How to Install and Secure Docker in Production Environments
Learn step-by-step how to prepare your Linux server, download and install Docker 20.10.24 manually, configure daemon settings, set up systemd service, start and verify the engine, and apply essential security and optimization practices for reliable production deployments.
In the era of microservices, Docker is the leading container technology that greatly simplifies application deployment, improves development efficiency, and streamlines operations.
Prerequisites
Operating system: stable Linux distribution such as Ubuntu, CentOS or RHEL.
Hardware: at least 4 GB RAM and sufficient disk space.
Network: server must have internet access to download Docker images and dependencies.
Install Docker
Create configuration and storage directories:
<code>mkdir -p /etc/docker/ /data/docker</code>Download the binary package:
<code>curl -SLO https://download.docker.com/linux/static/stable/x86_64/docker-20.10.24.tgz</code>Extract the files and move binaries:
<code>tar xf docker-20.10.24.tgz -C /opt
cp /opt/docker/* /usr/local/bin/
rm -rf /opt/docker</code>Create the daemon configuration file:
<code>cat > /etc/docker/daemon.json <<EOF
{
"data-root": "/data/docker/",
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://docker.mirrors.ustc.edu.cn",
"https://registry.docker-cn.com"
],
"log-driver": "json-file",
"log-level": "info"
}
EOF</code>Create the systemd service file:
<code>cat > /usr/lib/systemd/system/docker.service <<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/local/bin/dockerd --config-file /etc/docker/daemon.json
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
EOF</code>Reload systemd, enable and start Docker:
<code>systemctl daemon-reload
systemctl enable docker.service --now</code>Verify the installation:
<code>docker run hello-world</code>Security and Optimization
Principle of least privilege: avoid running containers as root unless absolutely necessary.
Firewall rules: expose only required ports, e.g., the default Docker port 2375.
Resource limits: set appropriate CPU and memory limits for containers to prevent resource contention.
Conclusion
By following these steps you have successfully installed Docker in a production environment and applied basic security configurations. Docker is just the beginning; building efficient, stable micro‑service architectures requires continuous learning and practice.
Linux Ops Smart Journey
The operations journey never stops—pursuing excellence endlessly.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.