Skip to content

Instantly share code, notes, and snippets.

@styblope
Last active October 29, 2024 22:17
Show Gist options
  • Save styblope/dc55e0ad2a9848f2cc3307d4819d819f to your computer and use it in GitHub Desktop.
Save styblope/dc55e0ad2a9848f2cc3307d4819d819f to your computer and use it in GitHub Desktop.
Enable TCP port 2375 for external connection to Docker

Enable TCP port 2375 for external connection to Docker

See this issue.
Docker best practise to Control and configure Docker with systemd.

  1. Create daemon.json file in /etc/docker:

     {"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}
    
  2. Add /etc/systemd/system/docker.service.d/override.conf

     [Service]
     ExecStart=
     ExecStart=/usr/bin/dockerd
    
  3. Reload the systemd daemon:

     systemctl daemon-reload
    
  4. Restart docker:

     systemctl restart docker.service
    
@rcedillo45
Copy link

I was having an issue to connect from another machine, turns out it was a firewall issue.
to fix I did:
ufw allow 2375/tcp
ufw reload
hopefully this helps someone.

@russellhoff
Copy link

Thanks!!

@sithson
Copy link

sithson commented May 19, 2022

👍 ✔️ 🙇‍♀️
I can also confirm this, very much GG @styblope, my rock star hero!1 :))))))

Specs:

  • Linux Mint 20.3 Una x64
  • Docker version 20.10.16, build aa7e414
  • Docker Compose version v2.5.0

@sumitdhungana14
Copy link

🔥

@Sharaf5
Copy link

Sharaf5 commented Sep 1, 2022

I need to run docker from external docker client but the docker server is containerized (no daemon)
is it aplicable ?

@russellhoff
Copy link

I need to run docker from external docker client but the docker server is containerized (no daemon) is it aplicable ?

AFAIK, Docker will be run as daemon wherever you deploy it.

@webzakimbo
Copy link

webzakimbo commented Sep 28, 2022

Here's another way that worked for me:

/etc/systemd/system/docker.service.d/override.conf

[Service]
 ExecStart=
 ExecStart=/usr/bin/dockerd --config-file /etc/docker/daemon.json

/etc/docker/daemon.json

{
  "hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
}

@madcowGit
Copy link

Thanks! for me it required a reboot to work

@Sharaf5
Copy link

Sharaf5 commented Dec 9, 2022

AFAIK, Docker will be run as daemon wherever you deploy it.

Docker in Docker has two versions

  • docker:latest daemond and host dependant
  • docker:dind web interface based (seems to be no daemon | or fully isolated from host)

I was testing docker, minikube, and K8s functionalities inside docker

The way I was able to do that without exec command is docker context

for me it was not a server or daemon problem, but a context one

This answer helped me connecting to remote docker client and docker in docker via contexts :

So now we have both exposing docker via tcp and connecting to docker via tcp in this thread..

@Sharaf5
Copy link

Sharaf5 commented Dec 9, 2022

Another thing to think about is security

Is the exposed port with your methods are encrypted or not ?

docker:dind has two ports to expose

  • 2375 no encrypton - context do not require cert or key
  • 2376 encrypted - context require key pair to qualify connection

Is that encryption applicable with your methods ?

I think this is the part where we go inside docker:dind entry point file
code

so it should be this part

dockerd \
     --host="$dockerSocket" \
     --host=tcp://0.0.0.0:2376 \
     --tlsverify \
     --tlscacert "$DOCKER_TLS_CERTDIR/server/ca.pem" \
     --tlscert "$DOCKER_TLS_CERTDIR/server/cert.pem" \
     --tlskey "$DOCKER_TLS_CERTDIR/server/key.pem"

and @russellhoff : you are right

  • the daemon server is running but as an entrypoint and not a service (I miss understood)

@abel-delafuente
Copy link

abel-delafuente commented Dec 29, 2022

When i try to build the image be means of the BuildImage command, i am getting the

Connect to http://127.0.0.1:2375 [/127.0.0.1] failed: Connection refused: no further information

Apparently Gradle does not make match with the WSL platform IP.

