How to Install Docker on Ubuntu 22.04

Docker is software for quickly deploying applications through containerization. However, with its active use, many objects accumulate, consuming valuable host resources: images, containers, volumes, and networks. You can remove these objects through Docker Desktop, but it is much more convenient, especially when dealing with a significant number of objects, to use command-line tools. In this article, you will find tips for working with Docker and learn how to remove various objects using both the Docker Desktop client and command-line tools. Removing Containers To interact with containers and change their current state, including removing them, go to the "Containers/Apps" tab in the Docker Desktop web interface, select the desired object, and apply the chosen action: Now, let's look at how to remove these objects using command-line tools. To remove containers, use the docker container rm command or simply docker rm. For clarity, we will use docker container rm with the following syntax: docker container rm [removal options] [object ID] Options: --force or -f: Force removal of the container (e.g., if running). --link or -l: Remove the specified link (e.g., between two objects)*. --volume or -v: Remove anonymous volumes associated with the container. Containers are isolated from each other. One way to link them is via network ports. Using the --link flag will remove this network link in Docker. There are two commands in the command-line arsenal for obtaining information about containers: docker ps and docker container ls. They have the same options and syntax: Options: --all or -a: Display all containers. By default, only running containers are displayed. --filter or -f: Filter based on a set of flags. --format: Format the output. You can display only the necessary information. --last or -n: Show the last n containers. --latest or -l: Show the most recent container. --no-trunc: Do not truncate the output. --quiet or -q: Display only the container IDs. --size or -s: Display the total size. Using these parameters, you can create a list of containers you wish to remove, then pass the container IDs to the docker container rm command. For example, to create a list of containers with the status created or exited, run this command to get such objects: docker ps -a -f status=created -f status=exited Now, pass the result to the removal command: docker container rm $(docker ps -a -f status=created -f status=exited -q) To remove running containers, you must first stop them. Of course, you can use the --force option, but this may lead to data corruption with the application's working data. It is always better to first stop the containers with the docker stop command. To remove all containers in Docker, you can simply use these two commands: docker stop $(docker ps -a -q)docker container rm $(docker ps -a -q) There is a separate command to remove all stopped containers: docker container prune. Removing Docker Images Like containers, you can also remove Docker images within the client application. To do this, go to the "Images" tab: To delete an image, click "Clean up…" in the upper right corner and select the images. If an image is currently in use, Docker will not allow you to delete it. Now, let's move on to the command-line tools. There are two commands for removing Docker images: docker rmi and docker image rm. They are identical and work in much the same way as docker rm. Here's their syntax: docker rmi [remove options] [image IDs] Options: --force or -f: Forcefully remove the image. --no-prune: Do not remove untagged parent images. To find the image IDs, we use the following command: docker images [options] [REPOSITORY:[TAG]] Options: --all or -a: Show all images. By default, intermediate images are hidden. --digests: Show digests. --filter or -f: Filter by flags. --format: Format the output. --no-trunc: Do not truncate the output. --quiet or -q: Show only the image IDs. The application of these commands is the same as in the previous section. First, we query the list of images we want and use it as input for the docker rmi command. For example, to remove images that are not associated with any containers, we can use the dangling=true flag. It is important to note that we will get untagged images. docker images --filter dangling=true After checking the list, we can safely remove it: docker rmi $(docker images --filter dangling=true -q) To remove all unused images, use the docker image prune command. Removing Volumes A volume is a file system located outside the containers and stored on the host machine. To free up disk space occupied by volumes, go to the "Volumes" section, and in the top-right corner, select the corresponding icon: To delete volumes from the command line, use the docker volume rm command with the following syntax: docker volume rm [options] [volume names] This command is not very flexible with options and only provides the --force or -f flag for forced removal. You can only remove volumes if they are not associated with running containers. Forced removal of volumes linked to active containers is not recommended, as it may lead to data corruption. To list volume names, use the docker volume ls command with the following syntax: docker volume ls [options] Again, Docker is limited on options here, with only three available: --filter or -f: Filter by flags. --format: Format the output. --quiet or -q: Show only the volume names. Volumes exist independently of containers, and after their deletion, they remain in the host's file system as unlinked volumes. Let's try deleting such volumes. Use the dangling=true flag for this purpose: docker volume ls -f dangling=true Now, pass the results to the command for deletion: docker volume rm $(docker volume ls -f dangling=true -q) Alternatively, you can use another command to remove all unused volumes: docker volume prune. However, before using this command, check the list to ensure it includes only the volumes you want to remove. If you need to remove an unnamed volume, you can delete it with its associated container. For this, add the -v flag when using docker rm. Removing Networks To remove networks, you need to use the docker network rm command with the following syntax: docker network rm [network names/IDs] This command does not have any options. You can pass