Introduction
Docker has transformed the way to deploy Linux applications by packing code and dependencies into light and portable containers. This technology allows you to run services in a consistent way in any environment, from a development laptop to production clusters. In this article you will learn to install Docker in the main Linux distributions, understand its essential components and apply good practices that will improve the efficiency, safety and scalability of your projects.
What is Docker?
Docker is an open source platform that uses containers to pack an application and all its dependencies in a standard image. Each container runs isolated but shares the Linux kernel, making it much lighter than a virtual machine. The images are built in layers, they can be reused and stored in records like Docker Hub. In addition, Docker offers a powerful CLI and a REST API to automate the construction, distribution and execution of containers in any workflow.
Docker installation in Linux
Although the steps vary according to distribution, the overall process is to add the official Docker repository, install the engine and enable the service to start at the start. Below is how to do it in the most used distributions.
- Ubuntu and Debian: update the index, install pre-convenient packages (apt-transport-https ca-certificates curl gnupg lsb-release), add Docker's GPG key, add the stable repository and install docker-ce docker-ce-cli containerd.i.
- CentOS and RHEL: install yum-utils, configure the Docker repository with yum-config-manager and then install docker-ce docker-ce-cli containerd.i.
- Fedora: use dnf to install dnf-plugins-core, add the Docker repository and install the same package set.
- Arch Linux: install the docker package from the official repositories and enable the docker.service.
After installation, check that Docker works running docker run hello-world, which will download a test image and show a successful message.
Basic concepts: images, containers and Dockerfile
In Docker, the image is a read-only template that contains the file system needed to run an application. A container is an instance in time of execution of that image, isolated and light. The Dockerfile is a text script that defines, step by step, how an image is built, from the selection of a base to the copy of code and the installation of dependencies. Understanding how these elements interact allows you to create reproducible construction pipelines and deploy applications consistently in any Linux environment.
- Image: reading only layer, reusable and versionable.
- Container: isolated process that runs the image.
- Dockerfile: instructions for building the image.
Good practices when using Docker
For the maximum benefit of Docker in Linux, follow certain guidelines that improve maintenance, safety and performance. Keep the images as small as possible, use specific labels instead of latest, take advantage of the layer cache by ordering the Dockerfile instructions from at least to the most changing, run the containers as unprivileged user and set CPU and memory limits to prevent a container from affecting the rest of the system.
- Minimize image size: uses light bases like Alpine and eliminates unnecessary files after installation.
- Label versions: Avoid latest and use semantic versions (e.g. 1.2.3) to ensure reproducibility.
- Take advantage of the layer cache: order the Dockerfile instructions from at least to the most changing.
- Run as a non-privileged user: create a dedicated user inside the container and change to it with the USER instruction.
- Set resource limits: use -memory and -cpu-quota when launching containers or define limits in docker-compose.yml.
Docker container safety
Although the containers offer isolation, they are not risk-free. It is essential to keep the images up to date, scan them for vulnerabilities and apply the principle of minor privilege. In addition, it is recommended to use namespaces and cgroups to limit access to kernel and hardware, to mount the file system as reading only when writing is not required and to record activities to detect abnormal behaviors.
- Keep up-to-date images: use base versions with recent security patches.
- Scanning vulnerabilities: uses tools like Trivy or Clair to identify CVE in images.
- Run with reduced privileges: avoid privileged mode and use specific capabilities only when necessary.
- Read-only file system: mount the container file system as read-only when the application does not require writing.
- Registration and audit: Configure Docker's logs and send them to a centralized system like ELK or Splunk.
Simple Orchestra with Docker Composition
Docker Composition allows to define and run multi-container applications using a YAML file called docker-compose.yml. With Compose you can specify services, networks and volumes declaratively, making it easier to play complex developing, testing and production environments. A typical file includes the image, exposed ports, environment variables and dependencies of each service. When running docker-compose up, Compose creates the containers, connects them according to the defined network and starts the services in the right order. Docker-compose down and docker-compose logs simplify cleaning and debugging.
- Define services: each block indicates the image, ports and environment variables.
- Share data: use volumes to persist information between rebeginnings.
- Scaling services: use docker-compose up -scale to increase replicas of a service.
Conclusion
Docker has become a fundamental part of the modern Linux ecosystem, offering an efficient, portable and secure way to pack and run applications. By dominating their installation, understanding their basic concepts and applying good security and orchestration practices, teams can accelerate delivery, reduce inconsistencies between environments and improve resource utilization. Whether you're starting or looking to optimize existing flows, Docker provides the tools needed to build resilient and scalable infrastructure in any Linux distribution.
