During some testing I did recently, I wanted to open the docker service for remote access.
I spent quite some time browsing between multiple official documentation and blog posts until I nailed it down, so I though I would sum it up for you for easy implementation, should you choose to use it…
First and foremost, A word of caution…
The setup I will present is in no way suitable for production! In fact, some might say that this kind of setup shouldn’t be used in a lab / test environment even…
- I’m basically allowing remote access to the docker service api from any machine that has network access to the docker host
- In addition, I’m also completely disabling the Linux firewall service
Any Linux admin will tell you that these are 2 big mistakes, and they are right. So why am I doing it?
I wanted to make sure I have no obstacles in the way and verify I’m nailing it down. Once I nailed it I will start configuring the overall system.
Run the below commands to open connection to your docker host on port 4243:
# All the configuration is done with root user # Disable the firewalld service: systemctl disable firewalld systemctl stop firewalld # Configure the docker service sudo mkdir -p /etc/systemd/system/docker.service.d cd /etc/systemd/system/docker.service.d vi docker.conf # add the following lines to docker.conf: [Service] ExecStart= ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:4243 # save the file (using :wq) # reload docker with new config and verify service is running systemctl daemon-reload systemctl restart docker systemctl status docker # verify service is opened on port 4243 locally docker -H tcp://0.0.0.0:4243 ps # expected to get a list of running containers # verify remotely, from a different host (assuming network and DNS are working between hosts) curl -X GET http://docker_host_fqdn:4243/images/json # you should see a JSON response with a list of docker images on your docker host
What’s going on here? Keep on reading…
- CentOS 7.4
Docker version 17.09.1-ce, build 19e2cf6
Everywhere I looked discussed the use of the daemon.json file in order to configure the docker service.
However, this creates a conflict between Linux systems running systemd and the docker config file daemon.json, and getting to the exact config that works took some try-and-error
- Disable firewall to eliminate network-related challenges
- Add access via port 4243 to the remote api
- Allow access on specific network interface
- Enable firewall and add 4243 port as exception
I’m sure there are other (and possibly better) ways to accomplish the same goal. what’s yours?
Further reading materials
- Control and configure Docker with systemd (specifically, the section about creating a systemd drop-in directory for the docker service)
- Configure and troubleshoot the Docker daemon (specifically, the section about using the HOSTS key in DAEMON.JSON with SYSTEMD)