Remote Docker Instance
I'm building a multi node Docker Swarm cluster and want to connect to it from my local desktop. I'd like to use my local development tools to build all of my Docker related files and push them up to the cluster.
Note, this is an unauthenticated, full access, http (not https) configuration. It is to show a remote setup. I'm starting simple. The next post will be about securing this config.
First my setup:
- 3 docker nodes,
docker1.example.com
,docker2.example.com
anddocker3.example.com
. - They are running
Debian 9
. - They are configured in a swarm using default configs.
docker1.example.com
is my Swarm master.- They are built following this guide: https://www.frakkingsweet.com/docker-swarm-on-debian-and-hyper-v/
With that out of the way lets setup the master, docker1.example.com
, to accept remote http connections.
On docker1.example.com
, execute sudo systemctl edit docker.service
In the editor, by default Debian 9 uses nano. Add or modify it to read:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375
The official docs say to use tcp://127.0.0.1:2375
. However, that will not allow remote hosts to connect. You need to use tcp://0.0.0.0:2375
for that.
Refresh systemd, and restart docker.
sudo systemctl daemon-reload
sudo systemctl restart docker
Now, on a remote client, you should be able to do docker -H tcp://docker1.example.com:2375 version
and it should return something similar to:
Client: Docker Engine - Community
Version: 18.09.0
API version: 1.39
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:47:51 2018
OS/Arch: windows/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.6
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: 481bc77
Built: Sat May 4 01:59:36 2019
OS/Arch: linux/amd64
Experimental: false
To show it can run a container: docker -H tcp://docker1.example.com:2375 run hello-world
It should output the results of the hello-world
container:
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
To always connect to the remote instance, you set an environment variable DOCKER_HOST
to the remote host.
In PowerShell, $env:DOCKER_HOST="tcp://docker1.example.com:2375"
In Bash/Linux, export DOCKER_HOST=tcp://docker1.example.com:2375
That's it for a proof-of-concept to remotely access a docker instance. Check out this post to see how we secure that port. https://www.frakkingsweet.com/securing-the-remote-docker-instance/