Docker is a powerful platform designed to run applications within isolated environments called containers. This capability allows you to deploy specific software, like Redis or MongoDB, or even particular versions of software that might not be natively supported by your operating system or may require custom compilation. Docker streamlines the process of managing application dependencies and ensures consistency across different environments.
As a convenient Plesk extension, Docker provides an integrated solution for running and managing containers based on various Docker images. It empowers users to leverage Docker both on the local host and on remote servers, offering flexibility and scalability for your deployments.
This topic serves as a comprehensive guide, walking you through the steps of creating, configuring, and managing Docker containers directly within Plesk. Furthermore, you will learn how to effectively control remote Docker hosts from your Plesk interface, extending your management capabilities.
Requirements and Limitations
Warning: The Docker extension downloads images from Docker Hub precisely as they are, without any pre-configuration. It's crucial to understand that some Docker containers or the software contained within them are intended for trusted environments only and may necessitate additional security setup. Before deploying these downloaded images in Plesk, it is your responsibility to enhance their security. For detailed instructions, always refer to the official documentation provided by the container or software vendor. For instance, consult the security section in the Redis documentation for specific guidance.
- Docker is supported in Plesk for the following operating systems: CentOS 7, Red Hat Enterprise Linux 7, Debian 10, Debian 11, Debian 12, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, AlmaLinux 8.x, AlmaLinux 9.x, Rocky Linux 8.x, and Virtuozzo 7 with Update 1 Hotfix 1 (7.0.1-686) or later.
- For Plesk on Windows, you can utilize Docker installed on a remote machine. Refer to the Using Remote Docker section later in this document for more details.
- It is not possible to use Docker within a Plesk instance that is itself deployed inside a Docker container.
- To integrate and use remote Docker services with Plesk, an additional license is required. This license can be acquired either separately or as part of the Hosting Pack, Power Pack, or Developer Pack.
- Docker is exclusively compatible with x64 systems.
- Docker containers managed within Plesk cannot be directly migrated or backed up. However, it is possible to back up the data used by these containers (as explained in the Volume Mapping section below) or download snapshots for recovery purposes.
- Virtuozzo 7 with Update 1 Hotfix 1 (7.0.1-686) or a later version is supported. It is important to note that with this update, new containers based on CentOS 7 are created with the firewall enabled by default, a measure introduced by Virtuozzo for enhanced security. Plesk administrators must manually configure the firewall to ensure that the necessary ports for Plesk operations are open.
Prerequisites
Before you can begin leveraging the capabilities of Docker within Plesk, the Docker extension must be successfully installed on your Plesk server.
- If you are the Plesk administrator, you can install the extension directly from the Extensions Catalog.
- Otherwise, please contact your hosting provider and request them to install the Docker extension on your behalf.
Once the extension is installed and activated, you will be ready to proceed with Docker operations. The "Docker" option will become visible and accessible within the Navigation Pane of your Plesk interface, indicating its successful integration.
Containers
You can effortlessly access a vast array of Docker images from Docker Hub through the Run Container catalog. Navigate to Docker > Containers > Run Container to explore the available options.
To access this comprehensive catalog:
- If you have not previously installed any containers, simply go to Docker > Containers and click Run Container.
- If you have existing containers, navigate to Docker > Containers and click the plus icon
to initiate the process of running a new container.
To efficiently locate specific images, utilize the search box provided in the catalog interface.
You can refine your search by specifying the image name, the repository, or a combination of both.
The following repositories are available for your search queries:
- Local repository: This contains images that have already been downloaded and are currently stored on your server, managed by Docker. For more detailed information, please refer to the Managing Local Images section further in this document.
- Docker Hub: The world's largest library and community for container images.
For many applications, multiple versions are typically available. You have the flexibility to run a specific version by selecting the appropriate tag from the options provided, as illustrated below:
To run a Docker container:
- Navigate to Docker > Containers > Run Container.
- Utilize the search box to find desired images within the catalog. If an image is stored locally, (local) will be displayed next to its version.
