424 lines
12 KiB
Markdown
424 lines
12 KiB
Markdown
|
|
# Docker Installation on Debian - Official Documentation Report
|
||
|
|
|
||
|
|
**Date:** 2026-05-14
|
||
|
|
**Source:** https://docs.docker.com/engine/install/debian/
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 1. Prerequisites
|
||
|
|
|
||
|
|
### Supported Debian Versions
|
||
|
|
- **Debian Trixie 13** (stable)
|
||
|
|
- **Debian Bookworm 12** (oldstable)
|
||
|
|
- **Debian Bullseye 11** (oldoldstable)
|
||
|
|
|
||
|
|
### Supported Architectures
|
||
|
|
- x86_64 (amd64)
|
||
|
|
- armhf (arm/v7)
|
||
|
|
- arm64
|
||
|
|
- ppc64le (ppc64el)
|
||
|
|
|
||
|
|
### Firewall Considerations
|
||
|
|
- Docker is only compatible with `iptables-nft` and `iptables-legacy`
|
||
|
|
- Firewall rules created with `nft` are **not supported** with Docker
|
||
|
|
- Use `iptables` or `ip6tables` for firewall rules
|
||
|
|
- Add rules to the `DOCKER-USER` chain
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 2. Remove Old/Conflicting Versions
|
||
|
|
|
||
|
|
Before installing Docker Engine, remove any conflicting packages:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Remove old Docker packages that may conflict
|
||
|
|
sudo apt remove $(dpkg --get-selections docker.io docker-compose docker-doc podman-docker containerd runc | cut -f1)
|
||
|
|
```
|
||
|
|
|
||
|
|
**Packages removed:**
|
||
|
|
- `docker.io` - Debian distribution's Docker package (NOT the official Docker version)
|
||
|
|
- `docker-compose` - Standalone compose tool
|
||
|
|
- `docker-doc` - Documentation packages
|
||
|
|
- `podman-docker` - Podman Docker compatibility layer
|
||
|
|
- `containerd` - Container runtime (if installed separately)
|
||
|
|
- `runc` - Container runtime (if installed separately)
|
||
|
|
|
||
|
|
**Note:** This command may report "none of these packages are installed" on fresh systems - that's normal.
|
||
|
|
|
||
|
|
**Important:** Containers, images, volumes, and networks in `/var/lib/docker/` are NOT automatically removed. To start completely clean:
|
||
|
|
```bash
|
||
|
|
sudo rm -rf /var/lib/docker
|
||
|
|
sudo rm -rf /var/lib/containerd
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 3. Installation Methods Overview
|
||
|
|
|
||
|
|
| Method | Use Case | Recommendation |
|
||
|
|
|--------|----------|----------------|
|
||
|
|
| **Docker Desktop for Linux** | Easiest setup, includes GUI | Recommended for developers |
|
||
|
|
| **apt repository** | Production, automated updates | **Recommended for most users** |
|
||
|
|
| **Manual .deb installation** | Air-gapped systems | For offline installations |
|
||
|
|
| **Convenience script** | Testing/development only | NOT recommended for production |
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 4. RECOMMENDED: Install from Docker's apt Repository
|
||
|
|
|
||
|
|
### Step 4.1: Set Up Docker's apt Repository
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Update package index
|
||
|
|
sudo apt update
|
||
|
|
|
||
|
|
# Install prerequisites (ca-certificates enables HTTPS, curl downloads files)
|
||
|
|
sudo apt install ca-certificates curl
|
||
|
|
|
||
|
|
# Create keyrings directory with proper permissions
|
||
|
|
sudo install -m 0755 -d /etc/apt/keyrings
|
||
|
|
|
||
|
|
# Download Docker's official GPG key
|
||
|
|
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||
|
|
|
||
|
|
# Set readable permissions on the key file
|
||
|
|
sudo chmod a+r /etc/apt/keyrings/docker.asc
|
||
|
|
```
|
||
|
|
|
||
|
|
**What each command does:**
|
||
|
|
