Enabling remote docker access via tcp with 127.0.0.1:2375 fails but work when using 0.0.0.0:2375

Question

I'm currently running Ubuntu 20.04 and trying to expose remote docker access via tcp with the systemd approach, as listed in the official docker guide.

# config in docker.service.d
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://127.0.0.1:2375

However I noticed that it only works when IP address is listed as 0.0.0.0 instead of 127.0.0.1.

May I know what could have resulted in it working only with 0.0.0.0:2375 and is there any significant difference using either loopback address?

Answer 1

The documentation directs you to change the lines as per your needs. When you use 127.0.0.1 the daemon will listen on the loopback interface and thus will not be accessible from the network. A loopback interface is only meant to be accessible on the same host.

When you use 0.0.0.0 (not a loopback, but a special address meaning any interface, thus including whatever interface(s) you have connected to the network), network requests reaching your host on port 2375 will be routed to your daemon.

Update: you may think of it this way. The IP you specify as -H <IPv4>:2375 identifies the interface the daemon will listen to. It is the destination IP of requests from the network, and the source IP of the replies from the daemon. 127.0.0.1 corresponds to a loopback interface, and you could use e.g. 192.168.1.54 if that would be one of your IP addresses. 0.0.0.0 is a special address meaning "listen on all my interfaces".