Docker Host

Basis: Ubuntu 20.04

Set hostname:

hostnamectl set-hostname SERVERNAME

Generate SSH keys for root:

ssh-keygen

Add public keys for root:

vi /root/.ssh/authorized_keys

Enable firewall:

ufw status
ufw allow ssh
ufw app list
ufw enable
ufw status

adduser USERNAME
usermod -aG sudo USERNAME
chmod 0700 /home/jo
su - jo
ssh-keygen
chmod 0600 .ssh/authorized_keys
vi .ssh/authorized_keys

Do not require password for sudo:

visudo
...
%sudo   ALL=(ALL:ALL) NOPASSWD:ALL

Restrict SSH login to keys and non-root:

vi /etc/ssh/sshd_config
...
# at the respective position (not at the end for some reason)
PermitRootLogin no
PasswordAuthentication no
...
systemctl restart sshd

Install and configure automatic OS updates:

# Install
# Postfix: No configuration or smarthost
sudo apt install unattended-upgrades apt-listchanges bsd-mailx

# Enable
sudo dpkg-reconfigure -plow unattended-upgrades

# Configure (1)
# SKIP: Unattended-Upgrade::Mail "desiredmail@host.domain";
# Unattended-Upgrade::Automatic-Reboot "true";
# Unattended-Upgrade::Automatic-Reboot-Time „03:00“;
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

# SKIP: Configure (2)
# email_address=desiredmail@host.domain
sudo nano /etc/apt/listchanges.conf

# Verify
sudo unattended-upgrades --dry-run

Install Docker CE ( https://docs.requarks.io/install/ubuntu#install-docker )

# Install dependencies to install Docker
sudo apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install ca-certificates curl gnupg lsb-release

# Register Docker package registry
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Refresh package udpates and install Docker
sudo apt -qqy update
sudo apt -qqy -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' install docker-ce docker-ce-cli containerd.io docker-compose-plugin

Install Docker CE ( https://docs.docker.com/engine/install/ubuntu/ )

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo docker run hello-world

sudo systemctl enable docker --now
sudo systemctl enable containerd --now

Run Portainer (https://docs.portainer.io/v/ce-2.11/start/install/server/docker/linux):

sudo ufw allow 9443
sudo docker volume create portainer_data
sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer \
    --restart=always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v portainer_data:/data \
    portainer/portainer-ce:latest

Access via https://domain:9443 Set Environment Public IP to domain: https://DOMAIN

Update Portainer (https://docs.portainer.io/v/ce-2.11/start/upgrade/docker):

sudo docker stop portainer
sudo docker rm portainer
sudo docker pull portainer/portainer-ce:latest
sudo docker run -d -p 8000:8000 -p 9443:9443 --name portainer \
    --restart=always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v portainer_data:/data \
    portainer/portainer-ce:latest

Tools

menus and quick search

quick search

site status

location indicator

Page Tools

meta data for this page

Docker Host