Docker installation and configuration

This installs Docker from their Ubuntu repository and configures it with user namespace remapping.

Run this:

# { (. <(cat << "#EOF" # copy from after the first #
set -eux

## installation
apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common jq
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
sudo add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" # runs apt-get update
apt install -y docker-ce docker-compose

## prepare user namespace remapping
if ! id -u dockremap ; then
    adduser --system dockremap --gecos '' --group --disabled-login --no-create-home
    printf '%s\n' 'dockremap:1000000:65536' >> /etc/subuid
    printf '%s\n' 'dockremap:1000000:65536' >> /etc/subgid
fi

## set sensible defaults
# (incl. user namespace remapping), but keep any values already set
config=$(jq '{
    "userns-remap": "dockremap:dockremap",
    "icc": false,
    "live-restore": true,
    "userland-proxy": false,
    "no-new-privileges": true,
    "log-driver": "json-file",
    "log-opts": { "max-size": "10m", "max-file": "3", },
} + .' <<< $(cat /etc/docker/daemon.json || echo '{}'))
cat <<< "${config}" > /etc/docker/daemon.json
service docker stop; service docker start # just a reload didn't work
# 'no-new-privileges' could be problematic with images that require setuid binaries

#EOF
)); }

Next steps

Make sure the range added for dockremap in /etc/sub{u,g}id does not overlap with previously used UID/GIDs (e.g. in cat /etc/passwd).
Add non-root users to the docker group: ( user=setup; if ! id -u $user ; then adduser $user --gecos "" --disabled-password ; fi; usermod -aG docker $user ).
Prepare the new docker host to host web apps

NiklasGollenstede/!docker-install.md

Docker installation and configuration

Next steps