To get started with Docker Engine on Debian, make sure you meet the prerequisites, and then follow the installation steps.

Prerequisites#

Firewall limitations#

[!WARNING]

Before you install Docker, make sure you consider the following security implications and firewall incompatibilities.

  • If you use ufw or firewalld to manage firewall settings, be aware that when you expose container ports using Docker, these ports bypass your firewall rules. For more information, refer to Docker and ufw.
  • Docker is only compatible with iptables-nft and iptables-legacy. Firewall rules created with nft are not supported on a system with Docker installed. Make sure that any firewall rulesets you use are created with iptables or ip6tables, and that you add them to the DOCKER-USER chain, see Packet filtering and firewalls.

OS requirements#

To install Docker Engine, you need the 64-bit version of one of these Debian versions:

  • Debian Bookworm 12 (stable)
  • Debian Bullseye 11 (oldstable)

Docker Engine for Debian is compatible with x86_64 (or amd64), armhf, arm64, and ppc64le (ppc64el) architectures.

Uninstall old versions#

Before you can install Docker Engine, you need to uninstall any conflicting packages.

Distro maintainers provide unofficial distributions of Docker packages in their repositories. You must uninstall these packages before you can install the official version of Docker Engine.

The unofficial packages to uninstall are:

  • docker.io
  • docker-compose
  • docker-doc
  • podman-docker

Moreover, Docker Engine depends on containerd and runc. Docker Engine bundles these dependencies as one bundle: containerd.io. If you have installed the containerd or runc previously, uninstall them to avoid conflicts with the versions bundled with Docker Engine.

Run the following command to uninstall all conflicting packages:

$ for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done

apt-get might report that you have none of these packages installed.

Images, containers, volumes, and networks stored in /var/lib/docker/ aren't automatically removed when you uninstall Docker. If you want to start with a clean installation, and prefer to clean up any existing data, read the uninstall Docker Engine section.

Installation methods#

You can install Docker Engine in different ways, depending on your needs:

Install using the apt repository#

Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker apt repository. Afterward, you can install and update Docker from the repository.

  1. Set up Docker's apt repository.

```bash # Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL {{\% param "download-url-base" \%}}/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] {{\% param "download-url-base" \%}} \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update ```

[!NOTE]

If you use a derivative distro, such as Kali Linux, you may need to substitute the part of this command that's expected to print the version codename:

console $(. /etc/os-release && echo "$VERSION_CODENAME")

Replace this part with the codename of the corresponding Debian release, such as bookworm.

  1. Install the Docker packages.

{ { < tabs > } } { { < tab name="Latest" > } }

To install the latest version, run:

console $ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

{ { < /tab > } } { { < tab name="Specific version" > } }

To install a specific version of Docker Engine, start by listing the available versions in the repository:

```console # List the available versions: $ apt-cache madison docker-ce | awk '{ print $3 }'

5:27.1.1-1~debian.12~bookworm 5:27.1.0-1~debian.12~bookworm ... ```

Select the desired version and install:

console $ VERSION_STRING=5:27.1.1-1~debian.12~bookworm $ sudo apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-buildx-plugin docker-compose-plugin

{ { < /tab > } } { { < /tabs > } }

  1. Verify that the installation is successful by running the hello-world image:

console $ sudo docker run hello-world

This command downloads a test image and runs it in a container. When the container runs, it prints a confirmation message and exits.

You have now successfully installed and started Docker Engine.

{ { < include "root-errors.md" > } }

Upgrade Docker Engine#

To upgrade Docker Engine, follow step 2 of the installation instructions, choosing the new version you want to install.

Install from a package#

If you can't use Docker's apt repository to install Docker Engine, you can download the deb file for your release and install it manually. You need to download a new file each time you want to upgrade Docker Engine.

  1. Go to \{\{\% param "download-url-base" \%\}\}/dists/.

  2. Select your Debian version in the list.

  3. Go to pool/stable/ and select the applicable architecture (amd64, armhf, arm64, or s390x).

  4. Download the following deb files for the Docker Engine, CLI, containerd, and Docker Compose packages:

  5. containerd.io_<version>_<arch>.deb

  6. docker-ce_<version>_<arch>.deb
  7. docker-ce-cli_<version>_<arch>.deb
  8. docker-buildx-plugin_<version>_<arch>.deb
  9. docker-compose-plugin_<version>_<arch>.deb

  10. Install the .deb packages. Update the paths in the following example to where you downloaded the Docker packages.

console $ sudo dpkg -i ./containerd.io_<version>_<arch>.deb \ ./docker-ce_<version>_<arch>.deb \ ./docker-ce-cli_<version>_<arch>.deb \ ./docker-buildx-plugin_<version>_<arch>.deb \ ./docker-compose-plugin_<version>_<arch>.deb

The Docker daemon starts automatically.

  1. Verify that the Docker Engine installation is successful by running the hello-world image:

console $ sudo service docker start $ sudo docker run hello-world

This command downloads a test image and runs it in a container. When the container runs, it prints a confirmation message and exits.

You have now successfully installed and started Docker Engine.

{ { < include "root-errors.md" > } }

Upgrade Docker Engine#

To upgrade Docker Engine, download the newer package files and repeat the installation procedure, pointing to the new files.

{ { < include "install-script.md" > } }

Uninstall Docker Engine#

  1. Uninstall the Docker Engine, CLI, containerd, and Docker Compose packages:

    console $ sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras

  2. Images, containers, volumes, or custom configuration files on your host aren't automatically removed. To delete all images, containers, and volumes:

    console $ sudo rm -rf /var/lib/docker $ sudo rm -rf /var/lib/containerd

You have to delete any edited configuration files manually.

Next steps#