See this issue.
Docker best practise to Control and configure Docker with systemd.
Create daemon.json file in /etc/docker:
{"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}
Add /etc/systemd/system/docker.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
Reload the systemd daemon:
systemctl daemon-reload
Restart docker:
systemctl restart docker.service
👍 ✔️ 🙇♀️
I can also confirm this, very much GG @styblope, my rock star hero!1 :))))))
Specs:
🔥
I need to run docker from external docker client but the docker server is containerized (no daemon)
is it aplicable ?
I need to run docker from external docker client but the docker server is containerized (no daemon) is it aplicable ?
AFAIK, Docker will be run as daemon wherever you deploy it.
Here's another way that worked for me:
/etc/systemd/system/docker.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --config-file /etc/docker/daemon.json
/etc/docker/daemon.json
{
"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
}
Thanks! for me it required a reboot to work
AFAIK, Docker will be run as daemon wherever you deploy it.
Docker in Docker has two versions
docker:latest daemond and host dependantdocker:dind web interface based (seems to be no daemon | or fully isolated from host)I was testing docker, minikube, and K8s functionalities inside docker
The way I was able to do that without exec command is docker context
for me it was not a server or daemon problem, but a context one
This answer helped me connecting to remote docker client and docker in docker via contexts :
So now we have both exposing docker via tcp and connecting to docker via tcp in this thread..
Another thing to think about is security
Is the exposed port with your methods are encrypted or not ?
docker:dind has two ports to expose
2375 no encrypton - context do not require cert or key2376 encrypted - context require key pair to qualify connectionIs that encryption applicable with your methods ?
I think this is the part where we go inside docker:dind entry point file
so it should be this part
dockerd \
--host="$dockerSocket" \
--host=tcp://0.0.0.0:2376 \
--tlsverify \
--tlscacert "$DOCKER_TLS_CERTDIR/server/ca.pem" \
--tlscert "$DOCKER_TLS_CERTDIR/server/cert.pem" \
--tlskey "$DOCKER_TLS_CERTDIR/server/key.pem"
and @russellhoff : you are right
When i try to build the image be means of the BuildImage command, i am getting the
Connect to http://127.0.0.1:2375 [/127.0.0.1] failed: Connection refused: no further information
Apparently Gradle does not make match with the WSL platform IP.
thanks a lot
Great job
Thanks
@abel-delafuente tcp not http
you could also try to use a unix socket instead and test again to make sure if it's a docker behavior or a network restriction
Great! It's working for me.
Anyone having issues on DietPi? I am just getting familiar with DietPi and cannot get this to work.
that helped thank you!
Add /etc/systemd/system/docker.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
I'm on a Synology NAS and I don't have the folder /etc/systemd/system/docker.service.d/override.conf ??? Any help on how to do step 2?
For everyone finding this page and looking for instructions for Synology's new Container Manager,
sudo vi /var/packages/ContainerManager/etc/dockerd.jsonchange to:
{"data-root":"/var/packages/ContainerManager/var/docker","log-driver":"db","registry-mirrors":[],"storage-driver":"aufs","hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}
(basically add the stuff from the original step 1 to the end, without the curly-brackets {} )
systemctl daemon-reload
sudo systemctl restart pkg-ContainerManager-dockerd
You may need to repeat these steps when the Container Manager package gets updated. So far it's working for me
For everyone finding this page and looking for instructions for Synology's new Container Manager,
sudo vi /var/packages/ContainerManager/etc/dockerd.jsonchange to:
{"data-root":"/var/packages/ContainerManager/var/docker","log-driver":"db","registry-mirrors":[],"storage-driver":"aufs","hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}(basically add the stuff from the original step 1 to the end, without the curly-brackets {} )
systemctl daemon-reloadsudo systemctl restart pkg-ContainerManager-dockerdYou may need to repeat these steps when the Container Manager package gets updated. So far it's working for me
Hi,bro. I'm trying to add the proxy option for the dockerd.json,there is some problem for me.
I had read the docs of how to set the value of daemon-proxy,but the error still exsit.
"proxies": {
"http-proxy": "http://proxy.example.com:80",
"https-proxy": "https://proxy.example.com:443",
"no-proxy": "*.test.example.com,.example.org",
}
unable to configure the Docker daemon with file /var/packages/ContainerManager/etc/dockerd.json: the following directives don't match any configuration option: http-proxy, https-proxy, no-proxy
{"data-root":"/var/packages/ContainerManager/var/docker","log-driver":"db","proxies":{"http-proxy":"http://127.0.0.1:7890","https-proxy":"http://127.0.0.1:7890","no-proxy":"localhost,127.0.0.1"},"registry-mirrors":[],"storage-driver":"aufs"}
can you give me some help? appreciate it.
