Install from docker repo:
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
Add following to /etc/apt/sources.list.d/docker.list:
sudo editor /etc/apt/sources.list.d/docker.list
deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bullseye stable
sudo apt update sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl start docker sudo docker run hello-world
sudo systemctl enable docker
DON’T ADD ANY USER TO DOCKER GROUP`!!!
This means, that you have to delete the user that installed docker from the docker group in /etc/group.
Rootless mode means running docker without root privileges. However, on Debian 11, that may generate some troubles…
Images and Containers
Images are not yet running containers including one application and the os fundamentals for it.
Containers are running or sleeping instances of applications that are enclosed by the container.
Dowload and run official images
List available images:
Get an image:
docker pull image:tag
docker pull debian:bullseye
Setting up images
Create directory wherever you want. Copy config files for the service to the directory. cd to that directory
Create Dockerfile in the dir.
repository may be somethin like a name that explaines the containers purpose (samba_debian) the tag my be a version
Show images on host:
Remove image (get id with command above):
docker rmi <<Image ID>>
Start container (text from docs.docker.com):
Run the following command to start a container based on your new image:
docker run --publish 8000:8080 --detach --name <<name>>
There are a couple of common flags here:
--publishasks Docker to forward traffic incoming on the host’s port 8000 to the container’s port 8080. Containers have their own private set of ports, so if you want to reach one from the network, you have to forward traffic to it in this way. Otherwise, firewall rules will prevent all network traffic from reaching your container, as a default security posture.
--detachasks Docker to run this container in the background.
--namespecifies a name with which you can refer to your container in subsequent commands, in this case
Start container with interactive shell:
docker run -it <<repository>>:<<tag>> /bin/bash
docker stop <<name>>
docker restart <<container name>>
Show all containers on host:
docker ps -a
Show running containers on host:
docker rm <<container name>>