Install Docker¶

Install Docker Engine and create a dedicated docker user for running containers without sudo.

Info

Docker is only needed on servers that will run the backend stack. K3s master/worker nodes use containerd — they do not need Docker.

Prerequisites¶

Server has completed the Setup Server guide
Logged in as ubuntu (or any user with sudo)

Install Docker Engine¶

Follow the official Docker docs for Ubuntu to install Docker Engine. The short version:

sudo apt-get update
sudo apt-get install -y ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Verify:

sudo docker run hello-world

Create the Docker User¶

Create a dedicated docker user that can run Docker without sudo and only accepts SSH key login (no password).

The docker group already exists from the Docker install. Use -g docker to make it the user's primary group:

sudo useradd -m -s /bin/bash -g docker docker
sudo usermod -aG sudo docker
sudo passwd -l docker

Flag	Effect
`-g docker`	Primary group is `docker` → can run `docker` commands without `sudo`
`-aG sudo`	Also in the `sudo` group → can run `sudo` when needed
`passwd -l`	Lock password → login only via SSH key, no password auth

Copy SSH Keys¶

Copy your existing SSH keys from the current user so the docker user can be accessed with the same key:

sudo mkdir -p /home/docker/.ssh
sudo cp -r ~/.ssh/* /home/docker/.ssh/
sudo chown -R docker:docker /home/docker/.ssh
sudo chmod 700 /home/docker/.ssh
sudo chmod 600 /home/docker/.ssh/authorized_keys
sudo chmod 600 /home/docker/.ssh/id_* 2>/dev/null || true

Test¶

From your dev machine:

ssh docker@SERVER_IP
docker ps

You should log in with your key (no password prompt) and docker ps should work without sudo.

Quick Reference¶

Step	Command
Install Docker	Official docs
Create docker user	`sudo useradd -m -s /bin/bash -g docker docker`
Lock password	`sudo passwd -l docker`
Copy SSH keys	`sudo cp -r ~/.ssh/* /home/docker/.ssh/`
Test	`ssh docker@SERVER_IP && docker ps`

Next step

After installing Docker, continue to Deploy Backend to set up the backend stack. UFW rules for Docker container ports are configured there (after docker compose up creates the network).