How to connect to Docker API from another machine?

问题:

I'm trying to use the Docker API to connect to docker daemon from another machine. I am able to do this command successfully:

docker -H=tcp://127.0.0.1:4243 images

But NOT when I use the real IP address:

docker -H=tcp://192.168.2.123:4243 images 2013/08/04 01:35:53 dial tcp 192.168.2.123:4243: connection refused

Why can't I connect when using a non-local IP?

I'm using a Vagrant VM with the following in Vagrantfile: config.vm.network :private_network, ip: "192.168.2.123"

The following is iptables:

# Generated by iptables-save v1.4.12 on Sun Aug  4 01:24:46 2013 *filter :INPUT ACCEPT [1974:252013] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1511:932565] -A INPUT -p tcp -m tcp --dport 4243 -j ACCEPT COMMIT # Completed on Sun Aug  4 01:24:46 2013 # Generated by iptables-save v1.4.12 on Sun Aug  4 01:24:46 2013 *nat :PREROUTING ACCEPT [118:8562] :INPUT ACCEPT [91:6204] :OUTPUT ACCEPT [102:7211] :POSTROUTING ACCEPT [102:7211] :DOCKER - [0:0] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER -A POSTROUTING -s 172.16.42.0/24 ! -d 172.16.42.0/24 -j MASQUERADE

回答1:

Came across a similar issue, one thing I don't see mentioned here is you need to start docker to listen to both the network and a unix socket. All regular docker (command-line) commands on the host assume the socket.

sudo docker -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock -d &

will start docker listening to any ip address on your host, as well as the typical unix socket.

回答2:

You need to listen to 0.0.0.0. When you listen on 127.0.0.1, it means that no one outside your host will be able to connect.

回答3:

Please note that in doing this, you have given anyone, and any URL sent to you by email access to your Docker API, and thus root permission.

you should, at minimum, secure your socket using https: http://docs.docker.com/articles/https/

回答4:

There are 2 ways in configuring the docker daemon port

1) Configuring at /etc/default/docker file:

DOCKER_OPTS="-H tcp://127.0.0.1:5000 -H unix:///var/run/docker.sock"

2) Configuring at /etc/docker/daemon.json:

{ "hosts": ["tcp://<IP-ADDRESS>:<PORT>", "unix:///var/run/docker.sock"] }

IP-ADDRESS - any address which is accessible can be used.

Restart the docker service after configuring the port.

The reason for adding both the user port[ tcp://127.0.0.1:5000] and default docker socket[unix:///var/run/docker.sock] is that the user port enables the access to the docker APIs whereas the default socket enables the CLI.

转载请标明出处:How to connect to Docker API from another machine?

文章来源: How to connect to Docker API from another machine?

跳转到

• 问题:
• 回答1:
• 回答2:
• 回答3:
• 回答4:

Close