It's finally time to install and configure Docker and Docker Compose.

Table of contents

• Overview
• Install
• Disable update (optional)
• Install Portainer (optional)

Docker provides the ability to package and run an application in a loosely isolated environment called a container. The isolation and security lets you run many containers simultaneously on a given host. Containers are lightweight and contain everything needed to run the application, so you don't need to rely on what's installed on the host. You can share containers while you work, and be sure that everyone you share with gets the same container that works in the same way.

Here is an overview of the main objects managed by Docker:

• Images
  An image is a read-only template with instructions for creating a Docker container. You can think of it as the "ISO" for installing an application.
• Containers
  A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI. Containers are ephemeral: when you remove a container, any changes you've made will be lost.
• Networks
  By default, two containers cannot communicate with each other, unless they are placed on the same network. By default, the container gets an IP address for every Docker network it attaches to. A container receives an IP address out of the IP subnet of the network. The Docker daemon performs dynamic subnetting and IP address allocation for containers. Each network also has a default subnet mask and gateway. Docker has a built in DNS. If your containers are connected to the same network, they can reference each other using the container name. Docker will automatically manage the isolation of the networks and will block, using iptables, all ports that are not explicitly open.
• Volumes
  Because containers are ephemeral, we need a tool to manage data that needs to be persistent. Volumes are storage areas managed directly by Docker, and they are the preferred mechanism for persisting data generated by and used by Docker containers. Docker also allows you to mount files and directories from the host's filesystem (Bind Mounts). The latter approach can be useful, for example, to provide containers with configuration files.

In addition, we'll be using the Docker Compose plugin.

Docker Compose is a tool for defining and running multi-container applications. Compose simplifies the control of your entire application stack, making it easy to manage services, networks, and volumes in a single, comprehensible YAML configuration file. Then, with a single command, you create and start all the services from your configuration file. It also has commands for managing the whole lifecycle of your application:

• Start, stop, and rebuild services
• View the status of running services
• Stream the log output of running services
• Run a one-off command on a service

First, let's create a configuration file with nano:

$ sudo mkdir -p /etc/docker
$ sudo nano /etc/docker/daemon.json

Copy the following contents into the newly created file (Ctrl-O to save and Ctrl-X to exit):

{
   "log-driver": "local"
}

With this configuration we will instruct Docker to use a log-driver of type local: the logs will be written (with rotation) inside the containers themselves, and can be read with the command docker logs <container_name>.

Now we can install Docker and Docker Compose by following the next steps:

1. Setup Docker's apt repository:

   # Add Docker's official GPG key:
   $ sudo apt-get update
   $ sudo apt-get install ca-certificates curl
   $ sudo install -m 0755 -d /etc/apt/keyrings
   $ sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
   $ sudo chmod a+r /etc/apt/keyrings/docker.asc
   
   # Add the repository to Apt sources:
   $ echo \
       "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
       $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
       sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
   $ sudo apt-get update
   > ...
   > Get:4 https://download.docker.com/linux/debian bookworm InRelease [43.3 kB]
   > Get:5 https://download.docker.com/linux/debian bookworm/stable amd64 Packages [19.7 kB]
   > ...
   > Reading package lists... Done
   

2. Install the Docker packages:

   $ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
   > ...
   > Setting up docker-ce (5:26.0.0-1~debian.12~bookworm) ...
   > Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
   > Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
   > Processing triggers for man-db (2.11.2-2) ...
   > Processing triggers for libc-bin (2.36-9+deb12u4) ...
   

3. Add the admin user to the docker group:

   $ sudo usermod -a -G docker admin
   $ su - $USER
   $ groups
   > admin adm cdrom floppy sudo audio dip video plugdev users netdev docker
   

4. Verify that the installation is successful by running the hello-world image:

   $ docker run hello-world
   > Unable to find image 'hello-world:latest' locally
   > latest: Pulling from library/hello-world
   > c1ec31eb5944: Pull complete 
   > Digest: sha256:53641cd209a4fecfc68e21a99871ce8c6920b2e7502df0a20671c6fccc73a7c6
   > Status: Downloaded newer image for hello-world:latest
   >
   > Hello from Docker!
   > This message shows that your installation appears to be working correctly.
   >
   > To generate this message, Docker took the following steps:
   >  1. The Docker client contacted the Docker daemon.
   >  2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
   >     (amd64)
   >  3. The Docker daemon created a new container from that image which runs the
   >     executable that produces the output you are currently reading.
   >  4. The Docker daemon streamed that output to the Docker client, which sent it
   >     to your terminal.
   >
   > To try something more ambitious, you can run an Ubuntu container with:
   >  $ docker run -it ubuntu bash
   >
   > Share images, automate workflows, and more with a free Docker ID:
   >  https://hub.docker.com/
   >
   > For more examples and ideas, visit:
   >  https://docs.docker.com/get-started/
   

⚠️ When you perform a system update, Docker will also be updated (if a new version is available). This will cause a restart of all running containers.

To avoid this behavior, you can use the following command to disable the Docker upgrade and freeze the current version:

$ sudo apt-mark hold docker-ce docker-ce-cli
> docker-ce set on hold.
> docker-ce-cli set on hold.

When you want to update Docker, you can temporarily unlock the update, and then re-enter the lock:

$ sudo apt-mark unhold docker-ce docker-ce-cli
> Canceled hold on docker-ce.
> Canceled hold on docker-ce-cli.
$ sudo apt update
$ sudo apt full-upgrade
$ sudo apt-mark hold docker-ce docker-ce-cli

In this guide, all operations will be performed from the command line. If you prefer to have a web/graphical tool to manage Docker and (especially) to easily monitor the status of the containers, you can refer to the bonus guide on Portainer.