How to Install Docker in a Proxmox VM

Jul 12, 2023 · 4 mins read
virtualization docker home lab
How to Install Docker in a Proxmox VM

In the video below, we show you how to install Docker in a Proxmox VM

As useful as virtual machines are, they involve virtualising an entire computer

Whereas with containers the virtualisation involves the application

Now as well as being easier to deploy and maintain, containers will require far fewer resources

And although Promxox VE gives you easy access to LXC containers, you can also run the more popular Docker platform as well

The recommendation though is to create a virtual machine and install Docker in that so you can get the best of both technologies

In addition, there’s less chance that the hypervisor’s operating system will be compromised because the containers will share the one on the virtual machine

Useful links:
https://docs.docker.com/engine/install/debian/

Overview
The first thing to do is to create a virtual machine and install Debian although you can install Docker on another OS if you like

Since there’s nothing special to do here, I’m going to save time and assume you already know how to create a VM in Proxmox VE that runs Debian

Install Docker
We want to install the latest version of Docker Engine and keep this as up to date as possible

To do this we need to configure the OS so that it knows about the repository of Docker so it will download packages from there

As Debian doesn’t have Sudo installed by default, I’m going to assume you haven’t added it, and switch to root 

su -

Next we’ll update the repository cache from Debian 

apt update

And then install some dependencies we need 

apt install ca-certificates curl gnupg -y

Next, we’ll add Docker’s GPG key 

install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg

Basically we need to make sure the folder exists and the permissions are correct

Then download and install the GPG key and update its permissions

Next we add the repository details 

echo  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

In other words, we create a file called docker.list containing the repository information for Docker in the /etc/apt/sources.list.d where Debian will be looking

With that done, we need to update the repository cache again 

apt update

And now we can install Docker Engine, Docker Compose, etc. 

apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y

Next we’ll check that Docker Engine is working 

docker run hello-world

The first time you run this, Docker will download the image called hello-world and then run it in a container

Create Non-Root User
Now because Docker and the containers you run rely on an operating system to function, it’s best to run containers with a non-root user account

This way we can restrict access and try to limit any fallout should a breach occur

So first we’ll create a user 

adduser dockermgr

We’ll need to provide a password and fill in the user details if necessary

Now add the user to the docker group 

usermod -aG docker dockermgr

This way the user can manage docker

Now switch to that user account 

su dockermgr

NOTE: As root we don’t need to know a user’s password to switch to their account. And if you have Sudo installed, users with Sudo rights can do the same

TIP: If you restrict remote access to SSH key authentication only, you can use these to limit access to Docker from external devices

It would best to be in this user’s home folder, so we’ll switch to that 

cd

Now check the user can run docker commands 

docker run hello-world

Useful Commands
To check which images are already downloaded and available, run the following command 

docker images

To list all containers you can run this command 

docker ps -a

This will also show which images have been run

To list existing containers that are known of, run this command 

dockers ps

To stop a container you can use this command 

docker stop <container ID>

Or you can use this one

docker stop <container name>

TIP: You can use TAB for autocompletion of container names

Summary
Well, hopefully as you can see Docker is pretty easy to install

And although containers do look to be less secure than virtual machines, you can mitigate some of the risks by creating a dedicated VM to run Docker

You could even create separate Docker instances for different security areas of your network, so for example, you could have one for management, one for IOT and so on

And that should reduce the chance of someone being able to break out of a less secure network and gaine access to devices in a more secure network

But overall, Docker containers are an extremely useful way to maintain applications and reduce the demand for compute resources

Sharing is caring!