To get started with Docker Engine on Debian, make sure you meet the prerequisites, and then follow the installation steps.
Prerequisites#
Firewall limitations#
[!WARNING]
Before you install Docker, make sure you consider the following security implications and firewall incompatibilities.
- If you use ufw or firewalld to manage firewall settings, be aware that when you expose container ports using Docker, these ports bypass your firewall rules. For more information, refer to Docker and ufw.
- Docker is only compatible with
iptables-nft
andiptables-legacy
. Firewall rules created withnft
are not supported on a system with Docker installed. Make sure that any firewall rulesets you use are created withiptables
orip6tables
, and that you add them to theDOCKER-USER
chain, see Packet filtering and firewalls.
OS requirements#
To install Docker Engine, you need the 64-bit version of one of these Debian versions:
- Debian Bookworm 12 (stable)
- Debian Bullseye 11 (oldstable)
Docker Engine for Debian is compatible with x86_64 (or amd64), armhf, arm64, and ppc64le (ppc64el) architectures.
Uninstall old versions#
Before you can install Docker Engine, you need to uninstall any conflicting packages.
Distro maintainers provide unofficial distributions of Docker packages in their repositories. You must uninstall these packages before you can install the official version of Docker Engine.
The unofficial packages to uninstall are:
docker.io
docker-compose
docker-doc
podman-docker
Moreover, Docker Engine depends on containerd
and runc
. Docker Engine
bundles these dependencies as one bundle: containerd.io
. If you have
installed the containerd
or runc
previously, uninstall them to avoid
conflicts with the versions bundled with Docker Engine.
Run the following command to uninstall all conflicting packages:
$ for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
apt-get
might report that you have none of these packages installed.
Images, containers, volumes, and networks stored in /var/lib/docker/
aren't
automatically removed when you uninstall Docker. If you want to start with a
clean installation, and prefer to clean up any existing data, read the
uninstall Docker Engine section.
Installation methods#
You can install Docker Engine in different ways, depending on your needs:
-
Docker Engine comes bundled with Docker Desktop for Linux. This is the easiest and quickest way to get started.
-
Set up and install Docker Engine from Docker's
apt
repository. -
Install it manually and manage upgrades manually.
-
Use a convenience script. Only recommended for testing and development environments.
Install using the apt
repository#
Before you install Docker Engine for the first time on a new host machine, you
need to set up the Docker apt
repository. Afterward, you can install and update
Docker from the repository.
- Set up Docker's
apt
repository.
```bash # Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL {{\% param "download-url-base" \%}}/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] {{\% param "download-url-base" \%}} \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update ```
[!NOTE]
If you use a derivative distro, such as Kali Linux, you may need to substitute the part of this command that's expected to print the version codename:
console $(. /etc/os-release && echo "$VERSION_CODENAME")
Replace this part with the codename of the corresponding Debian release, such as
bookworm
.
- Install the Docker packages.
{ { < tabs > } } { { < tab name="Latest" > } }
To install the latest version, run:
console
$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
{ { < /tab > } } { { < tab name="Specific version" > } }
To install a specific version of Docker Engine, start by listing the available versions in the repository:
```console # List the available versions: $ apt-cache madison docker-ce | awk '{ print $3 }'
5:27.1.1-1~debian.12~bookworm 5:27.1.0-1~debian.12~bookworm ... ```
Select the desired version and install:
console
$ VERSION_STRING=5:27.1.1-1~debian.12~bookworm
$ sudo apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-buildx-plugin docker-compose-plugin
{ { < /tab > } } { { < /tabs > } }
- Verify that the installation is successful by running the
hello-world
image:
console
$ sudo docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints a confirmation message and exits.
You have now successfully installed and started Docker Engine.
{ { < include "root-errors.md" > } }
Upgrade Docker Engine#
To upgrade Docker Engine, follow step 2 of the installation instructions, choosing the new version you want to install.
Install from a package#
If you can't use Docker's apt
repository to install Docker Engine, you can
download the deb
file for your release and install it manually. You need to
download a new file each time you want to upgrade Docker Engine.
-
Select your Debian version in the list.
-
Go to
pool/stable/
and select the applicable architecture (amd64
,armhf
,arm64
, ors390x
). -
Download the following
deb
files for the Docker Engine, CLI, containerd, and Docker Compose packages: -
containerd.io_<version>_<arch>.deb
docker-ce_<version>_<arch>.deb
docker-ce-cli_<version>_<arch>.deb
docker-buildx-plugin_<version>_<arch>.deb
-
docker-compose-plugin_<version>_<arch>.deb
-
Install the
.deb
packages. Update the paths in the following example to where you downloaded the Docker packages.
console
$ sudo dpkg -i ./containerd.io_<version>_<arch>.deb \
./docker-ce_<version>_<arch>.deb \
./docker-ce-cli_<version>_<arch>.deb \
./docker-buildx-plugin_<version>_<arch>.deb \
./docker-compose-plugin_<version>_<arch>.deb
The Docker daemon starts automatically.
- Verify that the Docker Engine installation is successful by running the
hello-world
image:
console
$ sudo service docker start
$ sudo docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints a confirmation message and exits.
You have now successfully installed and started Docker Engine.
{ { < include "root-errors.md" > } }
Upgrade Docker Engine#
To upgrade Docker Engine, download the newer package files and repeat the installation procedure, pointing to the new files.
{ { < include "install-script.md" > } }
Uninstall Docker Engine#
-
Uninstall the Docker Engine, CLI, containerd, and Docker Compose packages:
console $ sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras
-
Images, containers, volumes, or custom configuration files on your host aren't automatically removed. To delete all images, containers, and volumes:
console $ sudo rm -rf /var/lib/docker $ sudo rm -rf /var/lib/containerd
You have to delete any edited configuration files manually.
Next steps#
- Continue to Post-installation steps for Linux.