either names or IDs of the networks. To find the names and IDs of the networks, use the docker network ls command: docker network ls [options] This command has four available options: --filter or -f: Filter by flags. --format: Format the output. --no-trunc: Do not truncate the output. --quiet or -q: Show only IDs. Before deleting a network, you must remove any objects (containers) that are using it. To check which containers are using a specific network, use the following command: docker ps -f network=[network ID] Afterward, you can proceed to delete the network. For example, to delete networks with the driver=bridge value, use the following commands: docker network ls -f driver=bridgedocker network rm $(docker network ls -f driver=bridge -q) Cleaning Up Docker from All Objects Sometimes, you might need to remove everything and reinstall Docker to return an application to its initial state. Instead of deleting Docker entirely, you can execute a series of commands to clean up all objects and work with a fresh environment: Stop and remove containers: docker stop $(docker ps -a -q)docker rm $(docker ps -a -q) Remove images: docker rmi $(docker images -a -q) Remove volumes: docker volume rm $(docker volume ls -a -q) Remove networks: docker network rm $(docker network ls -a -q)  

Nextcloud is an open-source software for creating and using your own cloud storage. It allows users to store data, synchronize it between devices, and share files through a user-friendly interface. This solution is ideal for those prioritizing privacy and security over public cloud services. Nextcloud offers a range of features, including file management, calendars, contacts, and integration with other services and applications. When deploying Nextcloud, Docker provides a convenient and efficient way to install and manage the application. Docker uses containerization technology, simplifying deployment and configuration and ensuring scalability and portability. Combining Docker with Docker Compose allows you to automate and standardize the deployment process, making it accessible even to users with minimal technical expertise. In this guide, we'll walk you through installing Nextcloud using Docker Compose, configuring Nginx as a reverse proxy, and obtaining an SSL certificate with Certbot to secure your connection. Installing Docker and Docker Compose Docker is a powerful tool for developers that makes deploying and running applications in containers easy. Docker Compose simplifies orchestration of multi-container applications using YAML configuration files, which streamline the setup and management of complex applications. Download the installation script by running the command: curl -fsSL https://get.docker.com -o get-docker.sh This script automates the Docker installation process for various Linux distributions. Run the installation script: sudo sh ./get-docker.sh This command installs both Docker and Docker Compose. You can add the --dry-run option to preview the actions without executing them. After the script completes, verify that Docker and Docker Compose are installed correctly by using the following commands: docker -vdocker compose version These commands should display the installed versions, confirming successful installation. Preparing to Install Nextcloud Creating a Working Directory In Linux, third-party applications are often installed in the /opt directory. Navigate to this directory with the command: cd /opt Create a folder named mynextcloud in the /opt directory, which will serve as the working directory for your Nextcloud instance: mkdir mynextcloud Configuring the docker-compose.yml File After creating the directory, navigate into it: cd mynextcloud We will define the Docker Compose configuration in the docker-compose.yml file. To edit this file, use a text editor such as nano or vim: nano docker-compose.yml In the docker-compose.yml file, you should include the following content: version: '2' volumes: mynextcloud: db: services: db: image: mariadb:10.6 restart: unless-stopped command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW volumes: - db:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=RootPass - MYSQL_PASSWORD=NextPass - MYSQL_DATABASE=nextclouddb - MYSQL_USER=nextclouduser app: image: nextcloud restart: unless-stopped ports: - 8081:80 links: - db volumes: - mynextcloud:/var/www/html environment: - MYSQL_PASSWORD=NextPass - MYSQL_DATABASE=nextclouddb - MYSQL_USER=nextclouduser - MYSQL_HOST=db Parameters in this file: version: '2': Specifies the version of Docker Compose being used. Version 2 is known for its simplicity and stability. volumes: Defines two named volumes: mynextcloud for app data and db for database storage. services: db: image: Uses the MariaDB 10.6 image. restart: Automatically restarts the service unless manually stopped. volumes: Binds the db volume to /var/lib/mysql in the container for persistent database storage. environment: Sets environment variables like passwords, database name, and user credentials. app: image: Uses the Nextcloud image. ports: Maps port 8081 on the host to port 80 inside the container, allowing access to Nextcloud through port 8081. links: Links the app container to the db container for database interaction. volumes: Binds the mynextcloud volume to /var/www/html for storing Nextcloud files. environment: Configures database-related environment variables, linking the Nextcloud app to the database. This configuration sets up your application and database environment. Now, we can move on to launching and configuring Nextcloud. Running and Configuring Nextcloud Once the docker-compose.yml configuration is ready, you can start the project. Run the following commands in the mynextcloud directory to download the necessary images and start the containers: docker compose pulldocker compose up The docker compose pull command will download the required Nextcloud and MariaDB images. The docker compose up command will launch the containers based on your configuration. The initial setup may take a while. When it’s complete, you will see messages like: nextcloud-app-1  | New nextcloud instancenextcloud-app-1  | Initializing finished After the initial configuration, you can access Nextcloud through your browser. Enter http://server-ip:8081 into the browser’s address bar. You will be prompted to create an administrator