Cloud servers from $4/mo - Grab the Deal! Let’s start ->
English
Community
Sign In
Sign In

How to Configure Uncomplicated Firewall (UFW) on Ubuntu 24.04

How to Configure Uncomplicated Firewall (UFW) on Ubuntu 24.04
JC Brian Refugia
Technical writer
Ubuntu Firewall
21.08.2024
Reading time: 8 min
Share

Setting up a firewall is one of the fundamental steps in safeguarding an Ubuntu 24.04 installation. Security is an important part of running any server or system. A firewall restricts which services are permitted to communicate with the server, thus acting as a barrier between the system and any potential threats. On Ubuntu, the Uncomplicated Firewall (UFW) offers an intuitive frontend for controlling firewall rules. It makes setting up iptables, the robust but intricate underlying firewall mechanism, easier. UFW makes it simple to set up and manage their firewall settings, even if they have little experience with networking concepts. This increases system security without requiring a high level of technical expertise. With the help of this article, you will be able to install, configure, and manage UFW on Ubuntu 24.04, protecting the server from undesirable network traffic while maintaining the seamless operation of authorized services.

Hostman offers a cloud managed firewall that provides cutting-edge defense tailored for businesses of all sizes.

Prerequisites

  • A local computer or a cloud server with Ubuntu 24.04 installed
  • Root access or user with sudo privileges

Installing UFW

On Ubuntu 24.04, installing the Uncomplicated Firewall (UFW) is straightforward. Normally, Ubuntu has it pre-installed, but if it's not, one may easily install it on the machine by following the instructions below:

  1. Update the package lists to ensure to have the most recent information on package versions and dependencies. Run the command below: 

sudo apt update && sudo apt upgrade -y

  1. The below command can be used to install UFW on the machine.

sudo apt install ufw -y

  1. Once installation is complete, the default status of UFW is inactive. Check it using the command below:

sudo ufw status

Image1

Enabling UFW

You must enable UFW beforehand to begin securing the system. When UFW is enabled, it will begin enforcing both its default rules and any custom rules that have been established. If you are configuring a remote server, make sure to allow SSH connections before starting UFW, to avoid locking users out. Now that UFW is installed and operational, you can start creating firewall rules that meet the unique security needs. 

Enable UFW using the command below and type "y" to proceed.

sudo ufw enable

Image3

Allowing SSH Connections

Enabling the firewall before enabling SSH connections is crucial when deploying UFW on a server, particularly if if administering it remotely over SSH. SSH blocking may prevent you from accessing the server and render it unusable. 

On Ubuntu 24.04, you can enable SSH connections by following these steps:

  1. It is easy to permit SSH traffic using UFW. Use the following command to enable it.
sudo ufw allow ssh

Image9

  1. To confirm that the rule was successfully added, check the status of UFW by running thecommand below.
sudo ufw status

Image15

  1. If the SSH service is operating on a non-standard port, you can choose that port instead of the default by issuing the following command.
sudo ufw allow <custom_port>/tcp

Understanding UFW Default Policies

It's critical to learn about the default policies that UFW applies to incoming, outgoing, and forwarded traffic before digging into custom firewall rules. These default policies provide the firewall's baseline behavior, which can subsequently be adjusted with particular rules to permit or prohibit particular kinds of traffic. 

  1. UFW prevents all incoming connections to the server by default. This security precaution keeps unwanted users from accessing the system.  Any request that comes in from outside the system will be rejected unless a particular rule is configured to authorize it. Requests for SSH, FTP, HTTP, and HTTPS are included in this. 

  2. By default, UFW permits all outgoing connections. This implies that there are no restrictions on the connections the server can make to other servers or services. Because outgoing traffic is normally safe, this policy allows the server to access the internet, download updates, and connect to other services without requiring any additional settings.