- To view a detailed image description and access documentation on Docker Hub, click the more info icon
. This option is not available for local images. - Click on the desired image card.
- To run a specific version, select your preferred image version from the Image version drop-down menu and then click Next.
- To run the latest available version of the selected application, simply click Next.
Plesk will then proceed to create a container and prompt you to define its settings, such as environment variables. Once configured, the container will be initiated. You have the option to cancel the running process by clicking Cancel on the Settings screen. For a comprehensive overview of these settings, please refer to the Container Settings section on this page.
- After fine-tuning the settings to your requirements, click Run. The newly created container will then appear in the list within the Containers tab, indicating it is active and operational.
Always review the Console Log to ascertain that the container is operating without any issues or errors.
Container Settings
Note: You do not need to stop a container to modify its settings. When you save new configurations, Plesk intelligently recreates the container with the updated parameters, ensuring minimal downtime.
To access and edit container settings, navigate to the Containers tab and click the settings icon 
adjacent to the container you wish to configure.
Limiting Memory
By default, Docker containers are provisioned with unlimited access to RAM. To impose a memory limit, select the Memory limit checkbox and input the desired limit value in megabytes (MB) into the corresponding field. This helps in resource management and prevents a single container from consuming excessive system resources.
Note: Currently, it is not possible to limit CPU and Disk usage for Docker containers directly through this interface.
Note: Docker containers are considered administrator-level objects and, as such, are not governed by subscription-level cgroup limits (which typically apply to CPU, RAM, and Disk usage for individual subscriptions).
Automatic Start
If the Automatic start after system reboot option is not selected, any websites relying on this container might become unavailable after a system reboot. In such cases, you would need to manually start the container to restore service.
Port Mapping
By default, Automatic port mapping is enabled, which maps the container’s internal port to a randomly assigned port on the host system (e.g., 32768). This provides a quick and easy way to get your applications running.
To specify a custom port on the host system, deselect Automatic port mapping and then enter your desired external port in the Manual mapping field. If the Manual mapping option does not appear after deselection, it indicates that the container is not configured to expose any ports.
When employing manual mapping, Docker typically binds to the specified port exclusively on the host system’s localhost interface (127.0.0.1) by default. This configuration ensures that the port remains inaccessible from the internet, thereby safeguarding the application within the container from external attacks. To enable Docker to bind to the specified port across all network interfaces of the host system, deselect the Make the port inaccessible from the Internet option. Choosing this will make the application inside the container accessible from the internet and reachable via any of the host system’s IP addresses on the designated port.
Warning: Docker assumes that authentication is handled by the application itself. However, this is not always the case (for instance, MySQL/MariaDB typically disallows anonymous access by default, whereas Redis might allow it). Making an application inside a container accessible from the internet without proper internal authentication can expose it to potential attacks from malicious actors. Always ensure your application has robust security measures in place.
Volume Mapping
Docker volumes are essentially directories on your server that are mounted directly into a Docker container. They provide a crucial mechanism for persistent storage, allowing data to be accessed and retained independently of the container's lifecycle. Critically, data stored in Docker volumes is not deleted when you stop or remove a container, making them ideal for databases and other persistent data requirements.
Warning: It is important to note that data stored in Docker volumes will not be included in standard Plesk backups. To prevent any potential data loss, it is highly recommended to back up any essential data residing in a volume using a reliable third-party backup tool.
For more in-depth information regarding data management within containers, please consult the official Docker documentation on volumes.
To establish a volume mapping, you need to specify the following:
- In the Host field, provide the absolute path to the directory on your server that you intend to mount within the container.
- In the Container field, specify the absolute path to a directory inside the container where the host directory will be mounted.
To map additional directories, simply click Add one more.
Setting Environment Variables
Environment variables play a vital role in configuring the application running inside a container. You may need to add new variables or modify existing ones to tailor the application's behavior. Plesk offers the flexibility to add as many environment variables as required, enabling granular control over your containerized applications.
