Docker on Kimsufi – how to change kernel on Ubuntu 16.04 and Debian Stable

Step 1. Change default kernel

Fresh Linux installation on Kimsufi servers uses OVH custom kernel. When it is great for most basic usage it is not possible to use it together with Docker and LXC.

Additional steps on Debian Stable (optional)

On Debian Stable we have available only old kernels. I prefer to use some more current version, but this require to add testing repositories to APT. You can achieve this using repository pining. All about this you can read in my other blog post

Check for the newest version of kernel, just type and look for generic type:
apt-cache search linux-image

In my case it will be linux-image-4.11.0-14-generic Now you can install new kernel just enter:

apt-get install linux-image-4.11.0-14-generic

Now you need to change boot order to use generic kernel instead of OVH one.
mv /etc/grub.d/06_OVHkernel /etc/grub.d/25_OVHkernel

Just refresh grub list and after this you can reboot server into new kernel
shutdown -r now

After this steps server should boot using new kernel. You can check this by typing uname -r in console.

Step 2. Install Docker

Whole process is pretty easy and well documented on official Docker site. It would be just waste of time coping it. Just fallow one of the links:
Get Docker CE for Debian
Get Docker CE for Ubuntu

Step 3. Installing docker-compose

By default installing just Docker won’t install docker-compose. This is very powerful tool that allow to setup whole set of Docker machines in single run.

Step 4. After steps

After installing docker I suggest to prepare machine so it will be harder to be accessed by unwanted persons.

First step here is to create new user that will have limited access to resources on server just to docker instance. Don’t forget to add this user to docker group and upload pubkey for SSH. This will be useful later. If you don’t want to loose access to root user don’t forget to create user with wheel or sudo group.

After this initial steps we will take care about changesin SSH config. We need to change at least three things: disable password login with possibility access to admin user through SSH and change default port for SSH. All changes can be easily changed in /etc/ssh/sshd_config file. Look for lines that begins with this options:

# What ports, IPs and protocols we listen for
Port 2222

# Authentication:
PermitRootLogin no
PubkeyAuthentication yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

Last thing that will also help in securing your server is enabling Firewall. In Debian/Ubuntu we have easy to use ufw that should fit fine our purpose.

apt-get install ufw  # To install UFW
ufw default deny incoming  # By default we want to allow only selected incoming traffic
ufw default allow outgoing
ufw allow 2222  # Important! Don't forget to add your new SSH port to allowed for incoming trafic. If not set you will lose access to your server using SSH
ufw allow http  # Enable any other service that you want to host on your server
ufw enable  # Don't forget to enable everything

After this steps you will have freshly setup server for your basic needs! Have fun!