account by providing your desired username and password. During the initial configuration, you can also choose additional apps to install. Stopping and Restarting Containers in Detached Mode After verifying that Nextcloud is running correctly through the web interface, you can restart the containers in detached mode to keep them running in the background. If the containers are still running in interactive mode (after executing docker compose up without the -d flag), stop them by pressing Ctrl+C in the terminal. To restart the containers in detached mode, use the command: docker compose up -d The -d flag stands for "detached mode," which allows the containers to run in the background independently of your terminal session. Now the containers are running in the background. If you have a domain ready, you can proceed with configuring the server as a reverse proxy. Setting up Nginx as a Reverse Proxy Installation Nginx is often chosen as a reverse proxy due to its performance and flexibility. You can install it by running the command: sudo apt install nginx Configuring Nginx Create a configuration file for your domain (e.g., nextcloud-test.com). Use a text editor to create the file in the /etc/nginx/sites-available directory: sudo nano /etc/nginx/sites-available/nextcloud-test.com Add the following directives to the file: server { listen 80; server_name nextcloud-test.com; location / { proxy_pass http://localhost:8081; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; } location ^~ /.well-known { location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } return 301 /index.php$request_uri; } } This configuration sets up the web server to proxy requests to Nextcloud running on port 8081, with headers for security and proxying. Key Configuration Details Basic Configuration: server { listen 80; server_name nextcloud-test.com; location / { proxy_pass http://localhost:8081; ... } } This block configures the server to listen on port 80 (standard HTTP) and handle requests directed to nextcloud-test.com. Requests are proxied to the Docker container running Nextcloud on port 8081. Proxy Settings: proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; These headers ensure that the original request information (like the client’s IP address and request protocol) is passed on to the application, which is important for proper functionality and security. HSTS (HTTP Strict Transport Security): add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; This header enforces security by instructing browsers only to use HTTPS when accessing your site for the next 180 days. Well-Known URI Settings: location ^~ /.well-known { ... } This block handles special requests to .well-known URIs, used for service discovery (e.g., CalDAV, CardDAV) and domain ownership verification (e.g., for SSL certificates). Enabling the Nginx Configuration Create a symbolic link to the configuration file from the /etc/nginx/sites-enabled/ directory: sudo ln -s /etc/nginx/sites-available/nextcloud-test.com /etc/nginx/sites-enabled/ Now restart Nginx to apply the new configuration: sudo systemctl restart nginx At this point, your web server is configured as a reverse proxy for the Nextcloud application, and you can access it via your domain (note that you might initially see an "Access through untrusted domain" error, which we’ll fix later). Configuring SSL Certificates with Certbot Installing Certbot Certbot is a tool from the Electronic Frontier Foundation (EFF) used for obtaining and managing SSL certificates from Let's Encrypt. It automates the process, enhancing your website's security by encrypting the data exchanged between the server and its users. To install Certbot and the Nginx plugin, use the following command: sudo apt install certbot python3-certbot-nginx Obtaining and Installing the SSL Certificate To obtain an SSL certificate for your domain and configure the web server to use it, run the command: sudo certbot --non-interactive -m [email protected] --agree-tos --no-eff-email --nginx -d nextcloud-test.com In this command: --non-interactive: Runs Certbot without interactive prompts. -m [email protected]: Specifies the admin email for notifications. --agree-tos: Automatically agrees to Let's Encrypt’s terms of service. --no-eff-email: Opts out of EFF-related emails. --nginx: Uses the Nginx plugin to automatically configure SSL. -d nextcloud-test.com: Specifies the domain for which the certificate is issued. Certbot will automatically update the Nginx configuration to use the SSL certificate, including setting up HTTP-to-HTTPS redirection. After Certbot completes the process, restart Nginx to apply the changes: sudo systemctl restart nginx Now, your Nextcloud instance is secured with an SSL certificate, and all communication between the server and clients will be encrypted. Fixing the "Access through Untrusted Domain" Error When accessing Nextcloud through your domain, you may encounter an "Access through untrusted domain" error. This occurs because the initial configuration was done using the server’s IP address. Since our application is running inside a container, you can either use docker exec or modify the Docker volume directly. We’ll use the latter method since we created Docker volumes earlier in the docker-compose.yml file. First, list your Docker volumes: docker volume ls Find the volume named mynextcloud_mynextcloud. To access the volume, run: docker volume inspect mynextcloud_mynextcloud Look for the Mountpoint value to find the path to the volume. Change to that directory: cd /var/lib/docker/volumes/mynextcloud_mynextcloud/_data Navigate to the config directory and open the config.php file for editing: cd confignano config.php In the file, update the following lines: Change overwrite.cli.url from http://server_ip:8081 to https://your_domain. In the trusted_domains section, replace server_ip:8081 with your domain. Add the line 'overwriteprotocol' => 'https' after overwrite.cli.url to ensure all resources load via HTTPS. Save the changes (in Nano, use Ctrl+O, then Ctrl+X to exit). After saving the changes in config.php, you should be able to access the application through your domain without encountering the "untrusted domain" error. Conclusion Following these steps, you’ll have a fully functional, secure Nextcloud instance running in a containerized environment.