Operations with Containers
Plesk provides a comprehensive set of operations for managing your Docker containers:
- You can easily stop (Stop), start (Start), or restart (Restart) a container. In each of these cases, the container will be recreated with its current settings, ensuring that any configuration changes are applied.
Note: If you have not saved your application data to mounted volumes (refer to the Volume Mapping section below), that data will be lost upon container recreation. Always use volumes for persistent data.
- Click the arrow
next to the container's entry to view its operational logs and monitor resource consumption, providing valuable insights into its performance. - To modify container settings, such as environment variables or volume mapping, click the settings icon next to the container and navigate to the Settings section.
- Rename a container for better organization by going to Settings > Container name.
Click the more options icon 
next to a container to access additional advanced operations:
- Recreate: Rebuild a container using the same image version or upgrade/downgrade to a different version of the image.
- Save as Image: Create a new image based on the current state of a container, including any custom configurations you've applied.
- Download Snapshot: Take a snapshot of a container's current state, which can be useful for backup or recovery.
- Remove: Permanently delete a container from your system.
Recreating a Container
The recreation of a container is frequently necessary when you aim to update the application within it to a newer version, or even revert to an older one. Plesk offers the flexibility to rebuild a container using any application version available in the catalog, providing comprehensive version control.
Crucially, any custom settings you have applied to the container are preserved during the recreation process. To ensure the preservation of data utilized by the application inside the container, it is imperative to specify volume mapping prior to recreating the container. Volume mapping grants you persistent access to directories used within a container, making data safe across recreations.
To recreate a container:
- Navigate to Docker and click the more options icon next to the specific container you intend to recreate.
- Click Recreate within the container settings. You will then be prompted to specify the desired image version and to confirm whether default environment variables should be used.
Using Remote Docker
By default, Plesk integrates and utilizes Docker as a local service on the same server. However, for enhanced flexibility and resource management, you have the option to employ one or more Docker services installed on remote machines. It's important to note that you can only have one Docker service active in Plesk at any given time. The currently active server is clearly indicated in the Environments tab of the Docker settings page within Plesk.
Note: Managing remote Docker services requires an additional Plesk license key add-on. Without this specific add-on, your Docker management capabilities will be limited to the local Docker service running on the Plesk server itself.
Configuring Remote Services
To successfully integrate a remote server running Docker with Plesk, you must configure that remote server as described in the official Docker documentation for securing daemon access with HTTPS. This typically involves setting up TLS/SSL for secure communication.
Managing Remote Services
Plesk facilitates the establishment of a secure connection between your Plesk server, equipped with the Docker extension, and a remote node hosting a Docker service. This allows centralized management of your Docker infrastructure.
The following detailed steps are applicable for configuring remote Docker services on both Plesk for Linux and Plesk for Windows environments.
These prerequisite steps must be meticulously performed on the remote host machine:
- Create the
/etc/docker/daemon.jsonconfiguration file for Docker with the content provided below. This file defines how the Docker daemon will listen for connections.1 { 2 "hosts": ["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"], 3 "tls": true, 4 "tlsverify": true, 5 "tlscacert": "/root/ca.pem", 6 "tlscert": "/root/server-cert.pem", 7 "tlskey": "/root/server-key.pem" 8 } - Prepare the necessary
.pemfiles for TLS authentication. You can use the following example commands. Remember to replace the IP address on line 4 with the actual IP address of your remote node before executing each command in sequence.1 openssl genrsa -aes256 -out ca-key.pem 4096 2 openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem 3 openssl genrsa -out server-key.pem 4096 4 openssl req -subj "/CN=192.0.2.1" -new -key server-key.pem -out server.csr 5 openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem 6 openssl genrsa -out key.pem 4096 7 openssl req -subj '/CN=client' -new -key key.pem -out client.csr 8 openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem 9 chmod 0400 ca-key.pem server-key.pem key.pem 10 chmod 0444 ca.pem server-cert.pem cert.pem - Execute the following commands to modify the current Docker service, ensuring it starts automatically after host configuration and applies the new daemon settings:
1 cp /lib/systemd/system/docker.service /etc/systemd/system/ 2 sed -i 's/\\ -H\\ fd:\\/\\///g' /etc/systemd/system/docker.service 3 systemctl daemon-reload 4 systemctl restart docker - For client connections, securely save the outputs of the following files from your remote machine to your local machine:
1 cat key.pem 2 cat cert.pem 3 cat ca.pem
On the local server, proceed to configure the Docker remote host within Plesk:
- Navigate to Docker > Environments.