  3. Since UFW's default forwarding policy is set to refuse, all forwarded traffic is blocked. Packets that are received by the firewall and subsequently forwarded to a different location are referred to as forwarded traffic. This is especially important for systems that serve as gateways or routers. The server must modify this policy if it is intended to forward traffic between networks.

Allowing and Denying Specific Ports and Services

The ability of UFW to simply control which ports and services are granted or denied access to the system is one of its main features. This feature is necessary to secure the Ubuntu 24.04 server and manage traffic. Using UFW, you can use this method to enable or block particular ports and services.

  1. To enable traffic on a specific port, run the ufw allow command followed by the port number. In this example, to allow http (port 80), run the command below.
sudo ufw allow 80/tcp

Image4

  1. To allow https (port 443), run the command below.
sudo ufw allow 443/tcp

Image20

  1. If a non-standard port is used by the application, the port can also specify using the command below.
sudo ufw allow <custom_port>/tcp

For example:

sudo ufw allow 3026/tcp

Image16

Traffic on port 3026, which is frequently used for database configurations, is now permitted.

  1. Likewise, in order to prevent access, you can restrict traffic on a particular port, run the command below.
sudo ufw deny 80/tcp

Image12

Checking UFW Status and Rules

After configuring Ubuntu 24.04's UFW (Uncomplicated Firewall), it's critical to frequently check the firewall's status and go over the rules that have been set up. By doing this, you can be sure the firewall is up and running as it should. To inspect the current firewall rules and verify the status of UFW, run the following command: 

sudo ufw status

Image2

Managing UFW Application Profiles

Predefined application profiles included in Ubuntu 24.04's UFW (Uncomplicated Firewall) make it easier to grant or restrict traffic for particular services. Firewall management is made easier by these profiles, which include preconfigured rules for popular services including SSH, POSTIFX, OPENSSH, HTTP, HTTPS, and others. Managing UFW application profiles can be done as follows.

  1. Use the following command to view every application profile that is available on the system.
sudo ufw app list

Image17

  1. Use the below command to view the rules included in a particular application profile. The ports and protocols that the profile controls will be displayed in the output.
sudo ufw app info <application_name>

For example:

sudo ufw app info OpenSSH

Image18

  1. The application profile that you wish to use can be allow with UFW once it has been identified. For instance, use the following command to enable HTTP traffic.
sudo ufw allow http

Image11

  1. Likewise, the deny command can be used to prevent traffic for a certain application profile. For example, use the following command to stop all communication related to the HTTP.
sudo ufw deny http

Image5

  1. If a rule related to an application profile is no longer required, it can be deleted using the following command:
sudo ufw delete allow http

Image6

Disabling UFW

Even though Ubuntu 24.04's UFW (Uncomplicated Firewall) is an effective tool for controlling firewall rules and system security, there may be circumstances in which it needs to be turned off, either permanently or temporarily. Unless another firewall or security solution is in place, disabling UFW will halt the firewall and erase all active rules, leaving the system unsecured.

  1. To disable UFW, run the below command. By using this command, you can successfully turn off the firewall and stop the UFW service. 
sudo ufw disable

Image8

  1. Use the command below to verify that UFW has been successfully disabled. The status output should show below.
sudo ufw status

Image14

Troubleshooting Common Issues

Although UFW (Uncomplicated Firewall) is meant to be user-friendly, there could be some problems with installation or firewall rule management. Here are some typical issues that may run into and solutions for issues.

  1. If UFW is not listed on the installed packed, try reinstalling it by running sudo apt update and sudo apt install ufw respectively.

  2. If the installation fails to install, look for issues in your sources or package management. You can also try apt update and apt clean.

  3. Conflicting firewall service. Before activating UFW, make sure that all other firewall services, such as firewall and iptables, have been stopped and deactivated. For further information, review the UFW logs if the issue continues. Useful command is sudo tail -f /var/log/ufw.log.

  4. Once UFW is enabled, you cannot connect remotely to the server and SSH access is restricted. If the you are locked out due to UFW blocking SSH, you need to access the server on the console and run command sudo ufw allow ssh to regain access.