- `ca-certificates` - Required for HTTPS connections to repository
|
||
|
|
- `curl` - Downloads files over HTTP/HTTPS
|
||
|
|
- `-m 0755` - Sets directory permissions (rwxr-xr-x)
|
||
|
|
- `-fsSL` on curl: follow redirects, silent mode, fail on errors, use SSL
|
||
|
|
|
||
|
|
### Step 4.2: Add Docker Repository to APT Sources
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Add Docker repository (NEW FORMAT for Debian)
|
||
|
|
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
|
||
|
|
Types: deb
|
||
|
|
URIs: https://download.docker.com/linux/debian
|
||
|
|
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
|
||
|
|
Components: stable
|
||
|
|
Architectures: $(dpkg --print-architecture)
|
||
|
|
Signed-By: /etc/apt/keyrings/docker.asc
|
||
|
|
EOF
|
||
|
|
|
||
|
|
# Update package index to include new repository
|
||
|
|
sudo apt update
|
||
|
|
```
|
||
|
|
|
||
|
|
**What this does:**
|
||
|
|
- Creates a new `.sources` file (Debian 12+ format)
|
||
|
|
- Automatically detects your Debian version (bookworm, bullseye, trixie)
|
||
|
|
- Automatically detects your system architecture
|
||
|
|
- Points to Docker's official repository
|
||
|
|
|
||
|
|
**Alternative format** (older systems still work):
|
||
|
|
```bash
|
||
|
|
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||
|
|
```
|
||
|
|
|
||
|
|
### Step 4.3: Install Docker Engine
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Install Docker Engine, CLI, containerd, and plugins
|
||
|
|
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||
|
|
```
|
||
|
|
|
||
|
|
**Packages installed:**
|
||
|
|
| Package | Description |
|
||
|
|
|---------|-------------|
|
||
|
|
| `docker-ce` | Docker Community Edition - the main engine |
|
||
|
|
| `docker-ce-cli` | Docker CLI (command-line interface) |
|
||
|
|
| `containerd.io` | Container runtime (dependency) |
|
||
|
|
| `docker-buildx-plugin` | Buildx for multi-platform builds |
|
||
|
|
| `docker-compose-plugin` | Docker Compose as `docker compose` command |
|
||
|
|
|
||
|
|
### Step 4.4: Verify Installation
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Run the hello-world container to verify installation
|
||
|
|
sudo docker run hello-world
|
||
|
|
```
|
||
|
|
|
||
|
|
**Expected output:**
|
||
|
|
```
|
||
|
|
Hello from Docker!
|
||
|
|
This message shows that your installation appears to be working correctly.
|
||
|
|
|
||
|
|
To generate this message, Docker took the following steps:
|
||
|
|
1. The Docker client contacted the Docker daemon.
|
||
|
|
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
|
||
|
|
3. The Docker daemon created a new container from that image...
|
||
|
|
```
|
||
|
|
|
||
|
|
### Step 4.5: Install Specific Version (Optional)
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# List all available versions
|
||
|
|
apt list --all-versions docker-ce
|
||
|
|
|
||
|
|
# Install specific version (example)
|
||
|
|
VERSION_STRING=5:29.4.3-1~debian.12~bookworm
|
||
|
|
sudo apt install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-buildx-plugin docker-compose-plugin
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 5. Post-Installation: Run Docker Without sudo
|
||
|
|
|
||
|
|
### Step 5.1: Add User to docker Group
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Add current user to docker group
|
||
|
|
sudo usermod -aG docker $USER
|
||
|
|
|
||
|
|
# Apply group change without logging out
|
||
|
|
newgrp docker
|
||
|
|
```
|
||
|
|
|
||
|
|
**What this does:**
|
||
|
|
- `usermod -aG` - Appends user to supplementary group (doesn't remove from other groups)