- Click Add Server and accurately specify the connection settings for your remote server that hosts the Docker service.
- To immediately begin using this remote Docker service within Plesk, ensure that the Set active option remains selected.
Upon successful configuration, the link to the configured Docker environment will appear in the Navigation Pane, providing quick access.
To seamlessly switch between different Docker services (local or remote):
- Go to Docker > Environments.
- From the list of available servers, select the desired Docker node that you wish to activate and click Set Active.
Alternatively, you can designate a Docker node as active directly while in the process of editing its settings, offering a convenient shortcut.
Creating Images with Custom Settings
Should you wish to create a new Docker image incorporating specific modifications you've applied to an existing container, the Save as Image command is the ideal tool. This function captures a snapshot of your current container's state, including all custom configurations such as unique environment variables or file system changes. The resulting snapshot then appears as a new, custom image within your image catalog, ready for future deployments.
To create a custom image from one of your active containers:
Go to Docker > Containers. Locate the container from which you want to create an image, click the more options icon next to it, and then click Save as Image. In the subsequent Save <container name> as Image side panel, you will need to specify:
- The desired Image name for your new custom image.
- An optional Tag. This is typically used to specify the image version (e.g., "v1.0", "production"). If no tag is provided, the default version will be "latest".
The newly created image will then be listed in the Images tab, clearly marked as a Local image to distinguish it from images pulled directly from remote repositories.
Managing Local Images
Local images are Docker images that are stored directly on your local disk rather than needing to be downloaded from an online Image Catalog like Docker Hub. This significantly speeds up container deployment and reduces reliance on external network connectivity.
An image becomes a local image under several circumstances:
- When you select any version (tag) of an image and the download process begins. Even if you subsequently run a container or cancel the operation on the Settings screen, the image is saved locally.
- When you manually upload an image to Docker within Plesk via the Upload image function in the Docker Images tab.
- When you have successfully created a custom image based on an existing container (as detailed in the Creating Images with Custom Settings section).
- When you have built an image using the Docker command-line interface directly on the server.
To download a different version of an image from an online catalog, click the Pull icon 
, select the specific version you wish to pull from the drop-down menu, and then click Pull.
If Docker detects at least one downloaded version from a group of versions belonging to a particular image, that image will be prominently marked as a Local image in the catalog. Plesk also conveniently displays the total number of local images available for a given product.
To view and manage your local images, including the removal of outdated ones:
- Navigate to Docker > Images.
- To quickly find a specific local image, use the provided Search bar.
- To inspect all local images associated with a particular product, click the link located under the product name. This action will display all local image tags and the corresponding disk space they occupy.
- Select the specific image(s) you wish to remove and then click Remove to free up disk space.
Setting up Nginx to Proxy Requests from Domains to a Container
Many Docker containers are designed to expose specific ports, allowing applications running within them to be accessible via those designated ports. However, when integrating such an application with your website, it can be inconvenient for users to constantly specify a non-standard port in the URL.
To circumvent this inconvenience and provide a cleaner user experience, you can configure Nginx to proxy requests from your domains to the container's exposed port. This setup allows your domains to utilize a standard port (such as 80 or 443) without the need for users to explicitly include the port number in the URL. Nginx acts as an intermediary, forwarding requests seamlessly.
Requirements for Nginx Proxying
- Nginx must be actively running within your Plesk environment.
- You must manually map the internal port of the Docker container to a specific port on the host system (for example, 32768).
To manually map the port inside a container:
- Go to Docker > Containers and click the settings icon next to the container you intend to configure.
