0

I need to add Docker listener on Docker bridged interface, but it works only if docker already started. And daemon don't start after system boot if I have add ip to daemon.json. Is there a way to get it work?

My daemon.json:

   {   
        "data-root":  "/data/workspace/environment/docker",   
        "debug": true,   
        "tls": true,   
        "tlscacert": "/env-vol/docker-daemon/ca.pem",   
        "tlscert": "/env-vol/docker-daemon/server-cert.pem",   
        "tlskey": "/env-vol/docker-daemon/server-key.pem",   
        "tlsverify": true,   
        "storage-driver": "overlay",   
        "hosts": [
            "unix:///var/run/docker.sock", 
            "tcp://127.0.0.1:2375", 
            "tcp://10.20.30.1:2375"
        ] 
    }

10.20.30.1 - IP address of Docker bridged network interface.

Update: Listener should be bound only to socket, localhost and Docker bridged interface. And shouldn't be bound to physical interface.

Sergey Bezugliy
  • 580
  • 7
  • 23
  • Do you actually want to open up unencrypted unrestricted root access to your host with no authorization? I bet you don't. I'd delete both of the "tcp:" lines. – David Maze Jul 07 '18 at 12:45
  • It will not open unrestricted access, cause 127.0.0.1 is localhost and 10.20.30.0/24 is internal bridged virtual network for containers, it is not connected to world, something like DMZ, but I need access to docker service using tcp inside. Access to containers provided through another network that interacts with nginx reverse proxy, where I have added tcp streams to connect to required ports, so I don't need even to publish docker ports and can completely isolate docker from outside. – Sergey Bezugliy Jul 07 '18 at 12:54
  • Part of scheme was described in my another question: https://stackoverflow.com/questions/51126509/docker-socket-crash-after-stack-up – Sergey Bezugliy Jul 07 '18 at 12:58
  • 1
    If you really need an individual container to have access to the Docker socket, and unrestricted root access to the host, the usual way is to publish the Unix socket into the container with `docker run -v /var/run/docker.sock:/var/run/docker.sock`. I'd be extremely hesitant to give this level of power to every container, and to every process on the host. – David Maze Jul 07 '18 at 16:25
  • Yes. I know and using it, at the Portainer, as example. Tried to use only tcp connection, cause when I trying to deploy containers as a swarm services my socket crushes, sometimes on startup stage, sometimes when I trying to interact with one of services. – Sergey Bezugliy Jul 07 '18 at 16:36
  • Exactly, I need It to use dockerized Gitlab runners. Now it works well, but not inside swarm. – Sergey Bezugliy Jul 07 '18 at 16:38

0 Answers0