- Start the daemon
- Start the daemon using operating system utilities
- Start with systemd
- Start the daemon manually
- Linux post-installation steps for Docker Engine
- Manage Docker as a non-root user
- Configure Docker to start on boot with systemd
- Configure default logging driver
- Next steps
- Configure the daemon with systemd
- Custom Docker daemon options
- Manually create the systemd unit files
- Configure the Docker daemon to use a proxy server
Start the daemon
This page shows how to start the daemon, either manually or using OS utilities.
Start the daemon using operating system utilities
On a typical installation the Docker daemon is started by a system utility, not manually by a user. This makes it easier to automatically start Docker when the machine reboots.
The command to start Docker depends on your operating system. Check the correct page under Install Docker.
Start with systemd
On some operating systems, like Ubuntu and Debian, the Docker daemon service starts automatically. Use the following command to start it manually:
$ sudo systemctl start docker If you want Docker to start at boot, see Configure Docker to start on boot.
Start the daemon manually
If you don’t want to use a system utility to manage the Docker daemon, or just want to test things out, you can manually run it using the dockerd command. You may need to use sudo , depending on your operating system configuration.
When you start Docker this way, it runs in the foreground and sends its logs directly to your terminal.
$ dockerd INFO[0000] +job init_networkdriver() INFO[0000] +job serveapi(unix:///var/run/docker.sock) INFO[0000] Listening for HTTP on unix (/var/run/docker.sock) To stop Docker when you have started it manually, issue a Ctrl+C in your terminal.
Linux post-installation steps for Docker Engine
These optional post-installation procedures shows you how to configure your Linux host machine to work better with Docker.
Manage Docker as a non-root user
The Docker daemon binds to a Unix socket, not a TCP port. By default it’s the root user that owns the Unix socket, and other users can only access it using sudo . The Docker daemon always runs as the root user.
If you don’t want to preface the docker command with sudo , create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group. On some Linux distributions, the system automatically creates this group when installing Docker Engine using a package manager. In that case, there is no need for you to manually create the group.
Warning
The docker group grants root-level privileges to the user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.
To create the docker group and add your user:
$ sudo usermod -aG docker $USER If you’re running Linux in a virtual machine, it may be necessary to restart the virtual machine for changes to take effect.
This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits. If you initially ran Docker CLI commands using sudo before adding your user to the docker group, you may see the following error:
WARNING: Error loading config file: /home/user/.docker/config.json - stat /home/user/.docker/config.json: permission denied This error indicates that the permission settings for the ~/.docker/ directory are incorrect, due to having used the sudo command earlier. To fix this problem, either remove the ~/.docker/ directory (it’s recreated automatically, but any custom settings are lost), or change its ownership and permissions using the following commands:
$ sudo chown "$USER":"$USER" /home/"$USER"/.docker -R $ sudo chmod g+rwx "$HOME/.docker" -R Configure Docker to start on boot with systemd
Many modern Linux distributions use systemd to manage which services start when the system boots. On Debian and Ubuntu, the Docker service starts on boot by default. To automatically start Docker and containerd on boot for other Linux distributions using systemd, run the following commands:
$ sudo systemctl enable docker.service $ sudo systemctl enable containerd.service To stop this behavior, use disable instead.
$ sudo systemctl disable docker.service $ sudo systemctl disable containerd.service If you need to add an HTTP proxy, set a different directory or partition for the Docker runtime files, or make other customizations, see customize your systemd Docker daemon options.
Configure default logging driver
Docker provides logging drivers for collecting and viewing log data from all containers running on a host. The default logging driver, json-file , writes log data to JSON-formatted files on the host filesystem. Over time, these log files expand in size, leading to potential exhaustion of disk resources.
To avoid issues with overusing disk for log data, consider one of the following options:
- Configure the json-file logging driver to turn on log rotation.
- Use an alternative logging driver such as the “local” logging driver that performs log rotation by default.
- Use a logging driver that sends logs to a remote logging aggregator.
Next steps
- Read the Get started training modules to learn how to build an image and run it as a containerized application.
- Review the topics in Develop with Docker to learn how to build new applications using Docker.
Configure the daemon with systemd
This page describes how to customize daemon settings when using systemd.
