Docker Installation on Linux
This guide describes Docker Engine preparation for SAMO application servers on Linux. Use the official Docker documentation as the source of truth for the target operating system, then apply the SAMO-specific configuration and checks from this page.
Run commands as root or with sudo.
Docker Compose is installed as the Docker CLI plugin package docker-compose-plugin and is used with docker compose.
Do not install the legacy standalone docker-compose binary unless a project explicitly requires it.
Common Preparation
Update the operating system before installing Docker:
sudo apt update && sudo apt upgrade
For RPM-based distributions:
sudo dnf update
Reboot if the update installs a new kernel:
sudo reboot
The server must be able to reach the Docker package repository and the container registries used by SAMO. At minimum, allow outbound HTTPS access to:
download.docker.com- the SAMO Docker registry used by the project
- proxy or certificate distribution endpoints required by the customer infrastructure
If the server is behind an HTTP proxy, configure package-manager and shell proxy settings before installation. Test connectivity with:
curl -I https://download.docker.com
Check Proxy Settings and Connectivity
Before installing Docker, verify whether the server uses a proxy and whether the required endpoints are reachable. This is especially important on customer servers where outbound access is often restricted.
Check the current shell proxy variables:
env | grep -i proxy
If a proxy is required, configure it according to the customer infrastructure policy. For interactive shell sessions, the variables usually look like this:
export HTTP_PROXY=http://proxy.example.com:3128
export HTTPS_PROXY=http://proxy.example.com:3128
export NO_PROXY=localhost,127.0.0.1,.company.local,docker-registry.example.com
For persistent server-level configuration, store the proxy settings in the location required by the operating system and customer standard, for example /etc/environment or package-manager specific configuration.
Verify connectivity before continuing:
curl -I https://download.docker.com
curl -I https://REGISTRY_HOSTNAME
If these checks fail, resolve proxy, firewall, DNS, or certificate trust before installing Docker.
Debian
Follow the official Docker procedure for Debian:
Remove Conflicting Packages
Remove packages that may conflict with Docker's official packages:
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do
sudo apt-get remove -y "$pkg"
done
It is acceptable if apt reports that some of these packages are not installed.
Add Docker's Apt Repository
Install packages needed for repository setup:
sudo apt-get update
sudo apt-get install -y ca-certificates curl
Add Docker's official GPG key:
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
Create the Docker repository source:
sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
Types: deb
URIs: https://download.docker.com/linux/debian
Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
Components: stable
Architectures: $(dpkg --print-architecture)
Signed-By: /etc/apt/keyrings/docker.asc
EOF
Update package metadata:
sudo apt-get update
Install Docker Packages
Install Docker Engine, Docker CLI, container runtime, Buildx, and Docker Compose plugin:
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Oracle Linux
Docker does not provide a separate official installation page for Oracle Linux. For Oracle Linux installations, use the official RHEL-compatible Docker repository procedure only after verifying compatibility with the target Oracle Linux version and the customer's support policy:
Oracle Linux environments may prefer Oracle-supported container tooling. Use Docker Engine from Docker's repository only when it is accepted by the project and the customer operations team.
Remove Conflicting Packages
Remove packages that may conflict with Docker's official packages:
for pkg in docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine podman runc; do
sudo dnf remove -y "$pkg"
done
It is acceptable if dnf reports that some of these packages are not installed.
Add Docker's RPM Repository
Install repository-management tools:
sudo dnf install -y dnf-plugins-core
Add Docker's RHEL repository:
sudo dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
If the target Oracle Linux version cannot use the RHEL repository directly, stop here and resolve the repository mapping with the infrastructure team before continuing.
Install Docker Packages
Install Docker Engine, Docker CLI, container runtime, Buildx, and Docker Compose plugin:
sudo dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Docker Daemon Configuration
Create /etc/docker/daemon.json only if the project needs daemon-level settings.
For SAMO application servers, log rotation is usually useful:
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "10"
}
}
If Docker's default bridge network conflicts with the customer network, add a project-approved address range before the first deployment. On customer servers, the address range must be provided or approved by the customer infrastructure team so that it does not collide with any existing network.
