{"id":16584324,"url":"https://github.com/markdumay/ubuntu-docker","last_synced_at":"2026-04-21T10:02:15.101Z","repository":{"id":119865872,"uuid":"270631253","full_name":"markdumay/ubuntu-docker","owner":"markdumay","description":"Install Docker on a Mint Ubuntu 20.04 LTS Server","archived":false,"fork":false,"pushed_at":"2022-10-11T04:32:47.000Z","size":74,"stargazers_count":0,"open_issues_count":4,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-16T15:56:55.952Z","etag":null,"topics":["ansible","docker","ubuntu"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/markdumay.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-08T10:48:49.000Z","updated_at":"2021-02-19T14:49:38.000Z","dependencies_parsed_at":"2023-06-03T11:00:41.722Z","dependency_job_id":null,"html_url":"https://github.com/markdumay/ubuntu-docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markdumay%2Fubuntu-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markdumay%2Fubuntu-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markdumay%2Fubuntu-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markdumay%2Fubuntu-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/markdumay","download_url":"https://codeload.github.com/markdumay/ubuntu-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242150809,"owners_count":20080006,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","docker","ubuntu"],"created_at":"2024-10-11T22:44:25.300Z","updated_at":"2026-04-21T10:02:14.998Z","avatar_url":"https://github.com/markdumay.png","language":"Shell","funding_links":["https://www.buymeacoffee.com/markdumay"],"categories":[],"sub_categories":[],"readme":"# ubuntu-docker\n\n\u003c!-- Tagline --\u003e\n\u003cp align=\"center\"\u003e\n \u003cb\u003eInstall Docker on a Mint Ubuntu 20.04 LTS Server\u003c/b\u003e\n \u003cbr /\u003e\n\u003c/p\u003e\n\n\n\u003c!-- Badges --\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/markdumay/ubuntu-docker/commits/master\" alt=\"Last commit\"\u003e\n \u003cimg src=\"https://img.shields.io/github/last-commit/markdumay/ubuntu-docker.svg\" /\u003e\n \u003c/a\u003e\n \u003ca href=\"https://github.com/markdumay/ubuntu-docker/issues\" alt=\"Issues\"\u003e\n \u003cimg src=\"https://img.shields.io/github/issues/markdumay/ubuntu-docker.svg\" /\u003e\n \u003c/a\u003e\n \u003ca href=\"https://github.com/markdumay/ubuntu-docker/pulls\" alt=\"Pulls\"\u003e\n \u003cimg src=\"https://img.shields.io/github/issues-pr-raw/markdumay/ubuntu-docker.svg\" /\u003e\n \u003c/a\u003e\n \u003ca href=\"https://github.com/markdumay/ubuntu-docker/blob/master/LICENSE\" alt=\"License\"\u003e\n \u003cimg src=\"https://img.shields.io/github/license/markdumay/ubuntu-docker.svg\" /\u003e\n \u003c/a\u003e\n\u003c/p\u003e\n\n\u003c!-- Table of Contents --\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#about\"\u003eAbout\u003c/a\u003e •\n \u003ca href=\"#prerequisites\"\u003ePrerequisites\u003c/a\u003e •\n \u003ca href=\"#deployment\"\u003eDeployment\u003c/a\u003e •\n \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e •\n \u003ca href=\"#contributing\"\u003eContributing\u003c/a\u003e •\n \u003ca href=\"#credits\"\u003eCredits\u003c/a\u003e •\n \u003ca href=\"#donate\"\u003eDonate\u003c/a\u003e •\n \u003ca href=\"#license\"\u003eLicense\u003c/a\u003e\n\u003c/p\u003e\n\n\n## About\n[Docker][docker_info] is a lightweight virtualization application that gives you the ability to run containers directly on your server. *Ubuntu-docker* is a basic shell script to harden a [Ubuntu][ubuntu_url] 20.04 LTS host and to install Docker and Docker Compose on this host. The host is setup as a Docker Swarm manager.\n\n\u003c!-- TODO: add tutorial deep-link \nDetailed background information is available on the author's [personal blog][blog].\n--\u003e\n\n## Prerequisites\n*Ubuntu-docker* runs on a remote server with Ubuntu 20.04 LTS installed. Other prerequisites are:\n\n* **SSH admin access is required** - Ubuntu-docker runs as a shell script on the terminal.\n* **A Ubuntu One account is recommended** - Canonical offers a *livepatch* service, which is free for personal use up to 3 machines. You can register at [this][livepatch] site. Once registered you get a token linked to your account.\n\n## Deployment\nDeployment of *ubuntu-docker* is a matter of cloning the GitHub repository. Login to your server via SSH first. Assuming you are in the working folder of your choice, clone the repository files. Git automatically creates a new folder `ubuntu-docker` and copies the files to this directory. Then change your current folder to simplify the execution of the shell script.\n\n```console\ngit clone https://github.com/markdumay/ubuntu-docker.git\ncd ubuntu-docker\n```\n\n\u003c!-- TODO: TEST CHMOD --\u003e\n\n## Usage\n*Ubuntu-docker* requires `sudo` rights. Use the following command to invoke `ubuntu-docker.sh` from the command line.\n\n```\nsudo ./ubuntu-docker.sh [OPTIONS] COMMAND\n```\n\nIf a `.env` file is present, *ubuntu-docker* reads the following variables.