How to install docker on linux
How to install docker on linux
Install Docker Desktop on Ubuntu
Estimated reading time: 5 minutes
This page contains information on how to install, launch and upgrade Docker Desktop on an Ubuntu distribution.
Prerequisites
To install Docker Desktop successfully, you must:
If you have installed the Docker Desktop for Linux tech preview or beta version, you need to remove all files that were generated by those packages (e.g.,
Additionally, for non-Gnome Desktop environments, gnome-terminal must be installed:
Install Docker Desktop
Recommended approach to install Docker Desktop on Ubuntu:
Install the package with apt as follows:
At the end of the installation process, apt displays an error due to installing a downloaded package. You can ignore this error message.
There are a few post-install configuration steps done through the post-install script contained in the deb package.
The post-install script:
Launch Docker Desktop
To start Docker Desktop for Linux, search Docker Desktop on the Applications menu and open it. This launches the whale menu icon and opens the Docker Dashboard, reporting the status of Docker Desktop.
Alternatively, open a terminal and run:
When Docker Desktop starts, it creates a dedicated context that the Docker CLI can use as a target and sets it as the current context in use. This is to avoid a clash with a local Docker Engine that may be running on the Linux host and using the default context. On shutdown, Docker Desktop resets the current context to the previous one.
After you’ve successfully installed Docker Desktop, you can check the versions of these binaries by running the following commands:
To enable Docker Desktop to start on login, from the Docker menu, select Settings > General > Start Docker Desktop when you log in.
Alternatively, open a terminal and run:
To stop Docker Desktop, click on the whale menu tray icon to open the Docker menu and select Quit Docker Desktop.
Alternatively, open a terminal and run:
Upgrade Docker Desktop
Once a new version for Docker Desktop is released, the Docker UI shows a notification. You need to download the new package each time you want to upgrade Docker Desktop and run:
Install Docker Engine from binaries
Estimated reading time: 8 minutes
This page contains information on how to install Docker using binaries. These instructions are mostly suitable for testing purposes. We do not recommend installing Docker using binaries in production environments as they will not be updated automatically with security updates. The Linux binaries described on this page are statically linked, which means that vulnerabilities in build-time dependencies are not automatically patched by security updates of your Linux distribution.
Updating binaries is also slightly more involved when compared to Docker packages installed using a package manager or through Docker Desktop, as it requires (manually) updating the installed version whenever there is a new release of Docker.
Also, static binaries may not include all functionalities provided by the dynamic packages.
On Windows and Mac, we recommend that you install Docker Desktop instead. For Linux, we recommend that you follow the instructions specific for your distribution.
If you want to try Docker or use it in a testing environment, but you’re not on a supported platform, you can try installing from static binaries. If possible, you should use packages built for your operating system, and use your operating system’s package management system to manage Docker installation and upgrades.
Static binaries for the Docker daemon binary are only available for Linux (as dockerd ) and Windows (as dockerd.exe ). Static binaries for the Docker client are available for Linux, Windows, and macOS (as docker ).
This topic discusses binary installation for Linux, Windows, and macOS:
Install daemon and client binaries on Linux
Prerequisites
Before attempting to install Docker from binaries, be sure your host machine meets the prerequisites:
Secure your environment as much as possible
OS considerations
Enable SELinux or AppArmor if possible.
It is recommended to use AppArmor or SELinux if your Linux distribution supports either of the two. This helps improve security and blocks certain types of exploits. Review the documentation for your Linux distribution for instructions for enabling and configuring AppArmor or SELinux.
If either of the security mechanisms is enabled, do not disable it as a work-around to make Docker or its containers run. Instead, configure it correctly to fix any problems.
Docker daemon considerations
Enable seccomp security profiles if possible. See Enabling seccomp for Docker.
Enable user namespaces if possible. See the Daemon user namespace options.
Install static binaries
Extract the archive using the tar utility. The dockerd and docker binaries are extracted.
