4

I'm trying to access Docker remote API from within a container because I need to start other containers.

The host address is 172.19.0.1, so I'm using http://172.19.0.1:2375/images/json to get the list of images (from host, http://localhost:2375/images/json works as expected.

The connection is refused, I guess because Docker (for Windows) listens on 127.0.0.1 and not on 0.0.0.0.

I've tried to change configuration (both from UI and daemon.json) adding the entry:

"hosts": ["tcp://0.0.0.0:2375"]

but the daemon fails to start. How can I access the api?

fra
  • 3,488
  • 5
  • 38
  • 61
  • You mention that you are using Docker for Windows, but don't mention which container type you are using. Are you using Windows containers or Linux containers? – Chris Lawrence Apr 21 '17 at 18:12

3 Answers3

1

You can set DOCKER_OPTS in windows as below and try. In Windows, Docker runs inside a VM. So, you have to ssh into the VM and make the changes. 

DOCKER_OPTS='-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock'

Check if it works for you.

Update :- To ssh into the VM (assuming default is the VM name you have created using Docker toolbox), enter the following command in the Docker Quickstart Terminal,

docker-machine ssh default

You can find more details here.

qwerty
  • 2,392
  • 3
  • 30
  • 55
  • what's the address to ssh (or how can I find it)? – fra Apr 21 '17 at 07:57
  • Additionally, I've found advices against exposing the socket: https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html which seems the behaviour with DOCKER_OPTS. Is the solution secure? – fra Apr 21 '17 at 08:04
  • I don't have any docker-machine running (`docker-machine ls` returns an empty list), even if I'm able to use docker (I've installed latest Docker tools). Should I create a docker machine? and how would it be related to my "default/standard" docker instance that I'm currently using? – fra Apr 21 '17 at 08:49
  • Yes, you will require a docker machine for this. Ideally, it should get installed when you install [Docker for Windows](https://docs.docker.com/docker-for-windows/) but you can always install it separately (refer [this](https://docs.docker.com/machine/install-machine/#installing-machine-directly)) – qwerty Apr 21 '17 at 09:02
1

You could link the host's /var/run/docker.sock within the container where you need it. This way, you don't expose the Docker Remote API via an open port.

Be aware that it does provide root-like access to docker.

-v /var/run/docker.sock:/var/run/docker.sock
joseconstela
  • 727
  • 8
  • 12
0

You should use "tcp://host.docker.internal:2375" to connect to host machine from container. Please make sure that you can ping the "host.docker.internal" address https://github.com/docker/for-win/issues/1976

Ivan Shibkih
  • 41
  • 1
  • 4