安装最简单的方法是:sudo apt-get update   sudo apt-get install docker

更新安装包信息, 确保 APT 使用 https 协议, 同时CA 证书已经被安装.

 $ sudo apt-get update $ sudo apt-get install apt-transport-https ca-certificates


$ sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D


用编辑器打开 /etc/apt/sources.list.d/docker.list添加下面这句,如果不存在docker.list新建一个再添加。

deb https://apt.dockerproject.org/repo ubuntu-xenial main

注意:docker没有为所有的架构提供包,Binary artifacts are built nightly,你可以从https://master.dockerproject.org. 处下载下来。在一个多架构的系统上安装docker,为键添加一个[arch=]条款。更多细节参考Debian Multiarch维基百科。

更新APT 软件包索引

$ sudo apt-get update

清除旧的repo if it exists

$ sudo apt-get purge lxc-docker

至此,你可以 使用命令apt-get upgrade, APT 从新代码库拉取代码.



Ubuntu Xenial 16.04[LTS]  Ubuntu Trusty 14.04[LTS]

$ sudo apt-get install linux-image-extra-$(uname -r) linux-image-extra-virtual


1) 更新APT包索引:sudo apt-get update2) 安装docker:sudo apt-get install docker-engine3) 开启docker后天进程:sudo service docker start4) 校验docker是否安装成功:sudo docker run hello-world这个命令会下载一个测试镜像,并且运行在一个容器中。当容器运行时,他会打印一些信息,并且退出。


jack@jack-VirtualBox:~$ sudo service docker start [sudo] password for jack: jack@jack-VirtualBox:~$ sudo docker run hello-worldUnable to find image 'hello-world:latest' locallylatest: Pulling from library/hello-world9a0669468bf7: Pull complete Digest: sha256:cf2f6d004a59f7c18ec89df311cf0f6a1c714ec924eebcbfdd759a669b90e711Status: Downloaded newer image for hello-world:latestHello from Docker!This message shows that your installation appears to be working correctly.To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. 3. The Docker daemon created a new container from that image which runs the    executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it    to your terminal.To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bashShare images, automate workflows, and more with a free Docker ID: https://cloud.docker.com/For more examples and ideas, visit: https://docs.docker.com/engine/userguide/



docker后台进程是绑定的Unix的socket而不是TCP端口。默认情况下,Unix的socket属于用户root,其它用户要使用要通过sudo命令。由于这个原因,docker daemon通常使用root用户运行。
为了避免使用sudo当你使用docker命令的时候,创建一个Unix组名为docker并且添加用户。当docker daemon启动,它会分配Unix socket读写权限给所属的docker组。
注意:docker组不等价于用户root,如果想要知道的更多关于安全影响,查看docker daemon attack surface。

  sudo groupadd docker //在ubuntu16上不需要另外创建docker助,默认在安装docker是就已经建好了,可以用cat /etc/group查看下有无docker组  sudo usermod -aG docker $USER

This ensures your user is running with the correct permissions.


$ docker run hello-world


Cannot connect to the Docker daemon. Is ‘docker daemon’ running on this host?
检查 DOCKER_HOST 环境变量 没有设置shell. 如果这样,重置他.


When users run Docker, they may see these messages when working with an image:WARNING: Your kernel does not support cgroup swap limit. WARNING: Yourkernel does not support swap limit capabilities. Limitation discarded.To prevent these messages, enable memory and swap accounting on your system. Enabling memory and swap accounting does induce both a memory overhead and a performance degradation even when Docker is not in use. The memory overhead is about 1% of the total available memory. The performance degradation is roughly 10%.To enable memory and swap on system using GNU GRUB (GNU GRand Unified Bootloader), do the following:Log into Ubuntu as a user with sudo privileges.Edit the /etc/default/grub file.Set the GRUB_CMDLINE_LINUX value as follows:GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"Save and close the file.Update GRUB.$ sudo update-grubReboot your system.


  WARNING: Your kernel does not support cgroup swap limit. WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.


  修改/etc/default/grub文件。vi或者vim命令都行,设置GRUB_CMDLINE_LINUX的值,如下:GRUB_CMDLINE_LINUX=”cgroup_enable=memory swapaccount=1”。保存文件并关闭。sudo update-grub更新启动项。reboot重启你的系统。


If you use UFW (Uncomplicated Firewall) on the same host as you run Docker, you’ll need to do additional configuration. Docker uses a bridge to manage container networking. By default, UFW drops all forwarding traffic. As a result, for Docker to run when UFW is enabled, you must set UFW’s forwarding policy appropriately.Also, UFW’s default set of rules denies all incoming traffic. If you want to reach your containers from another host allow incoming connections on the Docker port. The Docker port defaults to 2376 if TLS is enabled or 2375 when it is not. If TLS is not enabled, communication is unencrypted. By default, Docker runs without TLS enabled.To configure UFW and allow incoming connections on the Docker port:Log into Ubuntu as a user with sudo privileges.Verify that UFW is installed and enabled.$ sudo ufw statusOpen the /etc/default/ufw file for editing.$ sudo nano /etc/default/ufwSet the DEFAULT_FORWARD_POLICY policy to:DEFAULT_FORWARD_POLICY="ACCEPT"Save and close the file.Reload UFW to use the new setting.$ sudo ufw reloadAllow incoming connections on the Docker port.$ sudo ufw allow 2375/tcp