Start the Docker daemon:
If you need to start the daemon with additional options, modify the above command accordingly or create and edit the file /etc/docker/daemon.json to add the custom configuration options.
Verify that Docker is installed correctly by running the hello-world image.
This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.
Install client binaries on macOS
The following instructions are mostly suitable for testing purposes. The macOS binary includes the Docker client only. It does not include the dockerd daemon which is required to run containers. Therefore, we recommend that you install Docker Desktop instead.
The binaries for Mac also do not contain:
To install client binaries, perform the following steps:
Extract the archive using the tar utility. The docker binary is extracted.
Clear the extended attributes to allow it run.
Now, when you run the following command, you can see the Docker CLI usage instructions:
Verify that Docker is installed correctly by running the hello-world image. The value of is a hostname or IP address running the Docker daemon and accessible to the client.
This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.
Install server and client binaries on Windows
To install server and client binaries, perform the following steps:
Download the static binary archive. Go to https://download.docker.com/win/static/stable/x86_64 and select the latest version from the list.
Run the following PowerShell commands to install and extract the archive to your program files:
Register the service and start the Docker Engine:
Verify that Docker is installed correctly by running the hello-world image.
This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.
Install Docker Engine
Estimated reading time: 6 minutes
Docker Desktop for Linux
Docker Desktop helps you build, share, and run containers easily on Mac and Windows as you do on Linux. We are excited to share that Docker Desktop for Linux is now GA. For more information, see Docker Desktop for Linux.
Supported platforms
Docker Engine is available on a variety of Linux platforms, macOS and Windows 10 through Docker Desktop, and as a static binary installation. Find your preferred operating system below.
Desktop
| Platform | x86_64 / amd64 | arm64 (Apple Silicon) |
|---|---|---|
| Docker Desktop for Linux |  | В |
| Docker Desktop for Mac (macOS) | | |
| Docker Desktop for Windows | | В |
Server
| Platform | x86_64 / amd64 | arm64 / aarch64 | arm (32-bit) | s390x |
|---|---|---|---|---|
| CentOS | | | В | В |
| Debian | | | | В |
| Fedora | | | В | В |
| Raspbian | В | В | | В |
| RHEL | В | В | В | |
| SLES | В | В | В | |
| Ubuntu | | | | |
| Binaries | | | | В |
Other Linux distributions
While the instructions below may work, Docker does not test or verify installation on derivatives.
Docker provides binaries for manual installation of Docker Engine. These binaries are statically linked and can be used on any Linux distribution.
Release channels
Docker Engine has two types of update channels, stable and test:
Stable
In preparation for a new year-month release, a branch is created from the master branch with format YY.mm when the milestones desired by Docker for the release have achieved feature-complete. Pre-releases such as betas and release candidates are conducted from their respective release branches. Patch releases and the corresponding pre-releases are performed from within the corresponding release branch.
Support
Docker Engine releases of a year-month branch are supported with patches as needed for one month after the next year-month general availability release.
This means bug reports and backports to release branches are assessed until the end-of-life date.
After the year-month branch has reached end-of-life, the branch may be deleted from the repository.
Backporting
Backports to the Docker products are prioritized by the Docker company. A Docker employee or repository maintainer will endeavour to ensure sensible bugfixes make it into active releases.
If there are important fixes that ought to be considered for backport to active release branches, be sure to highlight this in the PR description or by adding a comment to the PR.
Upgrade path
Patch releases are always backward compatible with its year-month version.
Licensing
Docker is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.
Reporting security issues
The Docker maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
Please DO NOT file a public issue; instead send your report privately to security@docker.com.
Security reports are greatly appreciated, and Docker will publicly thank you for it.
Get started
After setting up Docker, you can learn the basics with Getting started with Docker.
Install Docker Engine on Ubuntu
Estimated reading time: 10 minutes
Docker Desktop for Linux
Docker Desktop helps you build, share, and run containers easily on Mac and Windows as you do on Linux. We are excited to share that Docker Desktop for Linux is now GA. For more information, see Docker Desktop for Linux.
