Quick-and-Dirty Docker Remote API Configuration

Hi

During some testing I did recently, I wanted to open the docker service for remote access.

I spent quite some time browsing between multiple official documentation and blog posts until I nailed it down, so I though I would sum it up for you for easy implementation, should you choose to use it…

First and foremost, A word of caution…

The setup I will present is in no way suitable for production! In fact, some might say that this kind of setup shouldn’t be used in a lab / test environment even…

Why?

  • I’m basically allowing remote access to the docker service api from any machine that has network access to the docker host
  • In addition, I’m also completely disabling the Linux firewall service

Any Linux admin will tell you that these are 2 big mistakes, and they are right. So why am I doing it?

I wanted to make sure I have no obstacles in the way and verify I’m nailing it down. Once I nailed it I will start configuring the overall system.

TL;DR

Run the below commands to open connection to your docker host on port 4243:


# All the configuration is done with root user

# Disable the firewalld service:
systemctl disable firewalld
systemctl stop firewalld

# Configure the docker service
sudo mkdir -p /etc/systemd/system/docker.service.d
cd /etc/systemd/system/docker.service.d
vi docker.conf

# add the following lines to docker.conf:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:4243
# save the file (using :wq)

# reload docker with new config and verify service is running
systemctl daemon-reload
systemctl restart docker
systemctl status docker

# verify service is opened on port 4243 locally
docker -H tcp://0.0.0.0:4243 ps # expected to get a list of running containers

# verify remotely, from a different host (assuming network and DNS are working between hosts)

curl -X GET http://docker_host_fqdn:4243/images/json # you should see a JSON response with a list of docker images on your docker host

What’s going on here? Keep on reading…

My Environment

  • CentOS 7.4
  • Docker version 17.09.1-ce, build 19e2cf6

The problem

Everywhere I looked discussed the use of the daemon.json file in order to configure the docker service.

However, this creates a conflict between Linux systems running systemd and the docker config file daemon.json, and getting to the exact config that works took some try-and-error

The solution

  • Disable firewall to eliminate network-related challenges
  • Add access via port 4243 to the remote api

Next Steps

  • Allow access on specific network interface
  • Enable firewall and add 4243 port as exception

I’m sure there are other (and possibly better) ways to accomplish the same goal. what’s yours?


Further reading materials

 

Advertisements

One thought on “Quick-and-Dirty Docker Remote API Configuration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s