@lalalazero
Copy link

thanks a lot

@KMMehr
Copy link

KMMehr commented Jan 14, 2023

Great job
Thanks

@Sharaf5
Copy link

Sharaf5 commented Jan 14, 2023

@abel-delafuente tcp not http
you could also try to use a unix socket instead and test again to make sure if it's a docker behavior or a network restriction

@KyongSik-Yoon
Copy link

Great! It's working for me.

@djshaw0350
Copy link

Anyone having issues on DietPi? I am just getting familiar with DietPi and cannot get this to work.

@intellectualDarknet
Copy link

that helped thank you!

@lennon101
Copy link

Add /etc/systemd/system/docker.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd

I'm on a Synology NAS and I don't have the folder /etc/systemd/system/docker.service.d/override.conf ??? Any help on how to do step 2?

@My-Random-Thoughts
Copy link

For everyone finding this page and looking for instructions for Synology's new Container Manager,

  1. sudo vi /var/packages/ContainerManager/etc/dockerd.json

change to:
{"data-root":"/var/packages/ContainerManager/var/docker","log-driver":"db","registry-mirrors":[],"storage-driver":"aufs","hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}

(basically add the stuff from the original step 1 to the end, without the curly-brackets {} )

  1. systemctl daemon-reload

  2. sudo systemctl restart pkg-ContainerManager-dockerd

You may need to repeat these steps when the Container Manager package gets updated. So far it's working for me

@honue
Copy link

honue commented Sep 20, 2023

For everyone finding this page and looking for instructions for Synology's new Container Manager,

  1. sudo vi /var/packages/ContainerManager/etc/dockerd.json

change to: {"data-root":"/var/packages/ContainerManager/var/docker","log-driver":"db","registry-mirrors":[],"storage-driver":"aufs","hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}

(basically add the stuff from the original step 1 to the end, without the curly-brackets {} )

  1. systemctl daemon-reload
  2. sudo systemctl restart pkg-ContainerManager-dockerd

You may need to repeat these steps when the Container Manager package gets updated. So far it's working for me

Hi,bro. I'm trying to add the proxy option for the dockerd.json,there is some problem for me.
I had read the docs of how to set the value of daemon-proxy,but the error still exsit.

  "proxies": {
    "http-proxy": "http://proxy.example.com:80",
    "https-proxy": "https://proxy.example.com:443",
    "no-proxy": "*.test.example.com,.example.org",
  }

unable to configure the Docker daemon with file /var/packages/ContainerManager/etc/dockerd.json: the following directives don't match any configuration option: http-proxy, https-proxy, no-proxy

{"data-root":"/var/packages/ContainerManager/var/docker","log-driver":"db","proxies":{"http-proxy":"http://127.0.0.1:7890","https-proxy":"http://127.0.0.1:7890","no-proxy":"localhost,127.0.0.1"},"registry-mirrors":[],"storage-driver":"aufs"}
can you give me some help? appreciate it.

@My-Random-Thoughts
Copy link

Sorry @honue , I don't know as I don't use proxies. Maybe Synology doesn't support those options. They are also using a slightly older version of docker. v20.10.23, build 876964a

@solarsparq
Copy link

ExecStart=
ExecStart=/usr/bin/dockerd --config-file /etc/docker/daemon.json

Thank you. This override.conf trick worked nicely for me. I used daemon.json to supply my TLS configuration as well as listen on 2376. Giving it nothing except a reference to daemon.json feels like a hack to avoid the hosts conflict.. but it works. Thanks again @webzakimbo

root@mnretrogamer029:~# cat /etc/docker/daemon.json
{
"data-root": "/mnt/dietpi_userdata/docker-data",
"log-driver": "journald",
"log-level": "warn",
"debug": false,
"hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2376"],
"tlscacert": "/etc/docker/certs.d/ca.pem",
"tlscert": "/etc/docker/certs.d/server-cert.pem",
"tlskey": "/etc/docker/certs.d/server-key.pem",
"tlsverify": true
}

