====== Docker Host ======

Basis: Ubuntu 20.04

Set hostname:
<code>hostnamectl set-hostname SERVERNAME</code>

Generate SSH keys for root:
<code>ssh-keygen</code>

Add public keys for root:
<code>vi /root/.ssh/authorized_keys</code>

Enable firewall:
<code>ufw status
ufw allow ssh
ufw app list
ufw enable
ufw status</code>

<code>adduser USERNAME
usermod -aG sudo USERNAME
chmod 0700 /home/jo
su - jo
ssh-keygen
chmod 0600 .ssh/authorized_keys
vi .ssh/authorized_keys</code>

Do not require password for sudo:
<code>visudo
...
%sudo   ALL=(ALL:ALL) NOPASSWD:ALL</code>

Restrict SSH login to keys and non-root:
<code>vi /etc/ssh/sshd_config
...
# at the respective position (not at the end for some reason)
PermitRootLogin no
PasswordAuthentication no
...
systemctl restart sshd</code>

Install and configure automatic OS updates:

<code># Install
# Postfix: No configuration or smarthost
sudo apt install unattended-upgrades apt-listchanges bsd-mailx

# Enable
sudo dpkg-reconfigure -plow unattended-upgrades

# Configure (1)
# SKIP: Unattended-Upgrade::Mail "desiredmail@host.domain";
# Unattended-Upgrade::Automatic-Reboot "true";
# Unattended-Upgrade::Automatic-Reboot-Time „03:00“;
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

# SKIP: Configure (2)
# email_address=desiredmail@host.domain
sudo nano /etc/apt/listchanges.conf

# Verify
sudo unattended-upgrades --dry-run
</code>

Install Docker CE ( [[https://docs.requarks.io/install/ubuntu#install-docker]] )
<code># Install dependencies to install Docker
sudo apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install ca-certificates curl gnupg lsb-release

# Register Docker package registry
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Refresh package udpates and install Docker
sudo apt -qqy update
sudo apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install docker-ce docker-ce-cli containerd.io docker-compose-plugin</code>

Install Docker CE ( [[https://docs.docker.com/engine/install/ubuntu/]] )
<code>sudo apt-get update
sudo apt-get upgrade
sudo apt-get install ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null</code>

<code>sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo docker run hello-world</code>

<code>sudo systemctl enable docker --now
sudo systemctl enable containerd --now</code>

Run Portainer ([[https://docs.portainer.io/v/ce-2.11/start/install/server/docker/linux]]):
<code>sudo ufw allow 9443
sudo docker volume create portainer_data
sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer \
    --restart=always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v portainer_data:/data \
    portainer/portainer-ce:latest</code>
Access via https://domain:9443
Set Environment Public IP to domain: https://DOMAIN

Update Portainer ([[https://docs.portainer.io/v/ce-2.11/start/upgrade/docker]]):
<code>
sudo docker stop portainer
sudo docker rm portainer
sudo docker pull portainer/portainer-ce:latest
sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer \
    --restart=always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v portainer_data:/data \
    portainer/portainer-ce:latest
</code>