Remote Docker Instance

I'm building a multi node Docker Swarm cluster and want to connect to it from my local desktop. I'd like to use my local development tools to build all of my Docker related files and push them up to the cluster.

Note, this is an unauthenticated, full access, http (not https) configuration. It is to show a remote setup. I'm starting simple. The next post will be about securing this config.

First my setup:

• 3 docker nodes, docker1.example.com, docker2.example.com and docker3.example.com.
• They are running Debian 9.
• They are configured in a swarm using default configs.
• docker1.example.com is my Swarm master.
• They are built following this guide: https://www.frakkingsweet.com/docker-swarm-on-debian-and-hyper-v/

With that out of the way lets setup the master, docker1.example.com, to accept remote http connections.

On docker1.example.com, execute sudo systemctl edit docker.service

In the editor, by default Debian 9 uses nano. Add or modify it to read:

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375

The official docs say to use tcp://127.0.0.1:2375. However, that will not allow remote hosts to connect. You need to use tcp://0.0.0.0:2375 for that.

Refresh systemd, and restart docker.

sudo systemctl daemon-reload
sudo systemctl restart docker

Now, on a remote client, you should be able to do docker -H tcp://docker1.example.com:2375 version and it should return something similar to:

Client: Docker Engine - Community
 Version:           18.09.0
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        4d60db4
 Built:             Wed Nov  7 00:47:51 2018
 OS/Arch:           windows/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.6
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       481bc77
  Built:            Sat May  4 01:59:36 2019
  OS/Arch:          linux/amd64
  Experimental:     false

To show it can run a container: docker -H tcp://docker1.example.com:2375 run hello-world

It should output the results of the hello-world container:

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

To always connect to the remote instance, you set an environment variable DOCKER_HOST to the remote host.

In PowerShell, $env:DOCKER_HOST="tcp://docker1.example.com:2375"

In Bash/Linux,  export DOCKER_HOST=tcp://docker1.example.com:2375

That's it for a proof-of-concept to remotely access a docker instance. Check out this post to see how we secure that port. https://www.frakkingsweet.com/securing-the-remote-docker-instance/