HxHippy

Docker Host Setup

Set up a production-ready Docker host environment.

Last updated: 2025-01-15

Docker Host Setup

Production-ready Docker environment configuration.

Quick Install

curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER

Step 1: Install Docker

# Install prerequisites
sudo apt update
sudo apt install ca-certificates curl gnupg -y

# Add Docker's GPG key
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
  sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

# Add repository
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
  https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list

# Install Docker
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io \
  docker-buildx-plugin docker-compose-plugin -y

Step 2: Configure Docker

# Add user to docker group
sudo usermod -aG docker $USER
newgrp docker

# Verify
docker run hello-world

Daemon Configuration

sudo nano /etc/docker/daemon.json
{
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
  },
  "storage-driver": "overlay2",
  "live-restore": true,
  "default-ulimits": {
    "nofile": {
      "Name": "nofile",
      "Hard": 65536,
      "Soft": 65536
    }
  }
}
sudo systemctl restart docker

Step 3: Docker Compose

# Already installed with docker-compose-plugin
docker compose version

# Or standalone
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Step 4: Set Up Networking

# Create networks
docker network create frontend
docker network create backend

# List networks
docker network ls

Step 5: Storage Setup

# Create volume directories
sudo mkdir -p /opt/docker/volumes
sudo mkdir -p /opt/docker/data

# Named volumes
docker volume create app_data
docker volume create db_data

Step 6: Reverse Proxy (Traefik)

# docker-compose.yml
version: '3.8'
services:
  traefik:
    image: traefik:v2.10
    command:
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "[email protected]"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./letsencrypt:/letsencrypt
    networks:
      - frontend

Step 7: Monitoring

# cAdvisor for container metrics
docker run -d \
  --name=cadvisor \
  --restart=always \
  -p 8080:8080 \
  -v /:/rootfs:ro \
  -v /var/run:/var/run:ro \
  -v /sys:/sys:ro \
  -v /var/lib/docker/:/var/lib/docker:ro \
  gcr.io/cadvisor/cadvisor:latest

Maintenance Commands

# Cleanup unused resources
docker system prune -a --volumes

# View disk usage
docker system df

# Update all images
docker images --format "{{.Repository}}:{{.Tag}}" | xargs -L1 docker pull

# Restart all containers
docker restart $(docker ps -q)

Security

# Firewall for Docker
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Don't expose Docker socket
# Use docker.sock only with trusted containers
intermediate Server Setup Updated 2025-01-15
  • docker
  • containers
  • docker host
  • production
  • setup