Advanced Docker Guide for Ubuntu Server: Networking, Volumes, Security, and Best Practices
Docker has become a critical component in modern DevOps, cloud computing, automation pipelines, and self-hosted environments. After mastering basic Docker commands—such as pulling images, running containers, or viewing logs—the next step is to understand how Docker actually works behind the scenes. This advanced guide will walk you through essential Docker concepts on Ubuntu Server, including networking, storage, container orchestration fundamentals, security best practices, optimization techniques, and practical workflows for production servers and homelabs.
Whether you’re running a single-node Ubuntu Server at home or deploying infrastructure for a business, these techniques will help you take your Docker skills to the next level.
1. Docker Networking: How Containers Communicate
By default, Docker handles networking automatically, but understanding it is key for creating scalable or secure environments.
Default Docker Networks
When you install Docker on Ubuntu Server, it sets up three default networks:
- bridge – the default network for most containers
- host – containers share the host network stack
- none – no networking
You can view them with:
docker network ls
User-Defined Bridge Networks
For multi-container setups (like with Docker Compose), always create your own custom network:
docker network create mynetwork
Benefits:
- Automatic DNS between containers (
container_nameresolves automatically) - Better security isolation
- Cleaner environment management
Then run containers attached to this network:
docker run -d --network=mynetwork --name=web nginx
Using Host Networking
Host mode provides the best performance, but removes isolation:
docker run --network=host myapp
Use it only when low latency is required (e.g., VPN, real-time services, game servers).
2. Docker Storage and Volumes: Persisting Data Correctly
Containers are temporary by design—if you remove one, all internal data disappears. That’s why Docker volumes exist.
Types of Docker Storage
- Volumes (recommended for most applications)
- Bind mounts (good for development or homelabs)
- tmpfs mounts (memory-only)
Creating Volumes
docker volume create mydata
Attach a volume to a container:
docker run -d -v mydata:/var/lib/mysql mysql:latest
Bind Mounts for Flexibility
Bind mounts allow storing data anywhere on the Ubuntu filesystem:
docker run -d -v /opt/data:/data myapp
Which Option Should You Use?
| Use Case | Best Option |
|---|---|
| Production DB | Volume |
| Web servers with static files | Bind mount |
| Temporary caches | tmpfs |
3. Docker Compose: Managing Multi-Container Stacks
Docker Compose is essential once you manage more than one container. It allows you to define entire stacks in a single YAML file.
Example of an advanced stack:
version: "3.9"
services:
app:
image: myapp:latest
environment:
- DATABASE_HOST=db
networks:
- appnet
depends_on:
- db
db:
image: postgres:16
volumes:
- pgdata:/var/lib/postgresql/data
networks:
- appnet
networks:
appnet:
volumes:
pgdata:
Run it using:
docker compose up -d
Why Compose is important:
- Portable across servers
- Easy deployment and rollback
- Easier configuration for networking and storage
- Good foundation before learning Kubernetes
4. Securing Docker on Ubuntu Server
Security is one of the most overlooked aspects of Docker deployments.
4.1 Don’t Run Containers as Root
Many images use the root user by default. This is risky.
Add this to your Dockerfile:
USER 1001
Or override during runtime:
docker run -u 1001 myapp
4.2 Use Read-Only Filesystems
Reduce attack surface:
docker run --read-only myapp
4.3 Use AppArmor on Ubuntu
Ubuntu supports AppArmor out of the box. Docker automatically loads profiles.
Check profiles:
sudo aa-status
4.4 Keep Images Updated
Containers don’t update themselves. Automate security patching:
docker pull myimage:latest
docker compose down
docker compose up -d
Tools like Watchtower can automate this—but be careful using it in production.
5. Optimizing Docker Performance on Ubuntu Server
5.1 Use Lightweight Base Images
Prefer:
alpinebuster-slimubuntu-minimal
E.g., shrinking Node.js:
FROM node:20-alpine
5.2 Limit CPU and RAM
To prevent containers from hogging resources:
docker run -m 2g --cpus="2.0" myapp
5.3 Enable Log Rotation
Ubuntu servers with Docker often suffer from massive log sizes.
Create /etc/docker/daemon.json:
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
Then restart Docker:
sudo systemctl restart docker
6. Building Your Own Docker Images
Creating your own images gives you full control.
Example advanced Dockerfile:
FROM ubuntu:24.04
RUN apt update && apt install -y python3 python3-pip && \
pip install flask gunicorn && \
useradd -m appuser
WORKDIR /app
COPY . /app
USER appuser
CMD ["gunicorn", "-b", "0.0.0.0:8000", "app:app"]
Best practices:
- Combine RUN commands to reduce layers
- Always pin versions when possible
- Use
.dockerignoreto exclude unnecessary files
7. Docker in a Homelab and Mini Server Environment
Docker is perfect for small servers like:
- Intel/AMD mini PCs
- Raspberry Pi 4/5
- Dell Wyse thin clients
- Old laptops repurposed into servers
Popular homelab Docker applications:
- Portainer (Docker management UI)
- Home Assistant (home automation)
- Jellyfin or Plex (media server)
- Nextcloud (private cloud)
- Pi-hole or AdGuard Home (DNS filtering)
- Nginx Proxy Manager (reverse proxy)
Portainer Example
docker run -d \
--name=portainer \
-p 9000:9000 \
-p 9443:9443 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer-ce:latest
This gives you a web dashboard to manage all your containers.
8. Preparing for Kubernetes (K8s)
Many DevOps workflows start with Docker, then evolve into Kubernetes. Some concepts that map directly:
| Docker Concept | Kubernetes Equivalent |
|---|---|
| Container | Pod |
| Docker Compose | Deployment / StatefulSet |
| Docker Network | Kubernetes Service |
| Docker Volume | Persistent Volume |
If your goal is professional DevOps or cloud engineering, learning Docker deeply will give you a strong foundation for Kubernetes later.
