0

I'm trying to test from one machine on my LAN via PowerShell, whether or not the Docker Desktop Daemon (Win 10) is running on another machine on my LAN.

I'm using the latest version of Docker Desktop (Edge release):

enter image description here

For my testing, I've checked the "Expose (yada yada yada)" option.

When I run:

Invoke-WebRequest -Method 'HEAD' "http://192.168.0.194:2375/v1.40/_ping"

I get:

Invoke-WebRequest : Unable to connect to the remote server At line:1 char:1

  • Invoke-WebRequest -Method 'HEAD' "http://192.168.0.194:2375/v1.40/_pi ...

  • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException

  • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Using 'GET' results in the same.

I'm basing it on this reference:

https://docs.docker.com/engine/api/v1.40/#operation/SystemPing

Any idea anyone?

J. Scott Elblein
  • 4,013
  • 15
  • 58
  • 94

1 Answers1

0

You can't do this in the way you're suggesting, and making the Docker socket available over the network at all (checking that box) is a really bad idea.

Read the text under the checkbox you've checked carefully (emphasis mine):

It also makes yourself vulnerable to remote code execution attacks. Use with caution.

Anyone who can access the Docker daemon can launch any container with any valid options, including running with administrator-level permissions and mounting content from the host. On Windows this is limited somewhat by only being able to mount specific directories into containers, but at the very least this allows any local process to do anything with any of your user data.

I'd suggest unchecking this checkbox immediately, and consider whether you need to reinstall your system if an untrusted local process has managed to take advantage of Docker.

Correspondingly, the checkbox option is specifically to expose the Docker daemon only to localhost. It can't be accessed remotely. You need some other mechanism to remotely audit what software is running on the system.

David Maze
  • 130,717
  • 29
  • 175
  • 215
  • I agree that it's a bad idea, but I've only enabled it for testing purposes. Are you aware of another (easy) way to ping the daemon to see if it's up or down? I've been having issues with docker crashing my entire system, causing a reboot, so I want to automate a way to test whether it has crashed and I need to restart it. – J. Scott Elblein Jan 05 '20 at 14:25