Out of the box docker uses a local socket file for communication with the daemon. In some cases you may not have access to this file for various reasons such as permissions or logistics.
In this exercise we will discuss how to enable and expose the HTTP REST API to communicate with your docker service(s).
Enabling HTTP (without TLS)
Edit the file /etc/docker/daemon.json and ensure that it has at least the following contents:
{
"hosts": [
"unix:///var/run/docker.sock",
"tcp://127.0.0.1:2375"
]
}Now youโre ready to restart dockerd with a sudo systemctl restart docker.
Enabling HTTP with TLS
Generate your CA Private Key:
openssl genrsa -aes256 -out ca-key.pem 4096Generate your CA Public Key:
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pemGenerate a server certificate and Certificate Signing Request (CSR):
openssl genrsa -out server-key.pem 4096 openssl req -subj "/CN=somedomain.com" -sha256 -new -key server-key.pem -out server.csrNow, generate the signed certificate that will be distributed to those who may call the HTTP API over TLS:
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pemFinally, update your /etc/docker/daemon.json to at least match:
{
"hosts": [
"unix:///var/run/docker.sock",
"tcp://127.0.0.1:2375"
],
"tlscacert": "/etc/docker/certs/ca.pem",
"tlscert": "/etc/docker/certs/server-cert.pem",
"tlskey": "/etc/docker/certs/server-key.pem",
"tlsverify": true
}Now youโre ready to restart dockerd with a sudo systemctl restart docker.