YOU’LL NEED THIS

A PC OR MAC RUNNING DOCKER

Better still, an Ubuntu-powered PC running Docker, Cockpit, and Cockpit-Docker).

LAST ISSUE WE REVEALED how to set up your own headless server running Ubuntu Server, complete with remote access via the Cockpit web-based UI. We ended by introducing you to the world of Docker and containers, which enable you to run individual applications and services within their own isolated environments for security and stability reasons.

This tutorial picks up pretty much where that feature left off—so you need to refer back if you’ve not yet installed Cockpit, Docker, or the Cockpit-Docker plugin. If you’re looking to get started with Docker on another platform, the good news is that you can run it on Windows, macOS, and other flavors of Linux, too, complete with your choice of user-friendly front end—the box on page 62 reveals some of the options available.

We’ll open by revealing how Linux users can run containers as a non-root user for security purposes, plus step you through the process of finding, downloading, setting up, and running containers on your server. We’ll even show you how to get around any missing features in Cockpit-Docker by bypassing it and using the Terminal in conjunction with your PC’s text editor to quickly get more complex containers up and running. Ready to transform your new server? Let’s get started!

–NICK PEERS

1 SET UP DEDICATED DOCKER USER

Once you’ve got Docker and Cockpit-Docker (or your choice of UI) up and running, Linux users should visit https://docs.docker.com/engine/install/linux-postinstall/#manage-dockeras-a-non-root-user for a guide to managing Docker without requiring access to “sudo.” Those running Cockpit-Docker have no need to create the required “docker” group—it’s been created for you. Switch to “Accounts” in Cockpit and click your user account. A new “Container Administrator” role has been added—checking this [ImageA] adds your user to the “docker” group for the purposes of administering Docker from the command line, without having to precede commands with sudo .

>> Although Docker now supports rootless containers, which means they no longer need access to root for security purposes, they come with some restrictions that can make them impractical in all scenarios, specifically those containers that are accessed through any ports lower than 1024. Rootless Docker isn’t set up by default, although it’s simple to do in Ubuntu if you feel so obliged (see https://docs.docker.com/engine/security/rootless/).

>> An alternative workaround exists, which works on a container-by-container basis. This involves configuring each container to run using a specific user—including nonadministrators—rather than the main root account. This entails creating a dedicated user for that very purpose. Switch to Terminal in Cockpit and issue the following command: $ sudo adduser docker --ingroup docker