How to Install Docker on Ubuntu 20.04

What is Docker

Docker is a powerful tool that allows us to build, run, and distribute applications by using containerization technology. Containers are lightweight, standalone, executable packages that include everything needed to run a piece of software, including the code, runtime, system tools, libraries, and settings. They are isolated from each other and the host system.

Install Docker Engine on Ubuntu

Before installing Docker on Ubuntu 20.04, make sure you meet the prerequisites.

Prerequisites

OS requirements

To install Docker Engine, you need the 64-bit version of one of these Ubuntu versions:

  • Ubuntu Mantic 23.10

  • Ubuntu Lunar 23.04

  • Ubuntu Jammy 22.04 (LTS)

  • Ubuntu Focal 20.04 (LTS)

Docker Engine for Ubuntu is compatible with x86_64 (or amd64), armhf, arm64, s390x, and ppc64le (ppc64el) architectures.

Uninstall old versions

Before you can install Docker Engine, you need to uninstall any conflicting packages.

Distro maintainers provide unofficial distributions of Docker packages in APT. You must uninstall these packages before you can install the official version of Docker Engine.

The unofficial packages to uninstall are:

  • docker.io

  • docker-compose

  • docker-compose-v2

  • docker-doc

  • podman-docker

Moreover, Docker Engine depends on containerd and runc. Docker Engine bundles these dependencies as one bundle: containerd.io. If you have installed the containerd or runc previously, uninstall them to avoid conflicts with the versions bundled with Docker Engine.

Install using the apt repository

  1. Ensure that Ubuntu has the right version by running the following command:

     lsb_release -a
    

  2. Ensure that you do not have any conflicting packages by uninstalling old versions. Run the following command:

      for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman- 
     docker containerd runc; do sudo apt-get remove $pkg; done
    

    Images, containers, volumes, and networks stored in /var/lib/docker/ aren't automatically removed when you uninstall Docker. If you want to start with a clean installation, and prefer to clean up any existing data, read the uninstall Docker Engine section.

💡
Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository by adding Docker's official GPG key. Afterward, you can install and update Docker from the repository.
  1. Update the package database to get the latest versions of packages and their dependencies:

     sudo apt-get update
    
  2. Install packages that allow apt to use a repository over HTTPS:

     sudo apt-get install ca-certificates curl gnupg
    
    • ca-certificates package contains a set of Certificate Authority (CA) certificates. These are essential for verifying the authenticity of SSL/TLS certificates - in other words, they are used to establish the trustworthiness of secure websites and downloaded packages.

    • curl: Curl is a command-line tool and library for transferring data with URLs. It's used for downloading files from the internet and can handle a variety of protocols, including HTTP, HTTPS, FTP, and more.

    • gnupg: Stands for GNU Privacy Guard; it's a package for encryption and signing data. It's used here primarily for handling the GPG key related to Docker.

  3. Create a new directory named /etc/apt/keyrings with read, write, and execute permissions for the owner, and read and execute permissions for group members and other users.

     sudo install -m 0755 -d /etc/apt/keyrings
    
  4. Download the GPG key for the Docker repository from its website and save it as a binary keyring file in /etc/apt/keyrings, which APT can then use to verify the authenticity of Docker packages downloaded from the repository:

     curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
    
    • gpg --dearmor is used to convert the armored GPG key (ASCII text format) into a binary format.

    • -o /etc/apt/keyrings/docker.gpg specifies the output file where the converted key should be saved.

This is a security step: when APT is downloading packages from the Docker repository, it can use this GPG key to verify that the packages are authentic and haven't been tampered with. The GPG key mechanism explanation is provided in the next section.

  1. Change the file permissions of the Docker GPG key to be readable by all users:

     sudo chmod a+r /etc/apt/keyrings/docker.gpg
    
  2. Verify that you now have the key with the fingerprint. Run:

     sudo apt-key fingerprint
    

  3. Add the Docker Repository to APT sources:

     sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
    

    The command above is used in Ubuntu-based systems to add Docker's official APT repository to the list of sources from which packages can be installed.

  4. Update Package Database with Docker Packages.

     sudo apt update
    
  5. Now, install the latest version of Docker CE (Community Edition) using:

     sudo apt install docker-ce
    
    💡
    We can install Docker either directly from Docker's official repository (docker-ce) and get the latest version of Docker or from Ubuntu's repository (docker.io) maintained by the Ubuntu community which might not always be the latest version of Docker. In this hands-on, we download docker-ce.
  6. Check if Docker is running:

    sudo systemctl status docker
    

    If Docker is running, you'll see an active (running) status in the output.

  7. Add Your User to the Docker Group (Optional). By default, running the docker command requires administrator privileges. To run Docker commands as your non-root user, add your user to the docker group:

    sudo usermod -aG docker ${USER}
    

    You'll need to log out and back in for this to take effect.

  8. Test Docker. Run the hello-world image to test if Docker is correctly installed:

    docker run hello-world
    

  9. Configure Docker to Start on Boot (Optional). Enable Docker to start on boot with:

    sudo systemctl enable docker
    

How GPG Works in Package Verification

  1. Key Pair: GPG operates using a pair of keys:

    • Private Key: Known only to the key's owner, used for signing data.

    • Public Key: Distributed openly, used for verifying signatures.

  2. Signing the Package:

    • The package maintainer (e.g., Docker) signs the package with their private GPG key before distributing it. This signature is a form of a digital fingerprint uniquely generated from the package content via a hashing algorithm.

    • The signing process doesn't encrypt the whole package; it just generates a signature based on the package's content.

  3. Distributing the Public Key:

    • The maintainer also makes their public GPG key available, often on a website or in a public key server. This public key is what users will download and add to their keyring.

    • This public key can verify signatures made by the corresponding private key but can't be used to generate those signatures.

  4. User Downloads the Package:

    • When a user downloads the package, they also receive the digital signature.
  5. Verification Process:

    • On the user's side, the GPG tool uses the maintainer's public key to verify the signature attached to the package.

    • If the signature is valid, it ensures that the package hasn't been altered since it was signed - i.e., it's authentic and unmodified.

References

  1. How to Install Docker on Ubuntu: A Step-By-Step Guide

  2. Install Docker Engine on Ubuntu

  3. What is PGP/GPG Encryption? In 3 Minutes - PGP/GPG Tutorial for Beginners

  4. Public and Private Keys - Signatures & Key Exchanges - Cryptography - Practical TLS

  5. Installing Docker on Ubuntu 20.04