Docker Host Setup
Production-ready Docker environment configuration.
Quick Install
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USERStep 1: Install Docker
# Install prerequisites
sudo apt update
sudo apt install ca-certificates curl gnupg -y
# Add Docker's GPG key
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
# Add repository
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list
# Install Docker
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io \
docker-buildx-plugin docker-compose-plugin -yStep 2: Configure Docker
# Add user to docker group
sudo usermod -aG docker $USER
newgrp docker
# Verify
docker run hello-worldDaemon Configuration
sudo nano /etc/docker/daemon.json{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"storage-driver": "overlay2",
"live-restore": true,
"default-ulimits": {
"nofile": {
"Name": "nofile",
"Hard": 65536,
"Soft": 65536
}
}
}sudo systemctl restart dockerStep 3: Docker Compose
# Already installed with docker-compose-plugin
docker compose version
# Or standalone
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-composeStep 4: Set Up Networking
# Create networks
docker network create frontend
docker network create backend
# List networks
docker network lsStep 5: Storage Setup
# Create volume directories
sudo mkdir -p /opt/docker/volumes
sudo mkdir -p /opt/docker/data
# Named volumes
docker volume create app_data
docker volume create db_dataStep 6: Reverse Proxy (Traefik)
# docker-compose.yml
version: '3.8'
services:
traefik:
image: traefik:v2.10
command:
- "--api.dashboard=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "[email protected]"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./letsencrypt:/letsencrypt
networks:
- frontendStep 7: Monitoring
# cAdvisor for container metrics
docker run -d \
--name=cadvisor \
--restart=always \
-p 8080:8080 \
-v /:/rootfs:ro \
-v /var/run:/var/run:ro \
-v /sys:/sys:ro \
-v /var/lib/docker/:/var/lib/docker:ro \
gcr.io/cadvisor/cadvisor:latestMaintenance Commands
# Cleanup unused resources
docker system prune -a --volumes
# View disk usage
docker system df
# Update all images
docker images --format "{{.Repository}}:{{.Tag}}" | xargs -L1 docker pull
# Restart all containers
docker restart $(docker ps -q)Security
# Firewall for Docker
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Don't expose Docker socket
# Use docker.sock only with trusted containers - docker
- containers
- docker host
- production
- setup