@parasiteoflife
Copy link

what if I don't have systemd? ie. Unraid/Slackware

@jasonmeehan11
Copy link

jasonmeehan11 commented Jan 26, 2024

on Ubuntu 22.04.3 couldn't get it to work with these instructions... do this:

Update Docker Configuration:
Edit the Docker daemon configuration file. The configuration file is typically located at /etc/docker/daemon.json. If it doesn't exist, you can create it.

sudo nano /etc/docker/daemon.json

Add the following content to the file:

{
"hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2375"]
}

This configuration tells Docker to listen on both the UNIX socket and a TCP socket on all available network interfaces (0.0.0.0) on port 2375.

Restart Docker:
After making changes to the Docker daemon configuration, you need to restart the Docker daemon for the changes to take effect.

sudo systemctl restart docker

Adjust Firewall Rules (if necessary):
If you have a firewall enabled on your Ubuntu server, make sure to allow traffic on the Docker daemon port (default is 2375). You can use ufw (Uncomplicated Firewall) to do this:

bash

sudo ufw allow 2375

@dmote75
Copy link

dmote75 commented Feb 28, 2024

For Synology NAS (I am using DS923+) I found an easier way.
In your compose file for Homepage make sure to have the following listed under 'volumes'
- /var/run/docker.sock:/var/run/docker.sock

Then in your Homepage docker.yaml file, uncomment only this part:

# my-docker:
#   socket: /var/run/docker.sock

Once I did this it's working. Didn't have to mess with anything else.

@fbaligand
Copy link

Thanks for your gist! It works great for me, with special case where I use Windows 10 & WSL2!

@HarshDev2
Copy link

thanks, it worked for me

@youfly
Copy link

youfly commented Jul 6, 2024

For everyone finding this page and looking for instructions for Synology's new Container Manager,

  1. sudo vi /var/packages/ContainerManager/etc/dockerd.json

change to: {"data-root":"/var/packages/ContainerManager/var/docker","log-driver":"db","registry-mirrors":[],"storage-driver":"aufs","hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}
(basically add the stuff from the original step 1 to the end, without the curly-brackets {} )

  1. systemctl daemon-reload
  2. sudo systemctl restart pkg-ContainerManager-dockerd

You may need to repeat these steps when the Container Manager package gets updated. So far it's working for me

Hi,bro. I'm trying to add the proxy option for the dockerd.json,there is some problem for me. I had read the docs of how to set the value of daemon-proxy,but the error still exsit.

  "proxies": {
    "http-proxy": "http://proxy.example.com:80",
    "https-proxy": "https://proxy.example.com:443",
    "no-proxy": "*.test.example.com,.example.org",
  }

unable to configure the Docker daemon with file /var/packages/ContainerManager/etc/dockerd.json: the following directives don't match any configuration option: http-proxy, https-proxy, no-proxy

{"data-root":"/var/packages/ContainerManager/var/docker","log-driver":"db","proxies":{"http-proxy":"http://127.0.0.1:7890","https-proxy":"http://127.0.0.1:7890","no-proxy":"localhost,127.0.0.1"},"registry-mirrors":[],"storage-driver":"aufs"} can you give me some help? appreciate it.

requre docked 23.0 or later,the synology is 20.10.3

@yangxh1992
Copy link

Here's another way that worked for me:

/etc/systemd/system/docker.service.d/override.conf

[Service]
 ExecStart=
 ExecStart=/usr/bin/dockerd --config-file /etc/docker/daemon.json

/etc/docker/daemon.json

{
  "hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
}

is worked thank you so much

@4thel00z
Copy link

4thel00z commented Oct 9, 2024

Exposing the docker daemon on 0.0.0.0 especially on something which faces the internet is a TERRIBLE idea!

It's literally like giving everyone sudo access...

Bind to 127.0.0.1 and portforward.

You don't even have to, the docker client can speak ssh) via: DOCKER_HOST=“ssh://user@remotehost

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment