Enable TCP port 2375 for external connection to Docker

docker-api-port.md

Enable TCP port 2375 for external connection to Docker

See this issue.
Docker best practise to Control and configure Docker with systemd.

1. Create daemon.json file in /etc/docker:

    {"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}
   

2. Add /etc/systemd/system/docker.service.d/override.conf

    [Service]
    ExecStart=
    ExecStart=/usr/bin/dockerd
   

3. Reload the systemd daemon:

    systemctl daemon-reload
   

4. Restart docker:

    systemctl restart docker.service
   

👍 ✔️ 🙇‍♀️
I can also confirm this, very much GG @styblope, my rock star hero!1 :))))))

Specs:

• Linux Mint 20.3 Una x64
• Docker version 20.10.16, build aa7e414
• Docker Compose version v2.5.0

🔥

I need to run docker from external docker client but the docker server is containerized (no daemon)
is it aplicable ?

I need to run docker from external docker client but the docker server is containerized (no daemon) is it aplicable ?

AFAIK, Docker will be run as daemon wherever you deploy it.

Here's another way that worked for me:

/etc/systemd/system/docker.service.d/override.conf

[Service]
 ExecStart=
 ExecStart=/usr/bin/dockerd --config-file /etc/docker/daemon.json

/etc/docker/daemon.json

{
  "hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
}

Thanks! for me it required a reboot to work

AFAIK, Docker will be run as daemon wherever you deploy it.

Docker in Docker has two versions

• docker:latest daemond and host dependant
• docker:dind web interface based (seems to be no daemon | or fully isolated from host)

I was testing docker, minikube, and K8s functionalities inside docker

The way I was able to do that without exec command is docker context

for me it was not a server or daemon problem, but a context one

This answer helped me connecting to remote docker client and docker in docker via contexts :

• https://forums.docker.com/t/how-do-you-create-a-context-for-a-remote-tls-daemon/117275/3?u=abdelazizsharaf
• https://forums.docker.com/t/tls-over-context/128795?u=abdelazizsharaf this was my original quistion that this answer completed

So now we have both exposing docker via tcp and connecting to docker via tcp in this thread..

Another thing to think for is security

Is the exposed port with your methods are encrypted or not ?

docker:dind has two ports to expose

• 2375 no encrypton - context do not require cert or key
• 2376 encrypted - context require key pair to qualify connection

Is that encryption applicable with your methods ?

I think this is the part where we go inside docker:dind entry point file

so it should be this part

dockerd \
     --host="$dockerSocket" \
     --host=tcp://0.0.0.0:2376 \
     --tlsverify \
     --tlscacert "$DOCKER_TLS_CERTDIR/server/ca.pem" \
     --tlscert "$DOCKER_TLS_CERTDIR/server/cert.pem" \
     --tlskey "$DOCKER_TLS_CERTDIR/server/key.pem"

and @russellhoff : you are right

• the daemon server is running but as an entrypoint and not a service (I miss understood)

When i try to build the image be means of the BuildImage command, i am getting the

Connect to http://127.0.0.1:2375 [/127.0.0.1] failed: Connection refused: no further information

Apparently Gradle does not make match with the WSL platform IP.

thanks a lot

Great job
Thanks

@abel-delafuente tcp not http
you could also try to use a unix socket instead and test again to make sure if it's a docker behavior or a network restriction

Any instructions regarding this manual?
In point one, I am supposed to create a file in the location and I guess add the quoted content to it.
In point two what should I add and where?

It seems to me that if I paste this into the file above, it won't work.
/etc/systemd/system/docker.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd