Development Tools

Docker Community Edition User Guide

| Product: Docker Community Edition

Overview

This guide covers the deployment and use of Docker Community Edition (Docker CE) on Linux using cloudimg AMIs from the AWS Marketplace. Docker is a platform for developing, shipping, and running applications inside lightweight, portable containers.

What's included in this AMI:

  • Docker Community Edition with systemd service for automatic startup
  • Docker CLI and Docker Compose
  • Dedicated Docker storage volume at /var/lib/docker
  • OS package update script for keeping the system current
  • AWS CLI v2 for AWS service integration
  • Systems Manager Agent (SSM) for remote management
  • CloudWatch Agent for monitoring
  • Latest security patches applied at build time
  • 24/7 cloudimg support with guaranteed 24 hour response SLA

Prerequisites

Before launching this AMI, ensure you have:

  1. An active AWS account
  2. An active subscription to the Docker Community Edition listing on AWS Marketplace
  3. An EC2 key pair for SSH access
  4. Familiarity with EC2 instance management and SSH

Recommended Instance Type: t3.medium (2 vCPU, 4 GB RAM) or larger for running multiple containers. The minimum requirements are 1 vCPU, 1 GB RAM, and 20 GB disk space.

Step 1: Launch the AMI

  1. Navigate to the AWS Marketplace and search for "Docker CE cloudimg"
  2. Click Continue to Subscribe, accept the terms, then Continue to Configuration
  3. Select your preferred Region and Software Version
  4. Click Continue to Launch
  5. Choose Launch through EC2 for full control over instance configuration
  6. Select your instance type (t3.medium recommended)
  7. Configure storage: 20 GB gp3 minimum for the root volume. Consider adding a larger volume for container images and data.
  8. Configure your Security Group with the following inbound rules:
Port Protocol Source Purpose
22 TCP Your IP SSH access

Note: Additional ports may be needed depending on the containers you run. Add rules as required for your application (for example, port 80/443 for web servers, port 8080 for application servers).

  1. Select your EC2 key pair and launch the instance

Step 2: Connect via SSH

Once your instance is running and has passed both status checks (2/2), connect using SSH:

ssh -i your-key.pem ec2-user@<public-ip-address>

Replace your-key.pem with the path to your EC2 key pair and <public-ip-address> with your instance's public IP.

Important: Wait for the EC2 instance to reach 2/2 successful status checks before attempting to connect. If you connect too early, you may see errors such as:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

To switch to the root user:

sudo su -

Step 3: Verify Docker is Running

Docker starts automatically on boot. Verify the service is running:

systemctl status docker

Check the Docker version:

docker --version

Run a test container to confirm everything is working:

docker run hello-world

You should see a message confirming that Docker is installed and working correctly.

Step 4: Run Your First Container

Run an NGINX web server:

docker run -d --name webserver -p 80:80 nginx

This starts an NGINX container in the background, mapping port 80 on the host to port 80 in the container. Access it at http://<public-ip-address>.

List running containers:

docker ps

Stop and remove a container:

docker stop webserver
docker rm webserver

Working with Docker Images

Pull an image from Docker Hub:

docker pull ubuntu:latest

List downloaded images:

docker images

Remove an image:

docker rmi ubuntu:latest

Build an image from a Dockerfile:

docker build -t my-app:latest .

Using Docker Compose

Docker Compose allows you to define and run multi container applications using a YAML file.

Example docker-compose.yml:

version: '3'
services:
  web:
    image: nginx:latest
    ports:
      - "80:80"
  db:
    image: mysql:8
    environment:
      MYSQL_ROOT_PASSWORD: example
    volumes:
      - db-data:/var/lib/mysql

volumes:
  db-data:

Start the stack:

docker compose up -d

Stop the stack:

docker compose down

Server Components

Component Install Path
Docker Community Edition /var/lib/docker

Note: Component versions may be updated on first boot by the automatic OS package update script.

Filesystem Layout

Mount Point Size Description
/ 38 GB Root filesystem
/boot 2 GB Operating system kernel files
/var/lib/docker 9.8 GB Docker installation directory (images, containers, volumes)

Key Docker directories:

Directory Purpose
/var/lib/docker Docker data root (images, containers, volumes, networks)
/var/lib/docker/volumes Named volumes for persistent container data
/var/lib/docker/overlay2 Container filesystem layers
/etc/docker Docker daemon configuration

Managing the Docker Service

Docker is managed via systemd and starts automatically on boot.

Check service status:

systemctl status docker

Stop Docker:

systemctl stop docker

Start Docker:

systemctl start docker

Restart Docker:

systemctl restart docker

Enable Docker to start on boot (default):

systemctl enable docker

Scripts and Log Files

Script/Log Path Description
initial_boot_update.sh /stage/scripts Updates the OS with the latest packages on first boot
initial_boot_update.log /stage/scripts Output log for the boot update script

On Startup

An OS package update script runs on first boot to ensure the image is fully up to date. You can disable this by removing the script and its crontab entry:

rm -f /stage/scripts/initial_boot_update.sh

crontab -e
# Delete the following line, save and exit:
@reboot /stage/scripts/initial_boot_update.sh

Troubleshooting

Docker service fails to start

  1. Check the service status: systemctl status docker
  2. Review Docker logs: journalctl -u docker --no-pager -n 50
  3. Verify disk space is available: df -h /var/lib/docker

Permission denied when running Docker commands

  1. Ensure you are running as root (sudo su -) or add your user to the docker group: bash sudo usermod -aG docker ec2-user
  2. Log out and log back in for group changes to take effect

Container cannot access the internet

  1. Check that the instance has a route to the internet (public subnet or NAT gateway)
  2. Verify Docker networking: docker network ls
  3. Test DNS resolution inside a container: docker run --rm busybox nslookup google.com

Disk space full

  1. Check Docker disk usage: docker system df
  2. Remove unused images, containers, and volumes: docker system prune -a
  3. Consider increasing the /var/lib/docker volume size

Security Recommendations

  • Restrict SSH access: Only allow port 22 from trusted IP addresses
  • Use non root users in containers: Add USER directives in your Dockerfiles
  • Scan images for vulnerabilities: Use docker scout or third party tools before deploying images
  • Limit container resources: Use --memory and --cpus flags to prevent resource exhaustion
  • Keep Docker updated: Regularly update with yum update docker-ce
  • Use trusted base images: Only pull images from official repositories or verified publishers
  • Enable Docker Content Trust: Set export DOCKER_CONTENT_TRUST=1 to verify image signatures
  • Do not expose the Docker socket: Never bind mount /var/run/docker.sock into untrusted containers

Support

If you encounter any issues with this product, contact cloudimg support:

  • Email: support@cloudimg.co.uk
  • Website: www.cloudimg.co.uk
  • Support hours: 24/7 with guaranteed 24 hour response SLA