How to Install Docker Engine on a DigitalOcean Cloud
Mladen on November 27, 2017
Docker is a container based platform used to manage the widest array of applications from development to production. A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings. Available for both Linux and Windows-based apps, the containerized software will always run the same, regardless of the environment. Containers isolate software from its surroundings, for example, differences between development and staging environments and help reduce conflicts between teams running different software on the same infrastructure.
DigitalOcean, on the other hand, is a Cloud infrastructure provider ideal to host and serve your applications or back-end APIs. More importantly, it's Linux based servers work seamlessly in pair with Docker engine providing you a way to build, run and serve your applications from containers in a safe and easily maintainable manner.
Although it is possible to install Docker on DigitalOcean platform using One-click application option from the administrative area, it is preferred to first configure user privileges and ssh access to the server, and later install Docker engine with required user privileges.
Creating a New Droplet
DigitalOcean calls its cloud servers Droplets. Each Droplet you create is a new server for your personal use.
- After registering to and creating a DigitalOcean account, click on Create button in the top menu and select Droplets option.
- Choose Ubuntu 16.04 x64 Linux version.
- Select desired server size. During development stages, the smallest - 5$ droplet size should be sufficient.
- Decide on data-center location based on either your closeness or if it will be used in production, on your target audience proximity.
- Finally, specify a hostname for your server and click on a Create button at the bottom of the page.
Logging On to the Server and Adding a New User
An email message containing initial logging parameters should be delivered to your inbox.
Your new Droplet is all set to go! You can access it using the following credentials: Droplet Name: docker-server IP Address: 22.214.171.124 Username: root Password: 7bc948d916f149b62c82262ffe
The first step is to log on to the server. Using terminal, SSH as a root user & change password:
$ ssh firstname.lastname@example.org
If you are prompted to add server key to a known_hosts list, just type yes and continue. Enter a password (you will be prompted to do so twice) you have received in an email confirmation, and provide a new one for the root user. After the new password is retyped successfully, you will found yourself logged in to a server as a root user.
Although we can continue to install and perform tasks on the server as a root user, it is not considered to be a best practice and should be avoided. We need to add a new user with sudo (superuser do) privileges. Sudo is a utility for UNIX and Linux-based systems that provides an efficient way to give individual users permission to use specific system commands at the root (most powerful) level of the system. When adding a new user, you will be asked to insert additional user information like full name, phone, other etc. Don't bother. Just leave them blank.
# adduser mladen # usermod -aG sudo mladen # su - mladen
Last executed command will substitute user from current which is root to a new one, in this case, user: mladen.
Securing Your Server
For security purposes, it is ideal to configure our server to accept only connections by matching private and public key combination. The public key should be stored on the server and only if the local system has the private key, it can be authorized to access the server.
If you do not already have an SSH key pair, which consists of a public and private key, you need to generate one. Open a new terminal window (this step should be executed on a local machine, not on a server) and enter the following command:
This command will generate public/private rsa key pair. When prompted to accept suggested file name and path, hit return key (or enter a new name). If prompted for a passphrase to secure the key with, it is usually OK to leave the passphrase blank, or if desired you may enter a passphrase. A private key, id_rsa, and a public key, id_rsa.pub will be stored in the .ssh directory of the local user's home directory. To copy the content of the id_rsa.pub file, first execute:
$ cat ~/.ssh/id_rsa.pub
and select & copy the content string to the clipboard. Back on a server, create .ssh directory and the authorized_keys file with required access permissions, then store the string from the clipboard in it.
$ mkdir ~/.ssh $ chmod 700 ~/.ssh
Use nano text editor (included with Linux) and insert the string from a clipboard.
$ nano ~/.ssh/authorized_keys
To save and exit from nano text editor, press Ctrl-X followed by Y and hit key return. Also, access permissions on file authorized_keys should be changed with:
$ chmod 600 ~/.ssh/authorized_keys
To disable password authentication on your server and only allow authentication using public/private key pair, /etc/ssh/sshd_config file should be edited and value of statement PasswordAuthentication yes changed to PasswordAuthentication no. This can be easily done by using either nano text editor or from the command line using utility named sed (stream editor):
$ sudo sed -i -e 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
In order for new settings to take place, ssh daemon should be reloaded using:
$ sudo systemctl reload sshd
To test new settings and see if everything works as expected, while still logged in one terminal window (leave the session open if something goes wrong), open new terminal window and try to log on to the server.
$ ssh email@example.com
If everything is configured properly, you will be able to log on to the server without the need to enter your password. Because you are now logging on to a server as a new user, you will be prompted again to add a server to a known_hosts list. Just type yes and hit the return key.
Installing Docker Engine
When the user authentication configuration is over, we may proceed to install Docker Engine on our server. First, we will use Linux curl command to add Docker’s official GPG key to apt for repositories. Also, we will use the add-apt-repository command which adds a repository to the sources list. Before install command is executed, repositories should also be updated.
$ sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - $ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" $ sudo apt-get update $ sudo apt-get install -y docker-ce
Before running Docker, by default, the docker command requires root privileges. However, you can execute the command without the sudo prefix by running docker as a user in the docker group. The command:
$ sudo usermod -aG docker $(whoami)
will add currently logged in user to the Docker group and allow running docker command without sudo prefix.
After Docker engine is installed, reboot the server.
$ sudo reboot
When we log on to the server again, we can verify the installation with the following commands:
$ docker info $ docker version
Some additional notes can be found on both Docker & DigitalOcean websites, particularly following next links: