Start
# init docker daemon
$ sudo vim /etc/docker/daemon.json
{
"debug": true,
"tls": false,
"hosts":["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
}
$ sudo dockerd
Refer to https://docs.docker.com/engine/reference/commandline/dockerd/
Setup Docker Daemon for Remote Connection
By default, Docker runs through a non-networked UNIX socket. It can also optionally communicate using SSH or a TLS (HTTPS) socket.
# how to find the path of daemon.json
$ ps auxww | grep docker
root 921 0.0 2.0 1570256 82092 ? Ssl 17:06 0:07 dockerd --group docker --exec-root=/run/snap.docker --data-root=/var/snap/docker/common/var-lib-docker --pidfile=/run/snap.docker/docker.pid --config-file=/var/snap/docker/1767/config/daemon.json
$ sudo vim /var/snap/docker/1767/config/daemon.json
{
"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]
}
# restart the Dokcer Daemon
$ sudo snap restart docker.dockerd
# or
$ sudo systemctl restart docker
# test your daemon's port
$ netstat -an | grep LISTEN | grep 2375
# or
$ docker --debug --host tcp://localhost:2375
# view logs
$ sudo snap logs docker.dockerd
Default Path of Config File
To configure the Docker daemon using a JSON file, create a file at /etc/docker/daemon.json on Linux systems, or C:\ProgramData\docker\config\daemon.json on Windows. On MacOS go to the whale in the taskbar > Preferences > Daemon > Advanced.
The default location of the configuration file on Linux is /etc/docker/daemon.json. The --config-file flag can be used to specify a non-default location.
Config File
https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
Deploy a plain HTTP registry
$ docker info
...
Insecure Registries:
127.0.0.0/8
Means I haven’t set the Docker Daemon right. Notice these few lines:
Insecure Registries:
127.0.0.0/8
Try to add this line to Docker’s daemon.json file and restart the Docker Daemon:
"insecure-registries":["0.0.0.0:2375"]
# how to find the path of daemon.json
$ ps auxww | grep docker
root 921 0.0 2.0 1570256 82092 ? Ssl 17:06 0:07 dockerd --group docker --exec-root=/run/snap.docker --data-root=/var/snap/docker/common/var-lib-docker --pidfile=/run/snap.docker/docker.pid --config-file=/var/snap/docker/1767/config/daemon.json
# restart the Dokcer Daemon
$ sudo snap restart docker.dockerd
# or
$ sudo systemctl restart docker
# test your daemon's port
$ netstat -an | grep LISTEN | grep 2375
# or
$ docker --debug --host tcp://localhost:2375
# view logs
$ sudo snap logs docker.dockerd
Ref
Connect to Remote Dokcer Daecom
Via HTTPS
# Linux/Mac
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://your-remote-server.org:2376"
export DOCKER_CERT_PATH="/home/me/docker-tls"
# or
$ docker --tlsverify \
--tlscacert=ca.pem \
--tlscert=cert.pem \
--tlskey=key.pem \
-H=$HOST:2376 version
Be sure that your DOCKER_CERT_PATH directory contains the following files:
- ca.pem (CA certificate)
- cert.pem (client certificate)
- key.pem (client’s private key)
How to generate certs: https://docs.docker.com/engine/security/protect-access/#create-a-ca-server-and-client-keys-with-openssl
Via SSH
$ export DOCKER_HOST="ssh://sw@192.168.18.10:31565" docker info
# 注意,如果在docker-machine中连接,会出现以下错误
$ docker-machine create --driver none --url=ssh://192.168.18.10 default4
Running pre-create checks...
Creating machine...
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env default4
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default4 - none Running ssh://192.168.18.10 Unknown Unable to query docker version: Get "ssh://192.168.18.10/v1.15/version": unsupported protocol scheme "ssh"
Via HTTP
$ DOCKER_HOST="tcp://192.168.18.10:2375" docker ps
$ DOCKER_HOST="tcp://192.168.18.10:2375" docker run hello-world
Via curl
$ curl https://$HOST:2376/images/json \
--cert ~/.docker/cert.pem \
--key ~/.docker/key.pem \
--cacert ~/.docker/ca.pem
Skip TLS Verification
Test Docker Daemon
$ echo -e "GET /_ping HTTP/1.1\r\n" | nc 192.168.18.168 2376
HTTP/1.0 400 Bad Request
Client sent an HTTP request to an HTTPS server.
# or
$ curl <ip>:<port>/v1.38/containers/json
# e.g.,
$ curl 192.168.18.10:2375/v1.38/containers/json
# Via HTTPS
$ curl https://192.168.18.10:2375/images/json \
--cert ~/.docker/cert.pem \
--key ~/.docker/key.pem \
--cacert ~/.docker/ca.pem
Connecting to the secure Docker port using curl
To use curl to make test API requests, you need to use three extra command line flags:
$ curl https://$HOST:2376/images/json \
--cert ~/.docker/cert.pem \
--key ~/.docker/key.pem \
--cacert ~/.docker/ca.pem
Troubleshooting
server gave HTTP response to HTTPS client
Error
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default3 - none Running tcp://192.168.18.10:2375 Unknown Unable to query docker version: Get "https://192.168.18.10:2375/v1.15/version": http: server gave HTTP response to HTTPS client
Solution 1 - 在 Docker Daemon 添加 HTTP的支持
Solution 2- Client 通过HTTP连接 Docker Daemon
Try to add this line to Docker’s daemon.json file and restart the Docker Daemon:
(find the file in C:\ProgramData\Docker\config\)
"insecure-registries":["192.168.99.100:5000"]
View Logs
The daemon logs may help you diagnose problems. The logs may be saved in one of a few locations, depending on the operating system configuration and the logging subsystem used:
| Operating system | Location |
|---|---|
| Linux | Use the command journalctl -xu docker.service (or read /var/log/syslog or /var/log/messages, depending on your Linux Distribution) |
macOS (dockerd logs) |
~/Library/Containers/com.docker.docker/Data/log/vm/dockerd.log |
macOS (containerd logs) |
~/Library/Containers/com.docker.docker/Data/log/vm/containerd.log |
Debug
Enable debugging
There are two ways to enable debugging. The recommended approach is to set the debug key to true in the daemon.json file. This method works for every Docker platform.
-
Edit the
daemon.jsonfile, which is usually located in/etc/docker/. You may need to create this file, if it does not yet exist. On macOS or Windows, do not edit the file directly. Instead, go to Preferences / Daemon / Advanced. -
If the file is empty, add the following:
{ "debug": true }If the file already contains JSON, just add the key
"debug": true, being careful to add a comma to the end of the line if it is not the last line before the closing bracket. Also verify that if thelog-levelkey is set, it is set to eitherinfoordebug.infois the default, and possible values aredebug,info,warn,error,fatal. -
Send a
HUPsignal to the daemon to cause it to reload its configuration. On Linux hosts, use the following command.$ sudo kill -SIGHUP $(pidof dockerd)On Windows hosts, restart Docker.
Instead of following this procedure, you can also stop the Docker daemon and restart it manually with the debug flag -D. However, this may result in Docker restarting with a different environment than the one the hosts’ startup scripts create, and this may make debugging more difficult.
Test
# test your daemon's port
$ netstat -an | grep LISTEN | grep 2375
# or
$ docker --debug --host tcp://localhost:2375
Reference
- https://docs.docker.com/config/daemon/
- https://docs.docker.com/engine/security/protect-access/
- https://docs.docker.com/config/daemon/
- https://stackoverflow.com/questions/49674004/docker-repository-server-gave-http-response-to-https-client
- https://gist.github.com/styblope/dc55e0ad2a9848f2cc3307d4819d819f
- https://dockerlabs.collabnix.com/beginners/components/daemon/access-daemon-externally.html
- https://gist.github.com/kekru/4e6d49b4290a4eebc7b597c07eaf61f2