|
||
|
|
- `$USER` - Environment variable for current username
|
||
|
|
- `newgrp docker` - Starts new shell with updated group membership
|
||
|
|
|
||
|
|
**Alternative:** Log out and log back in completely for group change to take effect.
|
||
|
|
|
||
|
|
### Step 5.2: Verify Group Membership
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Check your group memberships
|
||
|
|
groups
|
||
|
|
|
||
|
|
# Should show 'docker' in the list
|
||
|
|
```
|
||
|
|
|
||
|
|
### Step 5.3: Test Without sudo
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Now you can run Docker commands without sudo
|
||
|
|
docker run hello-world
|
||
|
|
docker ps
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 6. Alternative: Install Docker Desktop for Linux
|
||
|
|
|
||
|
|
Docker Desktop for Linux includes Docker Engine plus additional features:
|
||
|
|
- GUI desktop application
|
||
|
|
- Kubernetes support
|
||
|
|
- Image building and management
|
||
|
|
- Extension marketplace
|
||
|
|
|
||
|
|
**Installation:**
|
||
|
|
1. Download `.deb` package from: https://www.docker.com/products/docker-desktop/
|
||
|
|
2. Install with:
|
||
|
|
```bash
|
||
|
|
sudo dpkg -i docker-desktop-*.deb
|
||
|
|
sudo apt-get install -f # Fix any dependencies
|
||
|
|
```
|
||
|
|
|
||
|
|
**Note:** Docker Desktop for Linux requires a subscription for commercial use in larger enterprises (>250 employees OR >$10M annual revenue).
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 7. Alternative: Convenience Script (Development Only)
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Download and run the script
|
||
|
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
||
|
|
sudo sh get-docker.sh
|
||
|
|
```
|
||
|
|
|
||
|
|
**WARNING:** Only use for testing/development. The script:
|
||
|
|
- Requires root/sudo privileges
|
||
|
|
- Auto-detects distribution (may be incorrect)
|
||
|
|
- Installs latest version without confirmation
|
||
|
|
- Doesn't allow customization
|
||
|
|
- Not designed for production upgrades
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 8. Upgrade Docker Engine
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Simply upgrade using apt
|
||
|
|
sudo apt update
|
||
|
|
sudo apt upgrade docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 9. Uninstall Docker Engine
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Remove Docker packages
|
||
|
|
sudo apt purge docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||
|
|
|
||
|
|
# Remove Docker data (optional - images, containers, volumes)
|
||
|
|
sudo rm -rf /var/lib/docker
|
||
|
|
sudo rm -rf /var/lib/containerd
|
||
|
|
|
||
|
|
# Remove repository configuration
|
||
|
|
sudo rm /etc/apt/sources.list.d/docker.sources
|
||
|
|
sudo rm /etc/apt/keyrings/docker.asc
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 10. Troubleshooting Common Issues
|
||
|
|
|
||
|
|
### Issue: "Permission denied while trying to connect to Docker daemon socket"
|
||
|
|
|
||
|
|
**Error:**
|
||
|
|
```
|
||
|
|
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
|
||
|
|
```
|
||
|
|
|
||
|
|
**Solution:**
|
||
|
|
```bash
|
||
|
|
# Add user to docker group
|
||
|
|
sudo usermod -aG docker $USER
|
||
|
|
|
||
|
|
# Activate the group immediately (or log out/in)
|
||
|
|
newgrp docker
|
||
|
|
|
||
|
|
# Verify
|
||
|
|
groups
|
||
|
|
docker run hello-world
|
||
|
|
```
|
||
|
|
|
||
|
|
### Issue: Docker service not running
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Check service status
|
||
|
|
sudo systemctl status docker
|
||
|
|
|
||
|
|
# Start Docker service
|
||
|
|
sudo systemctl start docker
|
||
|
|
|
||
|
|
# Enable Docker to start on boot
|
||
|
|
sudo systemctl enable docker
|
||
|
|
```
|
||
|
|
|
||
|
|
### Issue: Repository not found / No matching packages
|
||
|
|
|
||
|
|
**Check your Debian version:**
|
||
|
|
```bash
|
||
|
|
cat /etc/os-release
|
||
|
|
```
|
||
|
|
|
||
|
|
**Verify repository file:**
|
||
|
|
```bash
|
||
|
|
