Run Claude Code in Docker — Safe, Sandboxed, One Command

Claude Code is Anthropic's command-line AI that can write code, run commands, and build projects for you. This guide gives you a sandboxed setup where Claude has everything it needs — but can't touch anything on your computer except one shared folder.

What you get: A single command that drops you into Claude Code with Python, Node.js, Bun, git, and common build tools pre-installed. Your files stay safe — Claude can only see what you explicitly share.

Prerequisites

Docker Desktop — install for Mac, Windows, or Linux. Open it and wait until it says "running".
A Claude Pro or Max subscription — Claude Code is included with your plan at claude.ai.

Quick start

Open a terminal and run:

docker run -it --rm \
  -v "$HOME/claude-projects:/projects" \
  -p 5800-5810:5800-5810 \
  ibrahimws/claude-code:latest

docker run -it --rm ^
  -v "%USERPROFILE%\claude-projects:/projects" ^
  -p 5800-5810:5800-5810 ^
  ibrahimws/claude-code:latest

Claude Code will show a login URL — copy it and open it in your browser to authenticate with your Claude account. Your login and settings are saved in ~/claude-projects/.claude, so you only need to do this once.

Using an API key instead?

If you're using an Anthropic API key instead of a subscription, pass it as an environment variable:

docker run -it --rm \
  -e ANTHROPIC_API_KEY=sk-ant-your-key-here \
  -v "$HOME/claude-projects:/projects" \
  -p 5800-5810:5800-5810 \
  ibrahimws/claude-code:latest

docker run -it --rm ^
  -e ANTHROPIC_API_KEY=sk-ant-your-key-here ^
  -v "%USERPROFILE%\claude-projects:/projects" ^
  -p 5800-5810:5800-5810 ^
  ibrahimws/claude-code:latest

To avoid pasting it every time, add export ANTHROPIC_API_KEY=sk-ant-your-key-here to your shell profile, then use -e ANTHROPIC_API_KEY (without the value) in the command.

First run: The image download is around 1 GB. After that, starts are instant.

What this does

Shared folder. The -v flag links ~/claude-projects on your computer to /projects inside the container. Claude reads and writes files there — and they persist after the container exits. Everything else on your machine is invisible to it. If the folder doesn't exist, Docker creates it. Your Claude login and settings are also stored here (in .claude/), so you stay authenticated across sessions.

Filesystem sandbox. Claude cannot access your home directory, documents, SSH keys, browser data, or anything outside /projects. It can't run commands that affect your computer. When you exit, the container is deleted (--rm).

Dev server ports. Ports 5800 through 5810 are forwarded. Claude is pre-configured to use this range instead of the usual defaults (3000, 5173, 8000, etc.), so if it starts a dev server you can open it in your browser at localhost:5800. The narrow range avoids conflicts with services already running on your machine.

Pre-installed tools. The image includes Node.js 22, Python 3, Bun, pip, git, curl, and build essentials. Claude can install more packages inside the container as needed — they won't affect your system.

The Dockerfile

If you want to customize the image or build your own, here's the full Dockerfile:

FROM node:22-bookworm

# Common tools Claude Code might need
RUN apt-get update && apt-get install -y \
    git curl wget jq zip unzip \
    build-essential python3 python3-pip python3-venv \
    && rm -rf /var/lib/apt/lists/*

# Bun
RUN curl -fsSL https://bun.sh/install | bash
ENV PATH="/root/.bun/bin:$PATH"

# Claude Code (official install script)
RUN curl -fsSL https://claude.ai/install.sh | bash
ENV PATH="/root/.local/bin:$PATH"

# Symlink ~/.claude to /projects/.claude so auth
# and config persist in the mounted volume
RUN ln -s /projects/.claude /root/.claude

WORKDIR /projects

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

entrypoint.sh:

#!/bin/sh

PORT_INSTRUCTION="When starting dev servers or any localhost
service, always use a port in the range 5800-5810.
These are the only ports forwarded to the host."

mkdir -p /projects/.claude

# Ensure the port rule is present in both global
# and project-level config — append if missing
for f in /projects/.claude/CLAUDE.md /projects/CLAUDE.md; do
  if ! grep -qF "5800-5810" "$f" 2>/dev/null; then
    printf '\n%s\n' "$PORT_INSTRUCTION" >> "$f"
  fi
done

exec claude "$@"

Key points:

node:22-bookworm — Debian base with Node.js. Heavier than slim variants, but Claude often needs build tools and headers.
ln -s /projects/.claude /root/.claude — Claude Code stores auth tokens and settings in ~/.claude. The symlink redirects this into the mounted volume so it survives container restarts. The binary itself lives in ~/.local/bin (inside the container only).
The entrypoint creates /projects/.claude on first run (so the symlink doesn't dangle) and ensures the port instruction is present in both .claude/CLAUDE.md (global) and CLAUDE.md (project-level). If you edit or extend either file, your changes are kept — the script only appends the port rule if it's missing.

To build and run your own image:

docker build -t my-claude-code .
docker run -it --rm \
  -v "$HOME/claude-projects:/projects" \
  -p 5800-5810:5800-5810 \
  my-claude-code