BTabaku/docker_api_exopose.sh

## docker_api_exopose.sh
# this file might behave differently on different OS
# it is tested on centos 8

# edit the following file /lib/systemd/system/docker.service
sudo vi /lib/systemd/system/docker.service

# add the following line to the file -H tcp://0.0.0.0:2375
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock

# reload the daemon
sudo systemctl daemon-reload
sudo systemctl restart docker

# now we can use the docker api from any host in the network but there we need to cover the safety part
# we can use the firewall to allow only specific hosts to access the docker api

# we can do it throught firewalld and nginx as a reverse proxy, so we edit the specific file of nginx server
```
    # docker API for ubot207lb server
    server {
        listen 80;
        server_name ubot207dockerlb.btabaku.co;
        location / {
            proxy_pass http://161.35.213.2:2375; # Use the ArgoCD service NodePort (argocd-server-nodeport) IP and port here
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        # Add any additional configurations or SSL settings as needed
    }
```

# but now we need to make it accessible only by a specific IP or user so we need to edit the firewall, run these on docker host os (centos 8)
# ip of ubot207dockerlb.btabaku.co is 132.22.44.69 so we allow only this ip to access the docker api

sudo iptables -A INPUT -p tcp --dport 2375 -s 132.22.44.69 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 2375 -j DROP
sudo systemctl restart docker
	# this file might behave differently on different OS
	# it is tested on centos 8

	# edit the following file /lib/systemd/system/docker.service
	sudo vi /lib/systemd/system/docker.service

	# add the following line to the file -H tcp://0.0.0.0:2375
	ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --containerd=/run/containerd/containerd.sock

	# reload the daemon
	sudo systemctl daemon-reload
	sudo systemctl restart docker

	# now we can use the docker api from any host in the network but there we need to cover the safety part
	# we can use the firewall to allow only specific hosts to access the docker api

	# we can do it throught firewalld and nginx as a reverse proxy, so we edit the specific file of nginx server
	```
	# docker API for ubot207lb server
	server {
	listen 80;
	server_name ubot207dockerlb.btabaku.co;
	location / {
	proxy_pass http://161.35.213.2:2375; # Use the ArgoCD service NodePort (argocd-server-nodeport) IP and port here
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	# Add any additional configurations or SSL settings as needed
	}
	```

	# but now we need to make it accessible only by a specific IP or user so we need to edit the firewall, run these on docker host os (centos 8)
	# ip of ubot207dockerlb.btabaku.co is 132.22.44.69 so we allow only this ip to access the docker api

	sudo iptables -A INPUT -p tcp --dport 2375 -s 132.22.44.69 -j ACCEPT
	sudo iptables -A INPUT -p tcp --dport 2375 -j DROP
	sudo systemctl restart docker