How to Install Docker in a Proxmox VM
In the video below, we show you how to install Docker in a Proxmox VM
As useful as virtual machines are, they involve virtualising an entire computer
Whereas with containers the virtualisation involves the application
Now as well as being easier to deploy and maintain, containers will require far fewer resources
And although Promxox VE gives you easy access to LXC containers, you can also run the more popular Docker platform as well
The recommendation though is to create a virtual machine and install Docker in that so you can get the best of both technologies
In addition, there’s less chance that the hypervisor’s operating system will be compromised because the containers will share the one on the virtual machine
Useful links:
https://docs.docker.com/engine/install/debian/
Overview
The first thing to do is to create a virtual machine and install Debian although you can install Docker on another OS if you like
Since there’s nothing special to do here, I’m going to save time and assume you already know how to create a VM in Proxmox VE that runs Debian
Install Docker
We want to install the latest version of Docker Engine and keep this as up to date as possible
To do this we need to configure the OS so that it knows about the repository of Docker so it will download packages from there
As Debian doesn’t have Sudo installed by default, I’m going to assume you haven’t added it, and switch to root
su -
Next we’ll update the repository cache from Debian
apt update
And then install some dependencies we need
apt install ca-certificates curl gnupg -y
Next, we’ll add Docker’s GPG key
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
Basically we need to make sure the folder exists and the permissions are correct
Then download and install the GPG key and update its permissions
Next we add the repository details
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
In other words, we create a file called docker.list containing the repository information for Docker in the /etc/apt/sources.list.d where Debian will be looking
With that done, we need to update the repository cache again
apt update
And now we can install Docker Engine, Docker Compose, etc.
apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
Next we’ll check that Docker Engine is working
docker run hello-world
The first time you run this, Docker will download the image called hello-world and then run it in a container
Create Non-Root User
Now because Docker and the containers you run rely on an operating system to function, it’s best to run containers with a non-root user account
This way we can restrict access and try to limit any fallout should a breach occur
So first we’ll create a user
adduser dockermgr
We’ll need to provide a password and fill in the user details if necessary
Now add the user to the docker group
usermod -aG docker dockermgr
This way the user can manage docker
Now switch to that user account
su dockermgr
NOTE: As root we don’t need to know a user’s password to switch to their account. And if you have Sudo installed, users with Sudo rights can do the same
TIP: If you restrict remote access to SSH key authentication only, you can use these to limit access to Docker from external devices
It would best to be in this user’s home folder, so we’ll switch to that
cd
Now check the user can run docker commands
docker run hello-world
Useful Commands
To check which images are already downloaded and available, run the following command
docker images
To list all containers you can run this command
docker ps -a
This will also show which images have been run
To list existing containers that are known of, run this command
dockers ps
To stop a container you can use this command
docker stop <container ID>
Or you can use this one
docker stop <container name>
TIP: You can use TAB for autocompletion of container names
Summary
Well, hopefully as you can see Docker is pretty easy to install
And although containers do look to be less secure than virtual machines, you can mitigate some of the risks by creating a dedicated VM to run Docker
You could even create separate Docker instances for different security areas of your network, so for example, you could have one for management, one for IOT and so on
And that should reduce the chance of someone being able to break out of a less secure network and gaine access to devices in a more secure network
But overall, Docker containers are an extremely useful way to maintain applications and reduce the demand for compute resources
Sharing is caring!