Conclusion

In conclusion, one of the most important steps in protecting Ubuntu 24.04 is configuring the Uncomplicated Firewall (UFW), which controls inbound and outbound network traffic. Because of its intuitive interface, UFW makes firewall control simple enough even for individuals with little experience with Linux system administration. You can effectively control traffic to and from the server by following the instructions to install UFW, create default policies, allow or deny certain ports and services, and manage application profiles. Monitoring the firewall rules and UFW status on a regular basis guarantee that the system is always shielded from unwanted access. Whether it's administering a production environment or protecting a personal server, UFW offers a reliable and simple way to improve the security of the system. By adding the capability to diagnose common problems, one can keep the firewall configuration secure and effective for what is needed.

Ubuntu Firewall
21.08.2024
Reading time: 8 min
Share

Similar

Ubuntu

How to Install Google Chrome on Ubuntu 24.04

If you started using the internet post 2008, it is very likely that your first interaction over the internet was via Google Chrome web browser. People were frustrated with Microsoft Internet Explorer (which has reached its end of life and has now been discontinued), so when Google launched its proprietary product, Google Chrome, it was met with great demand, and hundreds of thousands of people switched to Chrome from Internet Explorer.  The reason for this switch was obvious, Chrome was definitely much faster and sleek in comparison to Internet Explorer and it offered a unique user experience. Within 4 years after its launch date, Chrome overtook Internet Explorer in terms of having the most users. Let’s switch gears now and move to the crucial part where we’ll talk about downloading and installing Chrome on Ubuntu 24.04 LTS which happens to be the latest OS at the time. Method 1: Installing Google Chrome via Graphical Interface (GUI) The first method is straight as an arrow and needs no extra skills other than the ability to operate a personal computer. Go ahead and search the term ‘Google Chrome’ in the browser bar.  Of course, you need a browser for this. Nothing to worry about as Ubuntu has a browser that comes built-in, this built-in browser is Firefox. Follow along, see where the arrows are pointing in the screenshots and download the 64 bit .deb (For Debian/Ubuntu).  Once you select the right version, go ahead and click on Accept and Install. Go to the directory where this package is downloaded, in my case, it is downloaded within my Downloads directory. Click on the file twice so it opens up in the Software Center where you will see a green Install button. Click that. Again, click on Install. After following along, complete the authentication by putting in your password. After installation is done, go to apps and search for ‘Google Chrome’. You can click on it to open it and then you can start using it.  Method 2: Installing Google Chrome via Terminal Update Package Information Updating package information is easy, run the update command:  sudo apt update Download Chrome with wget Use the wget utility to download Chrome from the provided URL: wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb This URL is the external source from where you can acquire the stable version of Chrome. Chrome is now downloaded but not yet installed. Install Chrome using dpkg To install this package you need to use the Debian package manager dpkg with the -i flag which indicates the installation. sudo dpkg -i google-chrome-stable_current_amd64.deb Fix Dependency Errors During our procedure, we didn’t come across any dependency error, if you face any then you can use the following command: sudo apt install -f Or: sudo apt-get install -f Run Google Chrome You can either open the browser from GUI or you can run this command and open the browser from within the terminal: google-chrome-stable Method 3: Installing Beta or Unstable Versions of Google Chrome Installing Google Chrome Beta Some developers get super excited when it comes to testing the versions of different products before the general public. If you are one of them, you can install Google Chrome’s beta version. Download Beta Google Chrome  Use wget with the direct URL pointing to an external source from where you can download the beta package of the browser: wget https://dl.google.com/linux/direct/google-chrome-beta_current_amd64.deb Install Beta Google Chrome sudo dpkg -i google-chrome-beta_current_amd64.deb If dependency errors pop up, just use the command shown in Method 2. Run Beta Google Chrome  Open beta version using terminal: google-chrome-beta The beta version of this browser runs smoothly without any issues, if you see any warnings in the terminal simply ignore it and you can use the beta version without any hassle.  Install Unstable Google Chrome If you are someone who likes to do testing way in advance and you are okay with multiple crashes, you can install Unstable Google Chrome.  Unstable Google Chrome has feature access before Beta Chrome. Main difference between Beta Google Chrome and Unstable Google Chrome is that Beta is updated every 4 weeks while Unstable is updated every day. Download Unstable Google Chrome  wget https://dl.google.com/linux/direct/google-chrome-unstable_current_amd64.deb Install Unstable Google Chrome sudo dpkg -i google-chrome-unstable_current_amd64.deb Run Unstable Google Chrome google-chrome-unstable Unstable versions of Chrome run smoothly, warnings or errors might pop up but you can ignore those, it works ok.  Additional Tips As Ubuntu’s default repository does not have Chrome due to proprietary rights, Google Chrome creates its own repo in your system and it updates each time you update your default repository. sudo apt update && sudo apt upgrade Conclusion A vast number of Linux users prioritize their privacy and prefer open-source products. If this is you, you might be aware that Google Chrome is a proprietary product and is owned by Alphabet (parent company of Google) which means it's not open source. If you are looking for something similar and also open source then Chromium is a great browser to consider. Google Chrome came with the concept of extensions and Google enabled them by default in 2009. These extensions extended the performance of the Chrome web browser and offered additional options to accomplish many things in much easier ways than previously. The main thing that really made Chrome “The King of The Market” was its speed and the ability to get updates for new versions. Google Chrome was able to fix issues much faster than competitors and users had a fine way to access all Google Products in one place.  The birth of the Chrome browser was the result of the problems Google workers faced with the browsers in the market at the time. They created a ‘Just Built For Them’ product which was actually what was needed in the market. Internet Explorer was the most used browser at the time but it was slow. It took Google Chrome just a few years to beat Internet Explorer in the market and in the upcoming decade, it completely wiped it off. 
23 May 2025 · 5 min to read
Apache