- Deactivate Automatic port mapping by toggling the option off.
- Manually map the internal port of the container to a specific port on your host system (e.g., 32768). You also have the option to make this mapped host port inaccessible from the internet for enhanced security.
Once the container's port is manually mapped, you can proceed to set up Nginx to proxy requests from your domains to that specific host port. This involves adding a proxy rule within the domain settings in Plesk.
To add a rule for Nginx in the domain settings:
Navigate to Websites & Domains > select your domain > Docker Proxy Rules > Add Rule, and then specify the following parameters:
- URL: Define the URL of the website or a specific section of the website that utilizes the application running within the Docker container. This can be the main website URL or a sub-path.
- Container: From the dropdown list, select the application currently running as a Docker container that you wish to proxy to.
- Port: Choose one of the port mappings that were previously defined in the container settings (specifically, the internal container port mapped to a port on your host system). Nginx will then proxy incoming requests to this designated port on the system.
Proxy rules are seamlessly integrated into your web server configuration. For instance, they are added to the website’s nginx.conf file, typically found in /var/www/vhosts/system/$domain/conf/. An example configuration snippet looks like this:
#extension docker begin
location ~ ^/.\* {
proxy\_pass http://0.0.0.0:9080;
proxy\_set\_header Host $host;
proxy\_set\_header X-Real-IP $remote\_addr;
proxy\_set\_header X-Forwarded-For $proxy\_add\_x\_forwarded\_for;
}
#extension docker endThese proxy rules are designed to function effectively even on servers situated behind a Network Address Translation (NAT) firewall, ensuring broad compatibility.
Note: Docker containers that are connected to a website via Proxy Rules are generally not accounted for in the subscription’s disk space usage calculations. The primary exception to this rule is when a website directory is directly mounted to a Docker container as a volume; in such scenarios, all files located within the container will contribute to the disk space usage of that website.
Deploying Docker Compose YAML Files
Plesk simplifies the deployment of multi-container Docker applications by supporting Docker Compose YAML files. You have multiple convenient methods for deployment: utilizing an online text editor to define your Compose file, uploading a file directly from your local storage, or selecting a Docker Compose file already stored within a website’s Home directory. Common operations on these multi-service stacks are fully supported, including up (which encompasses pull and force-recreate), stop, and down. Furthermore, stacks can be easily modified and updated even after their initial creation.
Note: This section specifically deals with Docker Compose YAML files. You cannot deploy Dockerfiles or other application-specific files through this interface.
To deploy a Docker Compose file:
- Navigate to Docker > Stacks > Add Stack.
- Provide a unique project name for your stack and choose one of the following methods for deploying your Docker Compose file:
- Editor: Directly define or paste the content of your Docker Compose file into the provided online text editor. This is convenient for quick edits or small configurations.
- Upload: Browse and upload a Docker Compose file from your local computer's storage.
- Webspace: Select an existing Docker Compose file that is already stored within a domain’s Home directory on your server. For this option, you will first need to choose the specific domain where the file is located, and then browse to the Compose file's exact location.
Plesk also allows you to declare and build custom containers as part of your Docker Compose workflow. Any artifacts generated during this build process will be automatically placed within the designated website’s Home directory.
For more detailed information regarding the structure and syntax of the Compose file format, please refer to the official Docker documentation on Compose files.
Deploying Portainer Containers in Docker
Portainer is an intuitive and powerful container management software that significantly streamlines the deployment and administration of containers and stacks. It offers a user-friendly web interface to simplify tasks such as viewing container status and logs, creating and managing users and teams, and securing your container environments, among many other features.
To install Portainer within your Plesk Docker environment, simply navigate to Docker > Install Portainer. Once the installation process is complete, you can seamlessly manage your Portainer containers by going to Docker > Go to Portainer, which will direct you to its management interface.
Note: Portainer integration within Plesk is currently considered a beta feature, indicating that it is under active development and may be subject to further refinements.
For more comprehensive information about Portainer and its capabilities, please refer to the official Portainer documentation.