To get started with Docker Engine on Ubuntu, make sure you meet the prerequisites, then install Docker.
Prerequisites
OS requirements
To install Docker Engine, you need the 64-bit version of one of these Ubuntu versions:
Uninstall old versions
It’s OK if apt-get reports that none of these packages are installed.
Installation methods
You can install Docker Engine in different ways, depending on your needs:
Most users set up Docker’s repositories and install from them, for ease of installation and upgrade tasks. This is the recommended approach.
Some users download the DEB package and install it manually and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.
In testing and development environments, some users choose to use automated convenience scripts to install Docker.
Install using the repository
Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.
Set up the repository
Update the apt package index and install packages to allow apt to use a repository over HTTPS:
Add Docker’s official GPG key:
Use the following command to set up the repository:
Install Docker Engine
Update the apt package index, and install the latest version of Docker Engine, containerd, and Docker Compose, or go to the next step to install a specific version:
To install a specific version of Docker Engine, list the available versions in the repo, then select and install:
a. List the versions available in your repo:
b. Install a specific version using the version string from the second column, for example, 5:20.10.16
Verify that Docker Engine is installed correctly by running the hello-world image.
This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.
Docker Engine is installed and running. The docker group is created but no users are added to it. You need to use sudo to run Docker commands. Continue to Linux postinstall to allow non-privileged users to run Docker commands and for other optional configuration steps.
Upgrade Docker Engine
Install from a package
Install Docker Engine, changing the path below to the path where you downloaded the Docker package.
The Docker daemon starts automatically.
Verify that Docker Engine is installed correctly by running the hello-world image.
This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.
Docker Engine is installed and running. The docker group is created but no users are added to it. You need to use sudo to run Docker commands. Continue to Post-installation steps for Linux to allow non-privileged users to run Docker commands and for other optional configuration steps.
Upgrade Docker Engine
To upgrade Docker Engine, download the newer package file and repeat the installation procedure, pointing to the new file.
Install using the convenience script
Docker provides a convenience script at get.docker.com to install Docker into development environments quickly and non-interactively. The convenience script is not recommended for production environments, but can be used as an example to create a provisioning script that is tailored to your needs. Also refer to the install using the repository steps to learn about installation steps to install using the package repository. The source code for the script is open source, and can be found in the docker-install repository on GitHub.
Always examine scripts downloaded from the internet before running them locally. Before installing, make yourself familiar with potential risks and limitations of the convenience script:
Tip: preview script steps before running
You can run the script with the DRY_RUN=1 option to learn what steps the script will execute during installation:
This example downloads the script from get.docker.com and runs it to install the latest stable release of Docker on Linux:
Docker is installed. The docker service starts automatically on Debian based distributions. On RPM based distributions, such as CentOS, Fedora, RHEL or SLES, you need to start it manually using the appropriate systemctl or service command. As the message indicates, non-root users cannot run Docker commands by default.
Use Docker as a non-privileged user, or install in rootless mode?
The installation script requires root or sudo privileges to install and use Docker. If you want to grant non-root users access to Docker, refer to the post-installation steps for Linux. Docker can also be installed without root privileges, or configured to run in rootless mode. For instructions on running Docker in rootless mode, refer to run the Docker daemon as a non-root user (rootless mode).
Install pre-releases
To install the latest version of Docker on Linux from the “test” channel, run:
Upgrade Docker after using the convenience script
If you installed Docker using the convenience script, you should upgrade Docker using your package manager directly. There is no advantage to re-running the convenience script, and it can cause issues if it attempts to re-add repositories which have already been added to the host machine.
Uninstall Docker Engine
Uninstall the Docker Engine, CLI, Containerd, and Docker Compose packages:
Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:
You must delete any edited configuration files manually.
Install Docker Desktop on Linux
Estimated reading time: 13 minutes
This page contains information about system requirements, download URLs, and instructions on how to install and update Docker Desktop for Linux.