cat /etc/apt/sources.list.d/docker.sources
|
||
|
|
```
|
||
|
|
|
||
|
|
**Re-add repository if needed:**
|
||
|
|
```bash
|
||
|
|
sudo apt update
|
||
|
|
sudo apt install ca-certificates curl
|
||
|
|
sudo install -m 0755 -d /etc/apt/keyrings
|
||
|
|
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||
|
|
sudo chmod a+r /etc/apt/keyrings/docker.asc
|
||
|
|
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
|
||
|
|
Types: deb
|
||
|
|
URIs: https://download.docker.com/linux/debian
|
||
|
|
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
|
||
|
|
Components: stable
|
||
|
|
Architectures: $(dpkg --print-architecture)
|
||
|
|
Signed-By: /etc/apt/keyrings/docker.asc
|
||
|
|
EOF
|
||
|
|
sudo apt update
|
||
|
|
```
|
||
|
|
|
||
|
|
### Issue: Firewall rules not working
|
||
|
|
|
||
|
|
Docker bypasses firewall rules when exposing container ports. Use the `DOCKER-USER` chain:
|
||
|
|
```bash
|
||
|
|
# Add rules to DOCKER-USER chain
|
||
|
|
sudo iptables -I DOCKER-USER 1 -i eth0 -j DROP
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 11. Security Considerations
|
||
|
|
|
||
|
|
### The docker Group = Root Access
|
||
|
|
|
||
|
|
**WARNING:** Adding a user to the `docker` group gives them effectively root access because:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Mount host filesystem and gain root shell
|
||
|
|
docker run -v /:/host -it ubuntu chroot /host bash
|
||
|
|
```
|
||
|
|
|
||
|
|
**Recommendations:**
|
||
|
|
- Only add trusted administrators to the docker group
|
||
|
|
- On multi-user systems, consider **Rootless Docker** instead
|
||
|
|
- Use rootless Docker for development:
|
||
|
|
```bash
|
||
|
|
# Install rootless Docker
|
||
|
|
sudo apt install uidmap dbus-user-session
|
||
|
|
dockerd-rootless-setuptool.sh install
|
||
|
|
```
|
||
|
|
|
||
|
|
### Docker Desktop Licensing
|
||
|
|
|
||
|
|
Commercial use of Docker Desktop in enterprises (>250 employees OR >$10M revenue) requires a paid subscription. Docker Engine (CLI installation) remains under Apache 2.0 license.
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 12. Quick Copy-Paste Installation Script
|
||
|
|
|
||
|
|
For a complete fresh installation:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
#!/bin/bash
|
||
|
|
# Complete Docker installation on Debian
|
||
|
|
|
||
|
|
# 1. Remove old versions
|
||
|
|
sudo apt remove $(dpkg --get-selections docker.io docker-compose docker-doc podman-docker containerd runc | cut -f1) 2>/dev/null
|
||
|
|
|
||
|
|
# 2. Install prerequisites
|
||
|
|
sudo apt update
|
||
|
|
sudo apt install -y ca-certificates curl
|
||
|
|
|
||
|
|
# 3. Set up Docker repository
|
||
|
|
sudo install -m 0755 -d /etc/apt/keyrings
|
||
|
|
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
|
||
|
|
sudo chmod a+r /etc/apt/keyrings/docker.asc
|
||
|
|
|
||
|
|
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
|
||
|
|
Types: deb
|
||
|
|
URIs: https://download.docker.com/linux/debian
|
||
|
|
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
|
||
|
|
Components: stable
|
||
|
|
Architectures: $(dpkg --print-architecture)
|
||
|
|
Signed-By: /etc/apt/keyrings/docker.asc
|
||
|
|
EOF
|
||
|
|
|
||
|
|
# 4. Install Docker
|
||
|
|
sudo apt update
|
||
|
|
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
||
|
|
|
||
|
|
# 5. Add user to docker group
|
||
|
|
sudo usermod -aG docker $USER
|
||
|
|
|
||
|
|
# 6. Enable and start Docker
|
||
|
|
sudo systemctl enable docker
|
||
|
|
sudo systemctl start docker
|
||
|
|
|
||
|
|
echo "Docker installation complete. Run 'newgrp docker' or log out/in to use Docker without sudo."
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## References
|
||
|
|
|
||
|
|
- **Official Documentation:** https://docs.docker.com/engine/install/debian/
|
||
|
|
- **Docker Download:** https://download.docker.com/linux/debian/
|
||
|
|
- **Docker Desktop:** https://www.docker.com/products/docker-desktop/
|
||
|
|
- **Convenience Script:** https://get.docker.com/
|