Home | About

Setup Rootless Docker on Hetzner

It was not entirely trivial to setup a rootless Docker installation on Hetzner. I choose to not use Hetzner's prebuilt app installation for Docker CE. So here are the steps I took for my future self and anyone else interested to install rootless docker-ce on Debian 13. I am assuming you have already provisioned the VM and have setup SSH keys.

Installation and configuration

ssh root@hetzner-instance-ip

# As root
## Update depedencies
apt update
apt upgrade

# Install docker-ce
## Cleanup any previous installations
for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done

## Installation steps
apt-get install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

apt-get update

## Install latest docker-ce version
apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
## Check status of daemon
systemctl status docker # Should be running

## Disable and remove rootful docker daemon
systemctl disable --now docker.service docker.socket
rm /var/run/docker.sock

## Install machinectl
apt install systemd-container

## Install rootless-extras
docker-ce-rootless-extras

# Configure rootless docker daemon
## Install new dependencies
apt install uidmap

## Create new user (and no password)
useradd -m myuser # With home directory;

## Add user to sudoers
usermod -aG sudo myuser

## Change to non-root user
sudo machinectl shell myuser@ # instead of `su myuser`; @ signfies this machine

# Configure rootless docker
dockerd-rootless-setuptool.sh install

Process Management

# As myuser user
# start/stop/restart docker service
systemctl --user (start|stop|restart) docker.service

# Run docker.service on system startup
sudo loginctl enable-linger myuser

# Setup env variables (add them to your ~/.bashrc)
# This was suggested in the informational
# messages from the previous command
export PATH=/home/myuser/bin:$PATH
export DOCKER_HOST=unix:///run/user/1000/docker.sock

References