\n\n\n| Variable | Default | Description |\n|-----------------------|-----------|-------------|\n| IP_SSH_ALLOW_HOSTNAME | | Restricts SSH access to the IP address associated with the domain (e.g. `ddns.example.com`) if specified. The domain is polled every 5 minutes to cater for changes (such as dynamic IP addresses). |\n| IP_SSH_PORT | 22 | The SSH port to be configured by the firewall (UWF), defaults to `22`. |\n| IPV6 | false | Indicates whether IPv6 support is required, disabled by default. |\n| CANONICAL_TOKEN | | Unique token associated with your Ubuntu One account, used for live patching. |\n\n### Commands\n*Ubuntu-docker* supports the following commands. \n\n| Command | Argument | Description |\n|---------------|-----------|-------------|\n| **`init`** | | Hardens a mint Ubuntu 20.04 LTS server |\n| **`install`** | | Installs Docker, Docker Compose, and Docker Swarm on a Ubuntu 20.04 LTS host |\n\nThe `init` command executes the following sequence of steps.\n1. **Create a Non-Root User with Sudo Privileges** - Creates a non-root user `admin` with administrative privileges.\n2. **Disable Remote Root Login** - Ensures `root` can no longer login remotely to the server. Instead, the `admin` user with explicitly elevated privileges through `sudo` is used for server administration.\n3. **Secure Shared Memory** - Mounts `/run/shm` in read-only mode, preventing the ability of data being passed between applications.\n4. **Make Boot Files Read-Only** - Prevents unauthorized modifications to the server boot files.\n5. **Install Fail2Ban** - Prevents brute-force attacks by banning repeat login attempts from a single IP address.\n6. **Enable Livepatch** - If `CANONICAL_TOKEN` is specified in `.env`, automatically applies critical kernel security fixes without rebooting.\n7. **Enable swap limit support** - Updates grub to enable swap limit support (recommended by Docker, requires reboot)\n8. **Enable Firewall** - Installs Uncomplicated Firewall (UFW) to only allow web traffic (port 80 and port 443) and SSH-traffic (port `IP_SSH_PORT`) to the server. If `IP_SSH_ALLOW_HOSTNAME` is specified in the `.env` file, a cron job is executed every 5 minutes to poll for the IP address associated with the hostname. SSH access is then restricted to this IP address only.\n\nThe `install` command executes the following workflow.\n1. **Install Docker** - Installs the latest Docker Engine from the official Docker repository.\n2. **Add Admin** - Adds the `admin` user to the `docker` user group.\n3. **Configure Docker Daemon** - Implements several Docker security audit recommendations.\n4. **Enable Docker Audit** - Enables auditing of Docker.\n5. **Docker Environment** - Ensures Content Trust for Docker is enabled (verifies signatures of Docker images).\n6. **Download and Install Docker Compose** - Downloads and installs the latest Docker Compose binary.\n7. **Initialize Docker Swarm** - Initializes Docker to become a Swarm Manager.\n8. **Configure Ports for Swarm Communication** - Enables specific TCP and UDP ports needed for Docker Swarm communication between nodes if the option `--ports` is present, disables ports otherwise. \n\n\n\n\u003c!-- TODO: SSH keys --\u003e\n\n\n### Options\n*Ubuntu-docker* supports the following options. \n\n| Option | Alias | Argument | Description |\n|-------------|-------------|------------|-------------|\n| `-f` | `--force` | | Force the installation and bypass compatibility checks |\n| `-p` | `--ports` | | Open Docker Swarm ports (disabled by default) |\n\n\n## Contributing\n1. Clone the repository and create a new branch \n ```\n $ git checkout https://github.com/markdumay/Ubuntu-docker.git -b name_for_new_branch\n ```\n2. Make and test the changes\n3. Submit a Pull Request with a comprehensive description of the changes\n\n## Credits\n*Ubuntu-docker* is inspired by the following blog articles:\n* Brian Boucheron - [How To Audit Docker Host Security with Docker Bench for Security on Ubuntu 16.04][digital_ocean_bench]\n* Brian Hogan - [How To Install and Use Docker on Ubuntu 20.04][digital_ocean_setup]\n* Vladimir Rakov - [How to Harden your Ubuntu 18.04 Server][hostadvice]\n* Thomas @ euroVPS - [20 Ways to Secure Your Linux VPS so You Don’t Get Hacked][eurovps]\n\n## Donate\n\u003ca href=\"https://www.buymeacoffee.com/markdumay\" target=\"_blank\"\u003e\u003cimg src=\"https://cdn.buymeacoffee.com/buttons/lato-orange.png\" alt=\"Buy Me A Coffee\" style=\"height: 51px !important;width: 217px !important;\"\u003e\u003c/a\u003e\n\n## License\n\u003ca href=\"https://github.com/markdumay/ubuntu-docker/blob/master/LICENSE\" alt=\"License\"\u003e\n \u003cimg src=\"https://img.shields.io/github/license/markdumay/ubuntu-docker.svg\" /\u003e\n\u003c/a\u003e\n\nCopyright © [Mark Dumay][blog]\n\n\n\n\u003c!-- MARKDOWN PUBLIC LINKS --\u003e\n[docker_info]: https://www.docker.com/why-docker\n[ubuntu_url]: https://ubuntu.com\n[digital_ocean_bench]: https://www.digitalocean.com/community/tutorials/how-to-audit-docker-host-security-with-docker-bench-for-security-on-ubuntu-16-04\n[digital_ocean_setup]: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04\n[livepatch]: https://ubuntu.com/livepatch\n[eurovps]: https://www.eurovps.com/blog/20-ways-to-secure-linux-vps/\n[hostadvice]: https://hostadvice.com/how-to/how-to-harden-your-ubuntu-18-04-server/\n\n\n\u003c!-- MARKDOWN MAINTAINED LINKS --\u003e\n\u003c!-- TODO: add blog link\n[blog]: https://markdumay.com\n--\u003e\n[blog]: https://github.com/markdumay\n[repository]: https://github.com/markdumay/ubuntu-docker.git","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarkdumay%2Fubuntu-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarkdumay%2Fubuntu-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarkdumay%2Fubuntu-docker/lists"}