When working with Docker, users deal with images which are executable files that contain everything needed to run an application, including the app's source code, libraries, etc. These images are stored in specialized repositories known as registries, which can be either private or public. The most well-known public registry is Docker Hub, where you can find many official images like Nginx, PostgreSQL, Alpine, Ubuntu, Node, and MongoDB. Users can register on Docker Hub and store their images, with access to three private repositories and one public repository by default. Docker Hub is the default registry used by Docker to pull images. This guide will cover changing Docker's default registry to another one. Using External Docker Registries A simple way to use external registries is to leverage third-party registries offered by companies like Google and Amazon. Below is a list of public registries you can use: Owner Registry URL Google https://mirror.gcr.io Amazon https://public.ecr.aws Red Hat https://quay.io https://registry.access.redhat.com https://registry.redhat.io Using unknown external Docker registries may pose security risks, so proceed with caution. Follow the steps below to switch the default Docker Hub registry to another one. Linux Configuration Open the daemon.json file using any text editor. If Docker is installed normally (not in rootless mode), the file is located in /etc/docker. If the file doesn’t exist, the command will create it: nano /etc/docker/daemon.json For Docker in rootless mode, the file is located at ~/.config/docker in the user's home directory. Again, the command will create the file if it doesn't exist: nano ~/.config/docker/daemon.json Add the following parameter to set a new default registry (https://mirror.gcr.io in this example): {  "registry-mirrors": ["https://mirror.gcr.io"]} Save and exit the file. Restart the Docker service to apply the changes: systemctl reload docker Now, when you pull an image, Docker will use the newly specified registry. For example, pull the Alpine image from Google's registry: docker pull mirror.gcr.io/alpine You can also specify a tag. For instance, pull Nginx version 1.25.2: docker pull mirror.gcr.io/nginx:1.25.2 Windows Configuration (Docker Desktop) Open the daemon.json file located at: C:\Users\<your_username>\.docker\daemon.json Add the registry-mirrors parameter: {  "registry-mirrors": ["https://mirror.gcr.io"]} Save the file, then restart Docker. Right-click the Docker icon in the system tray and select "Restart." Alternatively, you can configure the registry via Docker Desktop’s UI. Go to the Docker Engine section and add: {  "registry-mirrors": ["https://mirror.gcr.io"]} Click Apply & Restart to save the changes and restart Docker. After restarting, Docker will use the new registry for image pulls. For example, download a curl image: docker pull mirror.gcr.io/curlimages/curl To pull a specific version, specify the tag. For example: docker pull mirror.gcr.io/node:21-alpine Using Nexus as a Docker Registry You can also use Nexus to manage Docker images. Nexus supports proxy repositories, which cache images pulled from external registries like Docker Hub. This allows Nexus to act as a caching proxy repository for Docker images, which can be useful if external registries are unavailable. Setting up a Proxy Repository in Nexus Log in to Nexus using an administrator or a user with repository creation rights. Go to Server Administration and Configuration and navigate to Repositories. Click Create repository and choose the docker (proxy) type. Fill out the necessary fields: Name: Give the repository a unique name. Online: Ensure this checkbox is checked, allowing the repository to accept incoming requests. If Nexus is behind a proxy server (such as Nginx), you won’t need to use ports for authentication. If no proxy is used, assign a unique port for HTTP or HTTPS. Allow anonymous docker pull: If checked, you won’t need to authenticate using docker login. If not checked, you’ll need to log in before pulling images. Remote storage: Specify the URL of the external registry (e.g., https://registry-1.docker.io for Docker Hub). After the repository is created, log in to the Nexus registry (if authentication is required) using: docker login <nexus_registry_address> To pull an image, use the following format: docker pull <nexus_registry_address>/image_name:tag For example, to pull a Python image with tag 3.8.19-alpine: docker pull nexus-repo.com/python:3.8.19-alpine Avoid using the latest tag for security reasons, as it may contain bugs or vulnerabilities. Conclusion This article reviewed several methods for pulling and storing Docker images. Using third-party Docker registries can be helpful when the default registry is unavailable. If you don’t trust external registries, you can always set up your own private or public registry.