How to Install Let’s Encrypt with Apache

In the current environment of the internet, the use of HTTPS to secure web traffic is a must. With a free and automated Certificate Authority (CA) service like Let’s Encrypt, adoption of SSL/TLS has changed dramatically because you can quickly obtain trusted certificates at no cost. This guide will walk you through installing a Let’s Encrypt certificate on an Apache web server running Ubuntu 22.04 (Jammy Jellyfish). You will configure Certbot (the official Let’s Encrypt client), set up renewal procedures, and establish good security practices. Prerequisites Before proceeding, ensure you have: An Ubuntu 22.04 system. Update it with: sudo apt updatesudo apt upgrade Apache Installed: Confirm with apache2 -v. If not present, install via: sudo apt updatesudo apt install apache2 A registered domain (e.g., example.com) pointing to your server’s public IP. Check with: ping example.com Firewall Configured: Allow HTTP/HTTPS traffic: sudo ufw allow 'Apache Full'sudo ufw enable   Sudo Privileges: Access to a user account with administrative rights. Step 1: Installing Certbot via Snap Let’s Encrypt recommends using Certbot through Snap for seamless updates. Ubuntu 22.04 includes Snap by default, but make sure it’s updated: sudo snap install coresudo snap refresh core Install Certbot: sudo snap install --classic certbot Create a symbolic link to the Certbot binary for easy access: sudo ln -s /snap/bin/certbot /usr/bin/certbot Step 2: Generating SSL Certificate with Certbot Certbot integrates with Apache to automate certificate issuance and configuration. Run: sudo certbot --apache Follow the interactive prompts: Email Address: Enter for urgent renewal notifications. Terms of Service: Accept by typing A. Domain Selection: Choose the domain(s) to secure (e.g., example.com, www.example.com). HTTP to HTTPS Redirect: Select 2 to enforce HTTPS universally. Certbot will: Generate certificates in /etc/letsencrypt/live/exple.com/. Modify virtual host files to activate SSL. Reload Apache to apply changes. Step 3: Verifying Apache Configuration Certbot updates automatically your configuration. Inspect the virtual host file for your domain: sudo nano /etc/apache2/sites-available/example.com-le-ssl.conf Look for directives like: SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pemInclude /etc/letsencrypt/options-ssl-apache.conf Ensure the SSL module is enabled: sudo a2enmod sslsudo systemctl restart apache2 Step 4: Testing SSL/TLS Configuration Validate your setup: Visit https://example.com. Look for the padlock icon. Use curl to check headers: sudo apt install curlcurl -I https://example.com Confirm HTTP/2 200 or HTTP/1.1 200 OK. Run a free analysis at SSL Server Test to discover vulnerabilities. Step 5: Automating Renewal Let’s Encrypt certificates expire every 90 days. Certbot automates renewal via a systemd timer. Test renewal manually: sudo certbot renew --dry-run If successful, Certbot’s timer will handle future renewals. Verify the timer status: systemctl list-timers | grep certbot Troubleshooting Common Issues Port Blocking: Ensure ports 80 and 443 are open: sudo ufw status Incorrect Domain Resolution: Verify DNS records with: dig example.com Configuration Errors: Check logs via: sudo journalctl -u apache2 Certificate Renewal Failures: Inspect Certbot logs at /var/log/letsencrypt/. Advanced Configurations Enforcing HTTPS with HSTS Add the Strict-Transport-Security header to your SSL config: sudo a2enmod headerssudo systemctl restart apache2 Then in the Apache config (/etc/apache2/apache2.conf) configure: Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Redirecting HTTP to HTTPS Certbot usually handles this, but manually update non-SSL virtual hosts: <VirtualHost *:80> # Define the primary domain name for this virtual host ServerName example.com # Redirect all HTTP traffic to HTTPS permanently (status code 301) # This ensures users always access the site securely Redirect permanent / https://example.com/ </VirtualHost> Optimizing Cipher Suites Edit /etc/letsencrypt/options-ssl-apache.conf to prioritize strong ciphers: SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDHSSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 To further enhance your Apache and Let’s Encrypt setup, consider implementing the following advanced optimizations. These steps will not only improve security but also ensure your server performs efficiently under high traffic and adheres to modern web standards. Implementing OCSP Stapling Online Certificate Status Protocol (OCSP) stapling improves SSL/TLS performance by allowing the server to provide proof of validity, reducing client-side verification delays. Enable OCSP stapling in your configuration (/etc/apache2/apache.conf): SSLUseStapling onSSLStaplingCache "shmcb:logs/stapling-cache(150000)" After making these changes, restart the web server: sudo systemctl restart apache2 Verify OCSP stapling is working: openssl s_client -connect example.com:443 -status -servername example.com Look for OCSP Response Status: successful in the output. Configuring HTTP/2 for Improved Performance HTTP/2 enhances web performance by enabling multiplexing, header compression, and server push. To enable HTTP/2 in Apache, first ensure the http2 module is enabled: sudo a2enmod http2 Then, add the following directive to your SSL virtual host: Protocols h2 http/1.1 Restart Apache to apply the changes: sudo systemctl restart apache2 Verify HTTP/2 is active by inspecting the response headers using browser developer tools or a tool like curl: curl -I -k --http2 https://example.com Setting Up Wildcard Certificates If you manage multiple subdomains, a wildcard certificate simplifies management. To obtain a wildcard certificate with Certbot, use the DNS challenge method. First, install the DNS plugin for your DNS provider (e.g., Cloudflare): sudo snap set certbot trust-plugin-with-root=ok sudo snap install certbot-dns-cloudflare Install pip and the cloudflare package: sudo apt updatesudo apt install python3-pipsudo pip install cloudflare Create a credentials file for your DNS provider: sudo nano /etc/letsencrypt/cloudflare.ini Add your API credentials: dns_cloudflare_api_token = your_api_key Secure the file: sudo chmod 600 /etc/letsencrypt/cloudflare.ini Request the wildcard certificate: sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d example.com -d *.example.com Update your configuration to use the wildcard certificate. Monitoring and Logging SSL/TLS Usage Regularly monitoring SSL/TLS usage helps identify potential issues and enhance performance. Apache’s mod_ssl module provides detailed logs. Enable logging by integrating the following to your SSL virtual host configuration: LogLevel info ssl:warnCustomLog ${APACHE_LOG_DIR}/ssl_access.log combinedErrorLog ${APACHE_LOG_DIR}/ssl_error.log Analyze logs for errors or unusual activity: sudo tail -f /var/log/apache2/ssl_error.log For advanced monitoring, consider tools like GoAccess or ELK Stack to visualize traffic patterns and SSL/TLS performance. Enhancing Security with Security Headers Adding security headers to your configuration can protect your site from common vulnerabilities like cross-site scripting (XSS) and clickjacking. Include the following directives in your virtual host file: Header set X-Content-Type-Options "nosniff"Header set X-Frame-Options "DENY"Header set X-XSS-Protection "1; mode=block"Header set Content-Security-Policy "default-src 'self';" These headers make sure that browsers enforce strict security policies, minimizing the risk of attacks. Final Thoughts Securing your Apache as of Ubuntu 22.04 using Let's Encrypt is a must-do to create a trusted quality web presence. In this tutorial, we have learned how to fine-tune some of the advanced configuration options, such as OCSP stapling, HTTP/2, wildcard certificates, as well as monitoring and security headers. These configurations will help you protect your server while increasing its efficiency and scalability. Note that web security is an ongoing process! Stay informed about new and developing threats, updated SSL/TLS standards, and audit your setup and logs regularly to maintain your server security after securing it.
27 March 2025 · 7 min to read
Docker

