2017年8月3日 星期四

Enable Remote API on Docker hosts running systemd

Enable Remote API on Docker hosts running systemd (like Ubuntu 15.04)

在 /etc/systemd/system 下新增 docker-tcp.socket

內容:

[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=2375
BindIPv6Only=both
Service=docker.service
[Install]
WantedBy=sockets.target

執行:

systemctl enable docker-tcp.socket
systemctl enable docker.socket
systemctl stop docker
systemctl start docker-tcp.socket
systemctl start docker

檢查,可於本機執行:
 docker -H tcp://127.0.0.1:2375 ps
接下來就可以由遠端來控制啦,建議 iptables 限制 2375/tcp 的存取,如:
(INPUT default policy = ACCEPT)
iptables -A INPUT -s 163.20.124.0/24 -p tcp --dport 2375 -j ACCEPT
iptables -A INPUT -p tcp --dport 2375 -j DROP

iptables 設定參考資料:

iptables 添加,删除,查看,修改«海底苍鹰(tank)博客
iptables 設定入門
Linux IPTables: How to Add Firewall Rules (With Allow SSH Example)
How To Set Up a Firewall Using Iptables on Ubuntu 14.04 | DigitalOcean

沒有留言:

張貼留言