev \
libunwind-dev \
iproute2 \
net-tools \
sudo \
ethtool \
libtool \
git \
autoconf \
ragel \
libboost-dev \
libboost-all-dev \
systemd \
libcrypt-ssleay-perl \
liblwp-useragent-determined-perl \
&& apt-get clean && rm -rf /var/cache/apt/*
# Define working directory.
WORKDIR /opt
# Safec for runtime bounds checks on certain legacy C-library calls
ENV SAFEC_VERSION 02092020
RUN wget https://github.com/rurban/safeclib/releases/download/v02092020/libsafec-${SAFEC_VERSION}.tar.gz \
&& tar xvfz libsafec-${SAFEC_VERSION}.tar.gz \
&& cd libsafec-${SAFEC_VERSION}.0-g6d921f \
&& ./configure \
&& make \
&& sudo make install
# Hyperscan critical to Snort3 operations and performance
# uses to fast pattern matching
# dependencies: PCRE, gperftools, ragel, Boost C++, flatbuffers, colm
ENV PCRE_VERSION 10.37
RUN wget https://ftp.pcre.org/pub/pcre/pcre2-${PCRE_VERSION}.tar.gz \
&& tar xzvf pcre2-${PCRE_VERSION}.tar.gz \
&& cd pcre2-${PCRE_VERSION} \
&& ./configure && make && sudo make install
ENV GP_TOOLS_VERSION 2.9.1
RUN wget https://github.com/gperftools/gperftools/releases/download/gperftools-${GP_TOOLS_VERSION}/gperftools-${GP_TOOLS_VERSION}.tar.gz \
&& tar xzvf gperftools-${GP_TOOLS_VERSION}.tar.gz \
&& cd gperftools-${GP_TOOLS_VERSION} \
&& ./configure && make && sudo make install
ENV HYPERSCAN_VESRSION 5.4.0-2
RUN wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/hyperscan/5.4.0-2/hyperscan_5.4.0.orig.tar.gz \
&& tar xvzf hyperscan_5.4.0.orig.tar.gz \
&& mkdir hyperscan-${HYPERSCAN_VESRSION}-build \
&& cd hyperscan-${HYPERSCAN_VESRSION}-build \
&& cmake -DCMAKE_INSTALL_PREFIX=/usr/local ../hyperscan-5.4.0 \
&& make && sudo make install
ENV FLATBUFFERS_VESRSION 2.0.0
RUN wget https://github.com/google/flatbuffers/archive/refs/tags/v${FLATBUFFERS_VESRSION}.tar.gz -O flatbuffers-v${FLATBUFFERS_VESRSION}.tar.gz \
&& tar xvzf flatbuffers-v${FLATBUFFERS_VESRSION}.tar.gz \
&& mkdir flatbuffers-build \
&& cd flatbuffers-build \
&& cmake ../flatbuffers-${FLATBUFFERS_VESRSION} \
&& make && sudo make install
# DAQ
ENV DAQ_VERSION 3.0.3
RUN wget https://github.com/snort3/libdaq/archive/refs/tags/v${DAQ_VERSION}.tar.gz \
&& tar xvfz v${DAQ_VERSION}.tar.gz \
&& cd libdaq-${DAQ_VERSION} \
&& ./bootstrap \
&& ./configure \
&& make \
&& make install
RUN ldconfig
# Snort 3.1.0
ENV MY_PATH=/usr/local/snort
ENV SNORT_VERSION 3.1.5.0
RUN wget https://github.com/snort3/snort3/archive/refs/tags/${SNORT_VERSION}.tar.gz \
&& tar xvfz ${SNORT_VERSION}.tar.gz \
&& cd snort3-${SNORT_VERSION} \
&& ./configure_cmake.sh --prefix=${MY_PATH} \
&& cd build \
&& make -j $(nproc) install
RUN ldconfig
# OpenAppID - Device detection
ENV OPEN_APP_ID 17843
RUN wget https://www.snort.org/downloads/openappid/${OPEN_APP_ID} -O OpenAppId-${OPEN_APP_ID}.tgz \
