Can't Configure Remote Access of Docker Host

Question

I did a successful Docker for Windows install on two Windows machines (Windows 10 and Windows 7 x64 SP1). I can successfully perform administration duties of the docker hosts through terminal services (RDP) or through Powershell remoting.

However, the Docker documentation indicates that the Docker Host offers its own RESTful remote api for administration. I would like to use this API. The problem is that in all the examples given in the documentation, the client invocations (via curl) are physically on the same box as the Docker Host. In other words they are not actually remote and, unfortunately, the steps to adapt to a remote scenario are not obvious.

For example, consider this command taken straight from the documentation:

curl --insecure --cert ~/.docker/cert.pem --key ~/.docker/key.pem https://YOUR_VM_IP:2376/images/json

Obviously I need the YOUR_VM_IP to proceed. So on both of my Windows boxes I type docker-machine ls. I discover that on both the physical Windows machines the address for the Docker Host is tcp://192.168.99.100:2376.

Oops. They can't both have the same IP address. Obviously the VirtualBox NAT address is local to the VM in both cases.

This is the primary issue. I'd like to know how to expose an externally visible Docker Host IP address so that I can actually perform remote adminstration.

Possibly this issue is less about Docker and more about VirtualBox. There are several network interfaces and networking modes that the Docker Host VM could be configured with (e.g. NAT, Bridge, Internal, Host Only. Perhaps some combination would allow the IP of the Docking Host VM to be exposed.

Or not? Another possibility is that I'm simply misunderstanding what Docker means by "remote API". Perhaps "remote" simply means that I don't need to directly SSH into the Docker Host, from the host machine, in order to perform administration. However, I don't think I'm misunderstanding - particularly when I see quotes like this:

By default, the daemon can only accept local connections over a Unix domain socket. Taken from: Docker Machine Basics

Yes, I have certainly discovered that "by default" it is indeed local. Now I just need to know how to make it non-local, so that I can provide remote administration. I've found no documentation for this anywhere.

Any ideas?

Answer 1

Update: If you are using Windows server 2016, you can try enabling remote with help from here

Hope the details of Issue 109 on Microsoft Docker.Dotnet helps

Extract from the above link is as below

Docker for Windows uses a named pipe npipe:////./pipe/docker_engine to access the REST API. You have to map the pipe to a tcp port.

This can be done with socat:

socat TCP-LISTEN:2375,reuseaddr,fork PIPE:\\.\pipes\docker_engine

After running socat map, you can connect using

tcp://localhost:2375

More info on this issue here.

Let me know if it helps

Answer 2

I've found no documentation for this anywhere.

Well, it's probably because "docker on windows" is just a hack intended only for local development on a single box.

Everyone running Docker in production (i.e. people who need multiple boxes) just run Docker directly on Linux with no extra VMs. All the orchestration technologies (Kubernetes, etc) assume the Docker server has a routeable IP address.

Possibly this issue is less about Docker and more about VirtualBox.

Correct. You can "fix" your problem by exposing your VM's port 2376 to your network. You may also have to allow that port in your Windows firewall too.