How To Install and Use Docker Compose on Ubuntu

Docker Compose has fundamentally changed how developers approach containerized applications, particularly when coordinating services that depend on one another. This tool replaces manual container management with a structured YAML-driven workflow, enabling teams to define entire application architectures in a single configuration file.  For Ubuntu environments, this translates to reproducible deployments, simplified scaling, and reduced operational overhead. This guide provides a fresh perspective on Docker Compose installation and usage, offering deeper insights into its practical implementation. Prerequisites Before you begin this tutorial, you'll need a few things in place: Deploy an Ubuntu cloud server instance on Hostman. Ensure you have a user account with sudo privileges or root access. This allows you to install packages and manage Docker. Install Docker and have it running on your server, as Docker Compose works on top of Docker Engine. Why Docker Compose Matters Modern applications often involve interconnected components like APIs, databases, and caching layers. Managing these elements individually with Docker commands becomes cumbersome as complexity grows. Docker Compose addresses this by allowing developers to declare all services, networks, and storage requirements in a docker-compose.yml file. This approach ensures consistency across environments—whether you’re working on a local Ubuntu machine or a cloud server. For example, consider a web application comprising a Node.js backend, PostgreSQL database, and Redis cache. Without Docker Compose, each component requires separate docker run commands with precise networking flags. With Compose, these relationships are organized once, enabling one-command setups and teardowns. Docker Compose Installation Follow these steps to install Docker Compose on your Ubuntu machine: Step 1: Verify that the Docker Engine is Installed and Running Docker Compose functions as an extension of Docker, so verify its status with: sudo systemctl status docker Example output: ● docker.service - Docker Application Container Engine Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2025-02-20 08:55:04 GMT; 5min ago TriggeredBy: ● docker.socket Docs: https://docs.docker.com Main PID: 2246435 (dockerd) Tasks: 9 Memory: 53.7M CPU: 304ms CGroup: /system.slice/docker.service └─2246435 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock If inactive, start it using sudo systemctl start docker. Step 2: Update System Packages Refresh your package lists to ensure access to the latest software versions: sudo apt-get update You will see: Hit:1 https://download.docker.com/linux/ubuntu jammy InRelease Hit:2 http://archive.ubuntu.com/ubuntu jammy InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:5 http://repo.hostman.com/ubuntu focal InRelease Hit:6 http://archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:3 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.31/deb InRelease Hit:8 https://packages.redis.io/deb jammy InRelease Reading package lists... Done Step 3: Install Foundational Utilities Secure communication with Docker’s repositories requires these packages: sudo apt-get install ca-certificates curl  Step 4: Configure Docker’s GPG Key Authenticate Docker packages by adding their cryptographic key: sudo install -m 0755 -d /etc/apt/keyringssudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.ascsudo chmod a+r /etc/apt/keyrings/docker.asc This step ensures packages haven’t been altered during transit. Step 5: Integrate Docker’s Repository Add the repository tailored to your Ubuntu version: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null The command auto-detects your OS version