During first installation make sure to meet the system requirements outlined below and follow the distro-specific installation instructions:
System requirements
To install Docker Desktop successfully, your Linux host must meet the following requirements:
64-bit kernel and CPU support for virtualization.
KVM virtualization support. Follow the KVM virtualization support instructions to check if the KVM kernel modules are enabled and how to provide access to the kvm device.
QEMU must be version 5.2 or newer. We recommend upgrading to the latest version.
systemd init system.
At least 4 GB of RAM.
Docker Desktop for Linux runs a Virtual Machine (VM). For more information on why, see Why Docker Desktop for Linux runs a VM.
Docker does not provide support for running Docker Desktop in nested virtualization scenarios. We recommend that you run Docker Desktop for Linux natively on supported distributions.
Supported platforms
| Platform | x86_64 / amd64 |
|---|---|
| Ubuntu | |
| Debian | |
| Fedora | |
An experimental package is available for Arch-based distributions. Docker has not tested or verified the installation.
Docker supports Docker Desktop on the current LTS release of the aforementioned distributions and the most recent version. As new versions are made available, Docker stops supporting the oldest version and supports the newest version.
KVM virtualization support
Docker Desktop runs a VM that requires KVM support.
The kvm module should load automatically if the host has virtualization support. To load the module manually, run:
Depending on the processor of the host machine, the corresponding module must be loaded:
If the above commands fail, you can view the diagnostics by running:
To check if the KVM modules are enabled, run:
Set up KVM device user permissions
Add your user to the kvm group in order to access the kvm device:
Log out and log back in so that your group membership is re-evaluated.
Generic installation steps
Open your Applications menu in Gnome/KDE Desktop and search for Docker Desktop.
Select Docker Desktop to start Docker.
The Docker menu (
) displays the Docker Subscription Service Agreement window.
Select the checkbox to accept the updated terms and then click Accept to continue. Docker Desktop starts after you accept the terms.
If you do not agree to the terms, the Docker Desktop application will close and you can no longer run Docker Desktop on your machine. You can choose to accept the terms at a later date by opening Docker Desktop.
For more information, see Docker Desktop License Agreement. We recommend that you also read the Blog and FAQs to learn how companies using Docker Desktop may be affected.
Differences between Docker Desktop for Linux and Docker Engine
Docker Desktop for Linux and Docker Engine can be installed side-by-side on the same machine. Docker Desktop for Linux stores containers and images in an isolated storage location within a VM and offers controls to restrict its resources. Using a dedicated storage location for Docker Desktop prevents it from interfering with a Docker Engine installation on the same machine.
We generally recommend stopping the Docker Engine while you’re using Docker Desktop to prevent the Docker Engine from consuming resources and to prevent conflicts as described above.
Use the following command to stop the Docker Engine service:
Depending on your installation, the Docker Engine may be configured to automatically start as a system service when your machine starts. Use the following command to disable the Docker Engine service, and to prevent it from starting automatically:
Switch between Docker Desktop and Docker Engine
The Docker CLI can be used to interact with multiple Docker Engines. For example, you can use the same Docker CLI to control a local Docker Engine and to control a remote Docker Engine instance running in the cloud. Docker Contexts allow you to switch between Docker Engines instances.
When installing Docker Desktop, a dedicated “desktop-linux” context is created to interact with Docker Desktop. On startup, Docker Desktop automatically sets its own context ( desktop-linux ) as the current context. This means that subsequent Docker CLI commands target Docker Desktop. On shutdown, Docker Desktop resets the current context to the default context.
Use the docker context ls command to view what contexts are available on your machine. The current context is indicated with an asterisk ( * );
If you have both Docker Desktop and Docker Engine installed on the same machine, you can run the docker context use command to switch between the Docker Desktop and Docker Engine contexts. For example, use the “default” context to interact with the Docker Engine;
And use the desktop-linux context to interact with Docker Desktop:
Refer to the Docker Context documentation for more details.
Updates
Once a new version for Docker Desktop is released, the Docker UI shows a notification. You need to download the new package each time you want to upgrade manually.