  当你运行docker时,在同一台主机上使用UFW(Uncomplicated Firewall) ,你需要额外的配置。docker使用桥接方式来管理容器的网络。默认情况下,UFW废弃所有的转发流量。因此,docker运行时UFW可以使用,你必须设置合适UFW的转发规则。



  检查UFW是否安装并启用:sudo ufw status

  打开/etc/default/ufw文件并编辑:sudo nano /etc/default/ufw


  保存退出并重启使用新的设置:sudo ufw reload

  允许所有的连接到docker端口:sudo ufw allow 2375/tcp


Systems that run Ubuntu or an Ubuntu derivative on the desktop typically use127.0.0.1 as the default nameserver in /etc/resolv.conf file. The NetworkManager also sets up dnsmasq to use the real DNS servers of the connection and sets up nameserver in /etc/resolv.conf.When starting containers on desktop machines with these configurations, Docker users see this warning:WARNING: Local ( DNS resolver found in resolv.conf and containerscan't use it. Using default external servers : []The warning occurs because Docker containers can’t use the local DNS nameserver. Instead, Docker defaults to using an external nameserver.To avoid this warning, you can specify a DNS server for use by Docker containers. Or, you can disable dnsmasq in NetworkManager. Though, disablingdnsmasq might make DNS resolution slower on some networks.The instructions below describe how to configure the Docker daemon running on Ubuntu 14.10 or below. Ubuntu 15.04 and above use systemd as the boot and service manager. Refer to control and configure Docker with systemd to configure a daemon controlled by systemd.To specify a DNS server for use by Docker:Log into Ubuntu as a user with sudo privileges.Open the /etc/default/docker file for editing.$ sudo nano /etc/default/dockerAdd a setting for Docker.DOCKER_OPTS="--dns"Replace with a local DNS server such as You can also specify multiple DNS servers. Separated them with spaces, for example:--dns --dns If you’re doing this on a laptop which connects to various networks, make sure to choose a public DNS server.Save and close the file.Restart the Docker daemon.$ sudo service docker restartOr, as an alternative to the previous procedure, disable dnsmasq in NetworkManager (this might slow your network).Open the /etc/NetworkManager/NetworkManager.conf file for editing.$ sudo nano /etc/NetworkManager/NetworkManager.confComment out the dns=dnsmasq line:dns=dnsmasq保存并关闭.重启NetworkManager 和 Docker.$ sudo restart network-manager$ sudo restart docker

 系统运行桌面的Ubuntu或者Ubuntu衍生产品通常使用127.0.0.1作为默认的nameserver文件/etc/resolv.conf文件中。NetworkManager也通常设置dnsmasq nameserver在/etc/resolv.conf。


  WARNING: Local ( DNS resolver found in resolv.conf and containers can’t use it. Using default external servers : []





  打开/etc/default/docker文件并编辑:sudo nano /etc/default/docker,添加配置项:DOCKER_OPTS=”–dns”。将8.8.8.8用一个本地的DNS服务例如192.168.1.1替换。你也可以配置多个DNS服务器。用空格隔开它们,如:–dns –dns。警告:当你在笔记本连接了不同网络的情况时做这些操作,确保选择一个公用的DNS服务器。保存文件并退出,重启docker守护进程:sudo service docker restart。


  打开/etc/NetworkManager/NetworkManager.conf文件,编辑它:sudo nano /etc/NetworkManager/NetworkManager.conf。找到行dns=dnsmasq,注释掉。保存关闭文件,重启网络管理器和docker.sudo restart network-manager sudo restart docker。


Ubuntu uses systemd as its boot and service manager 15.04 onwards andupstart for versions 14.10 and below.For 15.04 and up, to configure the docker daemon to start on boot, run$ sudo systemctl enable dockerFor 14.10 and below the above installation method automatically configuresupstart to start the docker daemon on boot

Ubuntu15.04之后使用systemd作为引导启动和服务管理,14.10及以下版本是upstart。15.04以上,需要配置docker守护进程boot启动,运行命令:sudo systemctl enable docker

  14.10及以下版本安装方法会自动配置upstart来启动docke daemon在boot。


升级:sudo apt-get upgrade docker-engine

  卸载:sudo apt-get purge docker-engine

  卸载及依赖:sudo apt-get autoremove –purge docker-engine


  rm -rf /var/lib/docker