using VERSION_CODENAME. Step 6: Install the Docker Compose Plugin Update repositories and install the Compose extension: sudo apt updatesudo apt-get install docker-compose-plugin Step 7: Validate the Installation Confirm successful setup with: docker compose version The output displays the Docker Compose version: Docker Compose version v2.33.0 Building a Practical Docker Compose Project Let’s deploy a web server using Nginx to demonstrate Docker Compose’s capabilities. Step 1. Initialize the Project Directory Create a dedicated workspace: mkdir ~/compose-demo && cd ~/compose-demo Step 2. Define Services in docker-compose.yml Create the configuration file: nano docker-compose.yml Insert the following content: services: web: image: nginx:alpine ports: - "8080:80" volumes: - ./app:/usr/share/nginx/html In the above YAML file: services: Root element declaring containers. web: Custom service name. image: Uses the Alpine-based Nginx image for reduced footprint. ports: Maps host port 8080 to container port 80. volumes: Syncs the local app directory with the container’s web root. Step 3. Create Web Content Build the HTML structure: mkdir app nano app/index.html Add this HTML snippet: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Docker Compose Test</title> </head> <body> <h1>Hello from Docker Compose!</h1> </body> </html> Orchestrating Containers: From Launch to Shutdown Let’s explore how you can use Docker Compose for container orchestration: Start Services in Detached Mode Launch containers in the background: docker compose up -d Example output: [+] Running 2/2 ✔ Network compose-demo_default Created ✔ Container compose-demo-web-1 Started Docker Compose automatically pulls the Nginx image if missing and configures networking. Verify Container Status Check operational containers: docker compose ps -a Access the Web Application Visit http://localhost:8080 locally or http://<SERVER_IP>:8080 on remote servers. The test page should display your HTML content. Diagnose Issues via Logs If the page doesn’t load or if you encounter any issues, you can inspect container logs: docker compose logs web Example output: web-1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration web-1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ web-1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh web-1 | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf web-1 | 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf web-1 | /docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh … Graceful Shutdown and Cleanup Stop containers temporarily: docker compose stop Example output: [+] Stopping 1/1 ✔ Container compose-demo-web-1  Stopped Remove all project resources: docker compose down Example output: [+] Running 2/2 ✔ Container compose-demo-web-1  Removed ✔ Network compose-demo_default  Removed Command Reference: Beyond Basic Operations While the workflow above covers fundamentals, these commands enhance container management: docker compose up --build: Rebuild images before starting containers. docker compose pause: Freeze containers without terminating them. docker compose top: Display running processes in containers. docker compose config: Validate and view the compiled configuration. docker compose exec: Execute commands in running containers (e.g., docker compose exec web nginx -t tests Nginx’s configuration). Conclusion Docker Compose transforms multi-container orchestration from a manual chore into a streamlined, repeatable process. By adhering to the steps outlined—installing Docker Compose, defining services in YAML, and leveraging essential commands—you can manage complex applications with confidence.
26 February 2025 · 7 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support