Dock­er

5:10AMFebruary 18 2025Daniel Tompkins

Archive KB devops

In­stal­la­tion

Though I work hard to pro­vide the most up-to-date in­for­ma­tion in this knowl­edge base, I don't al­ways have the time to manage every­thing my­self. To en­sure you're fol­lowing the latest in­stal­la­tion in­struc­tions for your plat­form, I rec­om­mend vis­iting the of­fi­cial doc­u­men­ta­tion .

In­stall Docker Com­mu­nity Edi­tion (CE)

Ex­am­ples are using the Ubuntu APT package man­ager. Mileage may vary.

Remove any previous installs of Docker
sudo apt remove docker docker-engine docker.io
shell
Install prerequisites
sudo apt install apt-transport-https ca-certificates curl software-properties-common gnupg
shell
Add Docker GPG
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
shell
Verify fingerprint
sudo apt-key fingerprint 0EBFCD88
shell
Add stable Docker repo (replace amd64 with your architecture)
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
shell
Install Docker
sudo apt update sudo apt install docker-ce
shell
Add user to Docker group
sudo usermod -aG docker $USER
shell

In­stall Docker Com­pose

sudo apt update sudo apt install docker-compose-plugin
shell

Tips

Clean slate
docker-compose down -v --rmi all --remove-orphans
shell

Ex­pose vs Ports

In a docker-compose.yml file, you have the op­tion to use ei­ther:

... expose: - 5432 ... # and/or ... ports: - 5432:5432 ...
yml

These two op­tions look be­nignly sim­ilar, but they are crit­i­cally dif­ferent:

  • The expose key­word will "ex­pose" that Docker con­tain­er's port to the host server— as well as to other con­tainers ac­tive on the server.
  • The ports key­word will map the con­tain­er's port to the host's port.

The sig­nif­i­cance of this is that a port map of 443:443 on a con­tainer­ized Nginx or Apache will allow ex­ternal traffic (i.e., the public In­ternet) to in­teract di­rectly with the Docker con­tain­er's Web server. How­ever, if using expose for 443 in­stead, that con­tainer won't be public.

This is an im­por­tant dis­tinc­tion for things like data­bases or mem-cache ser­vices (Redis) that you might not want ex­posed to the public Web. In those in­stances, expose will still allow other con­tainers to in­ter­face on the same host without al­lowing ex­ternal in­spec­tion.