Installing Docker on a Server with CentOS 7

The biggest waste is a waste of time.

In the modern world, time is valued very highly, so people come up with various ways to save and optimize it. And with modern information technologies and software products, we have come up with a lot of ways to make life easier. For example, take the development team, how often do they have to do the same things? And if they need to transfer the developed product to the client, but it is necessary to properly set the client's servers up for the product launch? And if there are several such clients?

Or consider another option. Do you have multiple development teams that use the same technologies, each time installing all the software products used for all projects?

You can, of course, write scripts that will install everything you need every time, but even so, it can take a long time.

Finally, consider the option of a person who wants to try something, but for this he needs to install, for example, a web server, and he does not know how to install and configure it.

This is where Docker comes to the rescue. Docker packs the software along with all the necessary libraries, settings, code, and environment in so-called containers that can then be transferred to other machines. Containers are a cross between the software installed on the server and the virtual machine.

It is very easy to install and unpack Docker on various OS (operating systems), even on Windows. We will also consider installing CentOS 7 on the server.

$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2

Then select a repository with a stable version of Docker:

$ sudo yum-config-manager --add-repo

Now install:

$ sudo yum install docker-ce docker-ce-cli

Now add it to autorun and launch it:

$ sudo systemctl enable docker
$ sudo systemctl start docker

All that's left is to check the performance:

$ sudo docker run hello-world

This code downloads the image, launches a container that displays an informational message, and exits.

Installing Docker didn't take much time, but what about installing programs? Quite a lot of ready-made images are in the so-called Docker Hub, it is supplemented by both ordinary users like you and me, and teams of developers of various software. Remember our article on installing Atlassian Bitbucket? With Docker it takes only 3 lines:

$ sudo docker volume create --name bitbucketVolume
$ sudo docker run -v bitbucketVolume:/var/atlassian/application-data/bitbucket --name="bitbucket" -d -p 7990:7990 -p 7999:7999 atlassian/bitbucket-server
$ sudo docker run -v /data/bitbucket:/var/atlassian/application-data/bitbucket --name="bitbucket" -d -p 7990:7990 -p 7999:7999 atlassian/bitbucket-server

It is worth warning that by default Docker rewrites the firewall rules, which allows you to access the container externally. This is a common mistake for beginners.

Therefore, we will disable the ability to change firewall rules. To begin with, we'll write --iptables=false in the service launch properties. You should get something like the following:

$ sudo grep "iptables" /etc/systemd/system/
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --iptables=false

After that, you must restart the services:

$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

This method has a drawback - after updating Docker, you will have to write in this setting again. In order to save the settings after the reboot, you need to create a daemon.json file with following content:

$ sudo vi /etc/docker/daemon.json
    "iptables": false

Now all you have to do is restart docker:

$ sudo systemctl restart docker

But now not only we won’t be able to access our container externally, but also from other container if we have several containers running. For this you need to edit the firewall rules.

Add the proxy interface created by docker (docker0 by default) to the allowed ones:

$ sudo firewall-cmd --permanent --zone=trusted --add-interface=docker0
$ sudo firewall-cmd --reload

To access the container via the Internet, you need to allow certain ports, for example:

$ sudo firewall-cmd --permanent --zone=public --add-port=443/tcp
$ sudo firewall-cmd --reload

To access the Internet from the container, you need masquerading. Activate it for the public zone, where it is disabled by default:

$ sudo firewall-cmd --permanent --zone=public --query-masquerade
$ sudo firewall-cmd --permanent --zone=public --add-masquerade  
$ sudo firewall-cmd --permanent --zone=public --query-masquerade
$ sudo firewall-cmd --reload

Studying Docker features can take a long time, what we wanted to do was to tell you about the existence of such software. There are many resources for learning and using Docker in both English and Russian. This is a very good resource for viewing basic Docker features. This course is fully interactive and is similar to a virtual machine that outputs its console directly to your web browser.

The Syncweb team hopes that this information is useful to you and will save your valuable time.

Too difficult?
​Order server administration.