Here we will install

Setup Docker

Install simple docker

Run the following

apt update
apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL | sudo apt-key add -
add-apt-repository "deb [arch=amd64] focal stable"
apt update
apt-cache policy docker-ce
apt install docker-ce docker-ce-cli

And verify the startup

systemctl status docker

Setup a local docker network for persistent utils

This will be needed to contact the host from the guest with a unique address

docker network create -d bridge --subnet --gateway dockernet

Start docker after crypt mount

Create another systemd

** /etc/systemd/system/docker **

Description=Start docker service

ExecStart=/bin/sh -c '/etc/init.d/docker start'
ExecStop=/bin/sh -c '/etc/init.d/docker stop'
Restart=/bin/sh -c '/etc/init.d/docker restart'

Change location

You should then move the docker files on the encrypted disk

Modify the following

** /etc/init.d/docker **

+ DOCKER_OPTS="-g /mnt/data/apps/docker"

Run the following to setup the new docker location

mkdir -p /mnt/data/apps/docker
chmod 777 /mnt/data/apps/docker

Modify the service to start from new location after decrypt

** /lib/systemd/system/docker.service **

+ After=mnt-data.mount
+ Wants=mnt-data.mount
- ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
+ ExecStart=/usr/bin/dockerd -g /mnt/data/apps/docker -H fd:// --containerd=/run/containerd/containerd.sock

Block everything

systemctl daemon-reload
systemctl stop docker

Kill every process founded by the following request

ps aux | grep -i docker | grep -v grep

Move and restart

rsync -aqxP /var/lib/docker/ /mnt/data/apps/docker
systemctl start docker

Install portainer

It's a nice utility to manage docker compose and docker via a web UI

Run docker run -d\ -v "/var/run/docker.sock:/var/run/docker.sock" \ --restart unless-stopped \ --name portainer \ --network dockernet \ -p 9000:9000 portainer/portainer

Go to http://server:9000, prepare the login with user "root" with a very long password and connect the local docker instance with the address. Afterwards we will add ldap users


Then at the end of Ldap configuration you will configure the Ldap access

Create a global group

When you have a user to enable

Last modified on: June 08, 2020