Custom Docker daemon options
Most configuration options for the Docker daemon are set using the daemon.json configuration file. See Docker daemon configuration overview for more information.
Manually create the systemd unit files
When installing the binary without a package manager, you may want to integrate Docker with systemd. For this, install the two unit files ( service and socket ) from the github repository to /etc/systemd/system .
Configure the Docker daemon to use a proxy server
The Docker daemon uses the following environment variables in its start-up environment to configure HTTP or HTTPS proxy behavior:
- HTTP_PROXY
- http_proxy
- HTTPS_PROXY
- https_proxy
- NO_PROXY
- no_proxy
In Docker Engine version 23.0 and later versions, you may also configure proxy behavior for the daemon in the daemon.json file:
"proxies": "http-proxy": "http://proxy.example.com:3128", "https-proxy": "https://proxy.example.com:3129", "no-proxy": "*.test.example.com,.example.org,127.0.0.0/8" > > These configurations override the default docker.service systemd file.
If you are behind an HTTP or HTTPS proxy server, for example in corporate settings, the daemon proxy configurations must be specified in the systemd service file, not in the daemon.json file or using environment variables.
Note for rootless mode
The location of systemd configuration files are different when running Docker in rootless mode. When running in rootless mode, Docker is started as a user-mode systemd service, and uses files stored in each users’ home directory in ~/.config/systemd/user/docker.service.d/ . In addition, systemctl must be executed without sudo and with the —user flag. Select the “rootless mode” tab below if you are running Docker in rootless mode.
$ sudo mkdir -p /etc/systemd/system/docker.service.d [Service] Environment="HTTP_PROXY=http://proxy.example.com:3128" [Service] Environment="HTTPS_PROXY=https://proxy.example.com:3129" [Service] Environment="HTTP_PROXY=http://proxy.example.com:3128" Environment="HTTPS_PROXY=https://proxy.example.com:3129" Note Special characters in the proxy value, such as #?!()[]<> , must be double escaped using %% . For example:
[Service] Environment="HTTP_PROXY=http://domain%%5Cuser:complex%%23pass@proxy.example.com:3128/" - IP address prefix ( 1.2.3.4 )
- Domain name, or a special DNS label ( * )
- A domain name matches that name and all subdomains. A domain name with a leading “.” matches subdomains only. For example, given the domains foo.example.com and example.com :
- example.com matches example.com and foo.example.com , and
- .example.com matches only foo.example.com
[Service] Environment="HTTP_PROXY=http://proxy.example.com:3128" Environment="HTTPS_PROXY=https://proxy.example.com:3129" Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"$ sudo systemctl daemon-reload $ sudo systemctl restart docker$ sudo systemctl show --property=Environment docker Environment=HTTP_PROXY=http://proxy.example.com:3128 HTTPS_PROXY=https://proxy.example.com:3129 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp$ mkdir -p ~/.config/systemd/user/docker.service.d[Service] Environment="HTTP_PROXY=http://proxy.example.com:3128"[Service] Environment="HTTPS_PROXY=https://proxy.example.com:3129"[Service] Environment="HTTP_PROXY=http://proxy.example.com:3128" Environment="HTTPS_PROXY=https://proxy.example.com:3129"Note Special characters in the proxy value, such as #?!()[]<> , must be double escaped using %% . For example:
[Service] Environment="HTTP_PROXY=http://domain%%5Cuser:complex%%23pass@proxy.example.com:3128/"- IP address prefix ( 1.2.3.4 )
- Domain name, or a special DNS label ( * )
- A domain name matches that name and all subdomains. A domain name with a leading “.” matches subdomains only. For example, given the domains foo.example.com and example.com :
- example.com matches example.com and foo.example.com , and
- .example.com matches only foo.example.com
[Service] Environment="HTTP_PROXY=http://proxy.example.com:3128" Environment="HTTPS_PROXY=https://proxy.example.com:3129" Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"$ systemctl --user daemon-reload $ systemctl --user restart docker$ systemctl --user show --property=Environment docker Environment=HTTP_PROXY=http://proxy.example.com:3128 HTTPS_PROXY=https://proxy.example.com:3129 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp