Docker

Once you have configured the server, it’s time to install the Docker CE suite on it. Setting up Docker is easy. Since that is beyond the scope of the documentation, please refer to the Docker documentation for instructions pertaining to your operating system.

Do note that installing Docker alone will not suffice, you will also need to install Docker Compose.

Note

The Docker documentation contains the links on install Docker and Docker Compose on your system of choice.

Start and enable Docker

After you have installed Docker and Docker Compose on your machine, you will need to make some configuration changes.

Docker has been installed but the daemon is neither running nor has been set to run automatically on a reboot. You can accomplish these changes as follows.

[apps ~]$ sudo systemctl start docker
[apps ~]$ sudo systemctl enable docker

Groups

The Docker daemon process dockerd is only accessible to users that are a part of the Docker group.

Remember apps from Environments and server configuration? So apps must a member of the group docker, which is automatically created when Docker is first installed.

[apps ~]$ sudo usermod -aG docker apps

Also in a development environment, your developers must also be members of the group.

[apps ~]$ sudo usermod -aG docker dev1
[apps ~]$ sudo usermod -aG docker dev2

You will need to restart your user sessions, and in my personal experience in some cases, even restart your computer, after this.

User namespaces

User namespaces are a way to limit the surface area of the Docker sandbox in the event of a security breach. Basically user namespaces map root in the Docker sandbox to another UID on the host, thereby stripping away all rights of the root user in a container to cause damage to the host.

Warning

While user namespaces are very cool and good, we at IMG have run into a number of intermittent and irregularly occurring issues when running Omniport under a namespace. This step is therefore advised only for people who know what they are doing.

To enable namespaces, elevate your privileges, open the file /etc/docker/daemon.json and type in the following lines.

{
  "userns-remap": "apps"
}

If you decided to go with an alternative name for the main user, replace apps with the username of that user.

You will need to restart the Docker daemon after this change.

$ sudo systemctl restart docker