Sorry @honue , I don't know as I don't use proxies. Maybe Synology doesn't support those options. They are also using a slightly older version of docker. v20.10.23, build 876964a
ExecStart=
ExecStart=/usr/bin/dockerd --config-file /etc/docker/daemon.json
Thank you. This override.conf trick worked nicely for me. I used daemon.json to supply my TLS configuration as well as listen on 2376. Giving it nothing except a reference to daemon.json feels like a hack to avoid the hosts conflict.. but it works. Thanks again @webzakimbo
root@mnretrogamer029:~# cat /etc/docker/daemon.json
{
"data-root": "/mnt/dietpi_userdata/docker-data",
"log-driver": "journald",
"log-level": "warn",
"debug": false,
"hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2376"],
"tlscacert": "/etc/docker/certs.d/ca.pem",
"tlscert": "/etc/docker/certs.d/server-cert.pem",
"tlskey": "/etc/docker/certs.d/server-key.pem",
"tlsverify": true
}
what if I don't have systemd? ie. Unraid/Slackware
on Ubuntu 22.04.3 couldn't get it to work with these instructions... do this:
Update Docker Configuration:
Edit the Docker daemon configuration file. The configuration file is typically located at /etc/docker/daemon.json. If it doesn't exist, you can create it.
sudo nano /etc/docker/daemon.json
Add the following content to the file:
{
"hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2375"]
}
This configuration tells Docker to listen on both the UNIX socket and a TCP socket on all available network interfaces (0.0.0.0) on port 2375.
Restart Docker:
After making changes to the Docker daemon configuration, you need to restart the Docker daemon for the changes to take effect.
sudo systemctl restart docker
Adjust Firewall Rules (if necessary):
If you have a firewall enabled on your Ubuntu server, make sure to allow traffic on the Docker daemon port (default is 2375). You can use ufw (Uncomplicated Firewall) to do this:
bash
sudo ufw allow 2375
For Synology NAS (I am using DS923+) I found an easier way.
In your compose file for Homepage make sure to have the following listed under 'volumes'
- /var/run/docker.sock:/var/run/docker.sock
Then in your Homepage docker.yaml file, uncomment only this part:
# my-docker:
# socket: /var/run/docker.sock
Once I did this it's working. Didn't have to mess with anything else.
Thanks for your gist! It works great for me, with special case where I use Windows 10 & WSL2!
thanks, it worked for me
For everyone finding this page and looking for instructions for Synology's new Container Manager,
sudo vi /var/packages/ContainerManager/etc/dockerd.jsonchange to:
{"data-root":"/var/packages/ContainerManager/var/docker","log-driver":"db","registry-mirrors":[],"storage-driver":"aufs","hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}
(basically add the stuff from the original step 1 to the end, without the curly-brackets {} )
systemctl daemon-reloadsudo systemctl restart pkg-ContainerManager-dockerdYou may need to repeat these steps when the Container Manager package gets updated. So far it's working for me
Hi,bro. I'm trying to add the proxy option for the dockerd.json,there is some problem for me. I had read the docs of how to set the value of daemon-proxy,but the error still exsit.
"proxies": { "http-proxy": "http://proxy.example.com:80", "https-proxy": "https://proxy.example.com:443", "no-proxy": "*.test.example.com,.example.org", }
unable to configure the Docker daemon with file /var/packages/ContainerManager/etc/dockerd.json: the following directives don't match any configuration option: http-proxy, https-proxy, no-proxy
{"data-root":"/var/packages/ContainerManager/var/docker","log-driver":"db","proxies":{"http-proxy":"http://127.0.0.1:7890","https-proxy":"http://127.0.0.1:7890","no-proxy":"localhost,127.0.0.1"},"registry-mirrors":[],"storage-driver":"aufs"}can you give me some help? appreciate it.
requre docked 23.0 or later,the synology is 20.10.3
Here's another way that worked for me:
/etc/systemd/system/docker.service.d/override.conf
[Service] ExecStart= ExecStart=/usr/bin/dockerd --config-file /etc/docker/daemon.json/etc/docker/daemon.json
{ "hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"] }
is worked thank you so much
Exposing the docker daemon on 0.0.0.0 especially on something which faces the internet is a TERRIBLE idea!
It's literally like giving everyone sudo access...
Bind to 127.0.0.1 and portforward.
You don't even have to, the docker client can speak ssh) via: DOCKER_HOST=“ssh://user@remotehost
i had to do the following:
$ cat /etc/systemd/system/docker.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/sbin/dockerd --config-file /etc/docker/daemon.overrided.json
$ cat /etc/docker/daemon.overrided.json
{
"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
}
The binary is in /usr/sbin/dockerd, and changing the daemon.json conflicted with the default parameter -H fd://
Thanks!!