To upgrade your installation of Docker Desktop, first stop any instance of Docker Desktop running locally, then follow the regular installation steps to install the new version on top of the existing version.
Uninstall Docker Desktop
Docker Desktop can be removed from a Linux host using the package manager.
Once Docker Desktop has been removed, users must remove the credsStore and currentContext properties from the
Uninstalling Docker Desktop destroys Docker containers, images, volumes, and other Docker related data local to the machine, and removes the files generated by the application. Refer to the back up and restore data section to learn how to preserve important data before uninstalling.
Why Docker Desktop for Linux runs a VM
Docker Desktop for Linux runs a Virtual Machine (VM) for the following reasons:
To ensure that Docker Desktop provides a consistent experience across platforms.
During research, the most frequently cited reason for users wanting Docker Desktop for Linux (DD4L) was to ensure a consistent Docker Desktop experience with feature parity across all major operating systems. Utilizing a VM ensures that the Docker Desktop experience for Linux users will closely match that of Windows and macOS.
This need to deliver a consistent experience across all major OSs will become increasingly important as we look towards adding exciting new features, such as Docker Extensions, to Docker Desktop that will benefit users across all tiers. We’ll provide more details on these at DockerCon22. Watch this space.
To make use of new kernel features
Sometimes we want to make use of new operating system features. Because we control the kernel and the OS inside the VM, we can roll these out to all users immediately, even to users who are intentionally sticking on an LTS version of their machine OS.
To enhance security
Container image vulnerabilities pose a security risk for the host environment. There is a large number of unofficial images that are not guaranteed to be verified for known vulnerabilities. Malicious users can push images to public registries and use different methods to trick users into pulling and running them. The VM approach mitigates this threat as any malware that gains root privileges is restricted to the VM environment without access to the host.
Why not run rootless Docker? Although this has the benefit of superficially limiting access to the root user so everything looks safer in “top”, it allows unprivileged users to gain CAP_SYS_ADMIN in their own user namespace and access kernel APIs which are not expecting to be used by unprivileged users, resulting in vulnerabilities.
To provide the benefits of feature parity and enhanced security, with minimal impact on performance
As such, we have adjusted the default memory available to the VM in DD4L. You can tweak this setting to your specific needs by using the Memory slider within the Settings > Resources tab of Docker Desktop.
File sharing
Docker Desktop for Linux uses virtiofs as the default (and currently only) mechanism to enable file sharing between the host and Docker Desktop VM. In order not to require elevated privileges, without unnecessarily restricting operations on the shared files, Docker Desktop runs the file sharing service ( virtiofsd ) inside a user namespace (see user_namespaces(7) ) with UID and GID mapping configured. As a result Docker Desktop relies on the host being configured to enable the current user to use subordinate ID delegation. For this to be true /etc/subuid (see subuid(5) ) and /etc/subgid (see subgid(5) ) must be present. Docker Desktop only supports subordinate ID delegation configured via files. Docker Desktop maps the current user ID and GID to 0 in the containers. It uses the first entry corresponding to the current user in /etc/subuid and /etc/subgid to set up mappings for IDs above 0 in the containers.
| ID in container | ID on host |
|---|---|
| 0 (root) | ID of the user running DD (e.g. 1000) |
| 1 | 0 + beginning of ID range specified in /etc/subuid / /etc/subgid (e.g. 100000) |
| 2 | 1 + beginning of ID range specified in /etc/subuid / /etc/subgid (e.g. 100001) |
| 3 | 2 + beginning of ID range specified in /etc/subuid / /etc/subgid (e.g. 100002) |
| . | . |
To verify the configs have been created correctly, inspect their contents:
In this scenario if a shared file is chown ed inside a Docker Desktop container owned by a user with a UID of 1000, it shows up on the host as owned by a user with a UID of 100999. This has the unfortunate side effect of preventing easy access to such a file on the host. The problem is resolved by creating a group with the new GID and adding our user to it, or by setting a recursive ACL (see setfacl(1) ) for folders shared with the Docker Desktop VM.