Running Docker on Alpine Linux: Getting Started and Best Practices for a Fresh Server

Alpine Linux is one of the best choices for running Docker in production or development. It’s incredibly lightweight (under 10 MB base install), secure by design (musl libc, minimal attack surface), and uses far fewer resources than Ubuntu or Debian. Pairing it with Docker gives you a lean, efficient host that’s perfect for self-hosting apps, microservices, or homelab projects.

This guide walks you through installing Docker on a fresh Alpine Linux server and shares practical tips to make your setup reliable, secure, and easy to maintain.

1. Preparing a Fresh Alpine Linux Server

Assume you’ve just installed Alpine Linux (latest stable) in sys mode on a physical machine, VPS, or VM. After the first boot:

  1. Log in as root.
  2. Enable the community repository (Docker lives here):
sed -i 's/#$$ .*community $$/\1/' /etc/apk/repositories
  1. Update the system:
apk update && apk upgrade -a
  1. (Recommended) Create a non-root user for daily work:
adduser -D yourusername
addgroup yourusername wheel
apk add doas # Alpine’s lightweight sudo alternative
echo 'permit persist :wheel' >> /etc/doas.conf

Log out and back in as the new user. From now on, use doas instead of sudo.

  1. Install and enable SSH (if not already done):
doas apk add openssh
doas rc-update add sshd default
doas rc-service sshd start

Your server is now minimal and ready for Docker.

2. Installing Docker on Alpine

Docker is available directly from Alpine’s community repository—no extra repositories or scripts needed.

# Install Docker daemon + CLI
doas apk add docker

# Enable and start the service (OpenRC)
doas rc-update add docker default
doas rc-service docker start

# Verify it’s running
doas rc-service docker status

Add your user to the docker group so you can run Docker commands without doas every time:

doas addgroup yourusername docker

Important security note: Members of the docker group have root-equivalent access on the host. Only add trusted users.

Reboot or log out/in for the group change to take effect.

3. Installing Docker Compose (Modern v2 Plugin)

Since Alpine 3.15, the official Docker Compose v2 plugin is available:

doas apk add docker-cli-compose

You can now use docker compose (note the space) instead of the old docker-compose.

4. Getting Started: Your First Containers

Test everything works:

docker --version
docker run --rm hello-world

Pull and run a simple web server:

docker run -d --name nginx-test -p 8080:80 nginx:alpine
curl http://localhost:8080

Basic useful commands:

  • docker ps – list running containers
  • docker images – list images
  • docker logs <container> – view logs
  • docker stop <container> – stop a container
  • docker compose up -d – start services from a compose.yml file

5. Useful Tips for Running Docker Apps on a Fresh Alpine Server

Security First

  • Firewall: Alpine doesn’t ship with one enabled. Use awall (Alpine’s iptables frontend) or ufw:
doas apk add awall
# Or for ufw:
# doas apk add ufw
# doas ufw default deny incoming
# doas ufw default allow outgoing
# doas ufw allow ssh
# doas ufw enable

Docker automatically manages port publishing via NAT, but always restrict inbound traffic at the host level. Only open ports you actually publish (-p).

  • User namespaces (recommended for production): Isolate containers from the host. Follow the Alpine wiki instructions to set up dockremap and add “userns-remap”: “dockremap” to /etc/docker/daemon.json, then restart Docker.
  • Rootless Docker (advanced): If you want zero root privileges, install docker-rootless-extras and follow the rootless section in the Alpine Docker wiki.

Performance & Resource Management

  • If you see “WARNING: No swap/memory limit support” in docker info, enable cgroup memory accounting:
    • For extlinux (most Alpine installs): Edit /etc/update-extlinux.conf, add cgroup_enable=memory swapaccount=1 to default_kernel_opts, then run doas update-extlinux && reboot.
  • Use resource limits on containers:
docker run --memory=512m --cpus=1 ...
  • Store Docker data on a separate disk/partition mounted at /var/lib/docker for easier backups and growth.

Persistence & Reliability

  • Always use named volumes:
# compose.yml example
services:
  app:
    image: yourapp:alpine
    volumes:
      - app-data:/data
volumes:
  app-data:
  • Set restart policies: –restart=unless-stopped
  • Enable Docker’s live restore in /etc/docker/daemon.json if you update the daemon often:
{
  "live-restore": true
}

Maintenance & Updates

  • Update the host regularly:
doas apk update && doas apk upgrade -a
  • Update Docker images: docker compose pull && docker compose up -d
  • Clean up unused resources:
docker system prune -f
  • Monitor with docker stats, htop (apk add htop), or tools like Portainer (run it in a container).

Common Pitfalls on Alpine

  • DNS issues are rare on modern Alpine (≥3.18), but if you see them inside containers, add Google or Cloudflare DNS in /etc/docker/daemon.json.
  • No systemd = no systemctl. Use OpenRC commands (rc-service, rc-update).
  • Keep your base images :alpine where possible — they’re tiny and fast.

Final Thoughts

Alpine + Docker is a dream combination for anyone who values efficiency and security. A fresh Alpine server with Docker installed can run dozens of containers with minimal RAM and CPU overhead.

Start small, follow the official Alpine Docker wiki for the very latest details, and iterate. Once you have a few containers running reliably, you’ll wonder why you ever used heavier distros for Docker hosts.

Leave a Reply

Your email address will not be published. Required fields are marked *