Published on

Setup Alpine as a Docker Host

Authors
  • avatar
    Name
    Jo Guerreiro
    Twitter

Alpine linux is being used as a base for many docker images. Unfortunately I haven't seen many posts or guides on how to setup alpine as a docker host. So let's change that.

  • Download Alpine Linux, burn as usual with dd and boot it.
  • Login as root, run setup-alpine and breeze through it.

I installed in sys mode since I wanted the system to be written to the disk.

After rebooting you should have an Alpine linux installation. Onto my personal configuration.

Initial setup

//Create users group

addgroup users

//Create user newuser in users group with ash as default shell

adduser -s /bin/ash -G users newuser

//Install sudo

apk add sudo

I then edited the sudo file using visudo and uncommented %wheel ALL=(ALL) ALL .

Files to edit

/etc/apk/repositories

// Uncomment (for alpine 3.4):
http://mirrors.2f30.org/alpine/v3.4/community
http://mirrors.2f30.org/alpine/edge/testing

/etc/group

// Add newuser (or whatever name you chose)
// to the wheel group.
wheel:x:10:root,newuser

/etc/ssh/sshd_config

// Add or Uncomment
Port 20022 #for example
PermitRootLogin no

After editing these files, I change to an SSH connection and use ssh-copy-id to copy over a pubkey.
Adding the following lines to /etc/ssh/sshd_config once the key has been copied.

PasswordAuthentication no
ChallengeResponseAuthentication no

Another thing you might consider doing is using a firewall like ufw, awall or just configure the iptables (just remember Docker will probably ignore your settings because it writes to iptables directly).

Docker

# apk add docker
# rc-update add docker boot
# service docker start
# sysctl -w kernel.grsecurity.chroot_deny_chmod=0
# sysctl -w kernel.grsecurity.chroot_deny_mknod=0

Should install and setup docker according to the wiki.

After this you'll be able to use docker via sudo docker or just docker if you add yourself to the docker group. (The ArchWiki explains why maybe adding users to the docker group is not a good idea.)

Personal Run Scripts

(This was written before docker-compose was a thing, use that instead)

I write small run scripts for the containers I run in my local network. Here are some examples:
Pihole Script
Syncthing Script

Discuss on TwitterView on GitHub