Configuring remote access with systemd unit file
-
Use the command
sudo systemctl edit docker.serviceto open an override file fordocker.servicein a text editor. -
Add or modify the following lines, substituting your own values.
[Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// -H tcp://127.0.0.1:2375 -
Save the file.
-
Reload the
systemctlconfiguration.sudo systemctl daemon-reload -
Restart Docker.
sudo systemctl restart docker.service -
Check to see whether the change was honored by reviewing the output of
netstatto confirmdockerdis listening on the configured port.$ sudo netstat -lntp | grep dockerd tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 3758/dockerd
### 这里安装一个轻量级Docker管理用户界面,完全满足自己捣鼓的需求。
[root@test58-185 ~]# docker run -d -p 9000:9000 --restart=always -v /var/run/docker.sock:/var/run/docker.sock --name prtainer portainer/portainer
### 下面是开放Docker 远程访问的命令,可以在官方网站查到的 使用·systemd· 来管理(https://docs.docker.com/install/linux/linux-postinstall/#control-where-the-docker-daemon-listens-for-connections 使用systemd单元文件配置远程访问)
[root@test58-185 ~]# systemctl edit docker.service
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --insecure-registry=10.40.58.185 -H fd:// -H tcp://10.40.58.185:2375
[root@test58-185 ~]# systemctl daemon-reload
[root@test58-185 ~]# systemctl restart docker.service
[root@test58-185 ~]# netstat -lntp | grep dockerd
tcp 0 0 10.40.58.185:2375 0.0.0.0:* LISTEN 32510/dockerd
[root@test58-184 ~]# docker -H 10.40.58.185:2375 info
Cannot connect to the Docker daemon at tcp://10.40.58.185:2375. Is the docker daemon running?
[root@test58-184 ~]# docker -H 10.40.58.185:2375 info
Containers: 11
Running: 5
Paused: 0
Stopped: 6
Images: 65
Server Version: 18.09.8
Storage Driver: devicemapper
Pool Name: docker-253:0-83946772-pool
Pool Blocksize: 65.54kB
Base Device Size: 10.74GB
Backing Filesystem: xfs
Udev Sync Supported: true
Data file: /dev/loop0
Metadata file: /dev/loop1
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Data Space Used: 6.103GB
Data Space Total: 107.4GB
Data Space Available: 21.81GB
Metadata Space Used: 7.32MB
Metadata Space Total: 2.147GB
Metadata Space Available: 2.14GB
Thin Pool Minimum Free Space: 10.74GB
Deferred Removal Enabled: true
Deferred Deletion Enabled: true
Deferred Deleted Device Count: 0
Library Version: 1.02.149-RHEL7 (2018-07-20)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-229.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.64GiB
Name: test58-185.nexus.office.maxxipoint.com
ID: EBBC:VBTS:4OU2:FAT3:BZRI:GAQI:Q5O4:YO5Y:EOKW:WGQU:M4KG:YF3F
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.1
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: API is accessible on http://10.40.58.185:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
WARNING: the devicemapper storage-driver is deprecated, and will be removed in a future release.
WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use.
Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
[root@test58-184 ~]#
网友评论