The following values are examples only. The 10.9.0.1/24 bridge address is commonly used for DEV servers and must not be copied to a customer server without validation:
{
"bip": "10.9.0.1/24",
"default-address-pools": [
{
"base": "10.10.0.0/16",
"size": 24
}
],
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "10"
}
}
Restart Docker after changing daemon configuration:
sudo systemctl restart docker
IP Forwarding
Docker bridge networking requires IPv4 forwarding on the host. Docker normally configures the required forwarding when the daemon starts, but it should be verified on customer servers because hardening, firewall rules, or sysctl policy can override it.
Check the current value:
sysctl net.ipv4.ip_forward
Expected value:
net.ipv4.ip_forward = 1
If it is disabled, enable it persistently after approval from the customer infrastructure team:
echo "net.ipv4.ip_forward = 1" | sudo tee /etc/sysctl.d/99-samo-docker.conf
sudo sysctl --system
Verify the value again:
sysctl net.ipv4.ip_forward
Docker Daemon Proxy
If Docker must use a proxy to pull images, configure the Docker daemon.
For Docker Engine 23.0 and newer, prefer daemon.json:
{
"proxies": {
"http-proxy": "http://proxy.example.com:3128",
"https-proxy": "http://proxy.example.com:3128",
"no-proxy": "localhost,127.0.0.1,docker-registry.example.com,.company.local"
}
}
Restart Docker after the change:
sudo systemctl restart docker
If the local standard requires systemd drop-in files instead, create /etc/systemd/system/docker.service.d/http-proxy.conf:
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:3128"
Environment="HTTPS_PROXY=http://proxy.example.com:3128"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.company.local"
Then reload systemd and restart Docker:
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl show --property=Environment docker
Enable and Verify Docker
Enable Docker after boot and start it immediately:
sudo systemctl enable --now docker
Verify Docker Engine:
sudo systemctl status docker
sudo docker version
sudo docker info
Verify Docker Compose:
docker compose version
Optionally run Docker's test container if outbound access to Docker Hub is allowed:
sudo docker run --rm hello-world
Optional Shell Aliases
The following aliases are optional shortcuts for daily Docker and Docker Compose operations. They are not required for installation, but they can be useful on administration servers.
Store system-wide aliases according to the operating system standard, for example in /etc/bash.bashrc, /etc/bashrc, or a dedicated profile file loaded for administrators.
alias dcu='docker compose up -d'
alias dcd='docker compose down'
alias dcp='docker compose pull'
alias dcinstall='dcp && dcd && dcu'
alias dlog='docker logs -f'
alias dlogt='docker logs -f --tail 1000'
alias dstats='docker stats $(docker ps --format={{.Names}})'
alias dps='docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | sed -r "s/0.0.0.0://g" | sed -r "s/\/tcp//g" | sed -r "s/://g"'
alias dpsa='docker ps -a --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" | sed -r "s/0.0.0.0://g" | sed -r "s/\/tcp//g" | sed -r "s/://g"'
For opening a shell in a running container, add this function to the administrator user's ~/.bashrc:
dex() {
if [ -z "$1" ]; then
echo "Usage: dex <container>"
return 1
fi
docker exec -it "$1" bash
}
Reload the shell profile after saving changes:
source ~/.bashrc
Internal Registry Certificate
If the SAMO registry uses a private or internal CA, install the CA certificate before pulling images.
For Docker registry trust, place the CA certificate under the registry-specific directory:
sudo mkdir -p /etc/docker/certs.d/REGISTRY_HOSTNAME:PORT
sudo cp ca.crt /etc/docker/certs.d/REGISTRY_HOSTNAME:PORT/ca.crt
sudo systemctl restart docker
If the CA must also be trusted by the operating system on Debian:
sudo cp ca.crt /usr/local/share/ca-certificates/samo-registry.crt
sudo update-ca-certificates
sudo systemctl restart docker
On Oracle Linux:
sudo cp ca.crt /etc/pki/ca-trust/source/anchors/samo-registry.crt
sudo update-ca-trust
sudo systemctl restart docker