How to enable remote access in Docker

Docker daemon socket

The Docker daemon can listen for Docker Engine API requests through three different types of sockets: unix , tcp , and fd .

By default, a unix domain socket (or IPC socket) is created at /var/run/docker.sock , which requires root privileges or membership in docker group.

If you need to access the Docker daemon remotely, you need to enable tcp sockets. Note that the default settings provide unencrypted and unauthenticated direct access to the Docker daemon, which should be protected using the built-in HTTPS encrypted socket or by placing a secure web proxy in front of it. You can use -H tcp://0.0.0.0:2375 to listen on port 2375 on all network interfaces, or -H tcp://ip:2375 to listen on port 2375 on a specific network interface using its IP address. Normally use port 2375 for unencrypted communication with the daemon and port 2376 for encrypted communication with the daemon.

Note : If you are using HTTPS encrypted sockets, keep in mind that only TLS1.0 and higher are supported. For security reasons, SSLv3 and below are no longer supported.

Modify docker.service

vim /usr/lib/systemd/system/docker.service

In the [Service] section, modify the ExecStart parameters and add -H tcp://0.0.0.0:2375 at the end to listen to port 2375 on all network interfaces.

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375

Reload the configuration file and start the service

systemctl daemon-reload && systemctl restart docker

• daemon-reload : Reload the service configuration file. If the service configuration file changes, it needs to be reloaded
• restart : Restart the service.

Check if the dockerd process is listening on port 2375 :

[root@izoq008ryseuupz ~]# netstat -antp | grep dockerd
tcp6 0 0 :::2375 :::* LISTEN 22494/dockerd    

netstat command is used to display network status. Some options have the following functions:

• -a or --all : Display all connected sockets.
• -n or --numeric : Use the IP address directly without going through a domain name server.
• -t or --tcp : Display the connection status of the TCP transmission protocol.
• -p or --programs : Display the program identification code and program name that is using the Socket.

test

Next, test whether the Docker Engine API can be used through localhost .

[root@izoq008ryseuupz ~]# curl http://localhost:2375/version
{"Platform":{"Name":"Docker Engine - Community"},"Components":[{"Name":"Engine","Version":"19.03.13","Details":{"ApiVersion":"1.40","Arch":"amd64","BuildTime":"2020-09-16T17:02:21.000000000+00:00","Experimental":"false","GitCommit":"4484c46d9d","GoVersion":"go1.13.15","KernelVersion":"3.10.0-514.26.2.el7.x86_64","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"containerd","Version":"1.3.7","Details":{"GitCommit":"8fba4e9a7d01810a393d5d25a3621dc101981175"}},{"Name":"runc","Version":"1.0.0-rc10","Details":{"GitCommit":"dc9208a3303feef5b3839f4323d9beb36df0a9dd"}},{"Name":"docker-init","Version":"0.18.0","Details":{"GitCommit":"fec3683"}}],"Version":"19.03.13","ApiVersion":"1.40","MinAPIVersion":"1.12","GitCommit":"4484c46d9d","GoVersion":"go1.13.15","Os":"linux","Arch":"amd64","KernelVersion":"3.10.0-514.26.2.el7.x86_64","BuildTime":"2020-09-16T17:02:21.000000000+00:00"}

curl is a commonly used command line tool for requesting web servers. Without any parameters, curl makes a GET request.

Apparently the Docker Engine API is available via localhost .

Let's test whether the Docker Engine API can be used remotely through the host IP. The page obtained by requesting http://ip:2375/version is shown in the figure below. Obviously, it can be used.

IDEA can also be connected remotely.

Possible issues

If you cannot access it remotely, you may need to set up the server's firewall. It should be because port 2375 is not exposed, so remote access is not possible. The blogger's server is Alibaba Cloud ( Centos7.3 ).

This is the end of this article about how to enable remote access for Docker. For more information about Docker remote access, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!