How to Install Docker on Linux and Run Your First Container

Install Docker Engine from official repos, add your user to the docker group, and run hello-world plus a useful database image.

DevOps & infrastructure Intermediate 7 min read

Published March 14, 2026 · Updated March 28, 2026

Last verified: March 2026. Docker’s daemon runs containers from images; you install the Engine so the CLI can talk to a local API socket. Commands like docker run create a writable layer on top of an image—ephemeral unless you attach volumes—so databases and uploads persist explicitly.

Next step: Docker Compose for app + database.

Engine vs Desktop

Why distinguish: Servers need only the daemon and CLI; Desktop adds VM integration on macOS/Windows—different install paths, same docker commands afterward.

Install Docker Engine (Debian/Ubuntu outline)

Why use Docker’s apt repo: Distro packages often lag security patches; Docker’s repository tracks supported versions.

Follow the current steps in Docker’s documentation: add Docker’s apt repository, install docker-ce, enable and start docker service. Always use the official docs for your distro because commands change over time.

Post-install: run without sudo

Why usermod -aG docker: The daemon socket is root-owned by default; the docker group grants permission equivalent to root on the host—only add trusted users.

sudo usermod -aG docker "$USER"
# log out and back in, then:
docker run --rm hello-world

Check: “Hello from Docker!” confirms the client can reach the daemon.

Images and containers

Why docker pull first: Ensures you have the image locally and see tag resolution errors before wiring env vars.

docker pull postgres:16
docker run --name pg -e POSTGRES_PASSWORD=dev -p 5432:5432 -d postgres:16

What each flag does: -e sets env vars the official Postgres image reads to initialize the database; -p publishes container port 5432 to the host so tools on your laptop can connect; -d detaches so the terminal stays usable.

List with docker ps, stop with docker stop pg.

Volumes

Why volumes matter: Container filesystems are discarded when the container is removed; databases need persistent disks.

Preview Docker Compose

docker compose version

Why check: Compose v2 is a plugin; this verifies it is installed before you adopt multi-service YAML.

Related guides

Put TLS in front with nginx reverse proxy on real servers.

Frequently asked questions

Docker vs virtual machine?

Containers share the host kernel and start faster; VMs run full guest OSes—stronger isolation, heavier cost.

Is root inside the container safe?

It is still a process on your kernel—use official images, scan for CVEs, and avoid --privileged unless you understand the risk.

Can I run Docker in Docker?

Possible for CI; usually prefer mounting the host socket carefully or using dedicated build services.

Where do I learn Dockerfile syntax?

Start with multi-stage builds and small base images; pin versions for reproducibility.