&& tar xvfz OpenAppId-${OPEN_APP_ID}.tgz \
&& cp -R odp /usr/local/lib/
# For this to work you MUST have downloaded the snort3 subscribers ruleset.
# This has to be located in the directory we are currently in.
ENV SNORT_RULES_SNAPSHOT 3150
COPY snortrules-snapshot-${SNORT_RULES_SNAPSHOT} /opt/
COPY *.sh /opt
RUN mkdir -p /var/log/snort && \
mkdir -p /usr/local/lib/snort_dynamicrules && \
mkdir -p /etc/snort && \
mkdir -p /etc/snort/rules && \
mkdir -p /etc/snort/preproc_rules && \
mkdir -p /etc/snort/etc && \
cp -r /opt/rules /etc/snort && \
cp -r /opt/so_rules /etc/snort && \
cp -r /opt/etc /etc/snort && \
cp -r /opt/builtins /etc/snort && \
# Custom rules goes to local.rules
# Will be copied an external file to Docker
# COPY local.rules /etc/snort/rules/local.rules
touch /etc/snort/rules/local.rules && \
touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules
# Pulledpork
RUN wget https://github.com/shirkdog/pulledpork/archive/master.tar.gz -O pulledpork-master.tar.gz \
&& tar xzvf pulledpork-master.tar.gz \
&& cd pulledpork-master \
&& cp pulledpork.pl /usr/bin/ \
&& chmod 755 /usr/bin/pulledpork.pl \
&& cp etc/* /etc/snort/ \
&& cpan install LWP::Protocol::https \
&& cpan install Crypt::SSLeay \
&& cpan Mozilla::CA IO::Socket::SSL
# Check Pulledpork was installed
RUN /usr/bin/pulledpork.pl -V && sleep 15
# Pulledpork conf
COPY pulledpork.conf /etc/snort/pulledpork.conf
COPY disablesid.conf /etc/snort/disablesid.conf
# COPY local rules across
COPY /rules/local.rules /etc/snort/rules/local.rules
# Clean up APT when done.
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
/opt/${SNORT_VERSION}.tar.gz /opt/v${DAQ_VERSION}.tar.gz
ENV INTERFACE 'eth0'
ENV LUA_PATH=${MY_PATH}/include/snort/lua/\?.lua\;\;
ENV SNORT_LUA_PATH=${MY_PATH}/etc/snort
ENV PATH="/usr/local/snort/bin:$PATH"
RUN cd /usr/local/snort/bin/ && ls -la && sleep 30
# Network interface service --> Not working
# RUN ls -la /lib/systemd/system/ && sleep 30
# COPY ethtool.service /lib/systemd/system/
# RUN sudo service enable --now ethtool \
# && sudo service ethtool start
# HOME_NET config --> chage this with the right IP adresses where snort should monitoring
ARG SNORT_HOME_NET="192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,172.17.0.0/16"
RUN sed -i "s#^HOME_NET =.*#HOME_NET = '$SNORT_HOME_NET'#" /etc/snort/etc/snort.lua
# Validate an installation
RUN ${MY_PATH}/bin/snort -c /etc/snort/etc/snort.lua
RUN chmod a+x /opt/*
# Add the script that allows the rules to be updated when the container is running
ARG PPORK_OINKCODE
RUN if [ ! -z $PPORK_OINKCODE ]; then bash update-rules.sh "$PPORK_OINKCODE"; fi
# Exposed port
EXPOSE 8080
# Let's run snort!
# CMD ["-i", "eth0"]
ENTRYPOINT ["/opt/entrypoint.sh"]
# CMD ["/usr/local/snort/bin/snort", "-d", "-i", "eth0", "-c", "/etc/snort/etc/snort.lua"]
CMD ["/usr/local/snort/bin/snort", "-i", "eth0", "-c", "/etc/snort/etc/snort.lua", "-A", "fast", "-s", "65535", "-k", "none"]
您的入口点与您要执行的命令冲突运行:
ENTRYPOINT ["/opt/entrypoint.sh"]
CMD ["/usr/local/snort/bin/snort", "-i", "eth0", "-c", "/etc/snort/etc/snort.lua", "-A", "fast", "-s", "65535", "-k", "none"]
将它们连接起来以作为您的容器执行以下操作:
/opt/entrypoint.sh /usr/local/snort/bin/snort -i eth0 -c /etc/snort/etc/snort.lua -A fast -s 65535 -k none
并且由于您的入口点包含:
#!/bin/sh
exec /usr/local/snort/bin/snort -c /etc/snort/etc/snort.lua "$@"
这变成了运行的以下命令:
/usr/local/snort/bin/snort -c /etc/snort/etc/snort.lua /usr/local/snort/bin/snort -i eth0 -c /etc/snort/etc/snort.lua -A fast -s 65535 -k none
所以 snort 是正确的,它正在接收它不知道如何处理的选项 /usr/local/snort/bin/snort
。只有当您 运行 容器时才会发生这种情况,构建图像时不执行 ENTRYPOINT 和 CMD。
要修复,请删除 ENTRYPOINT,或将 CMD 设置为仅附加在该 exec 命令末尾的值。