{"id":254661,"date":"2021-05-20T18:00:00","date_gmt":"2021-05-20T15:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-and-why-to-use-a-remote-docker-host-cloudsavvy-it\/"},"modified":"2021-05-20T18:00:00","modified_gmt":"2021-05-20T15:00:00","slug":"how-and-why-to-use-a-remote-docker-host-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-and-why-to-use-a-remote-docker-host-cloudsavvy-it\/","title":{"rendered":"#How and Why to Use A Remote Docker Host \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a300e5218fda\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a300e5218fda\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-and-why-to-use-a-remote-docker-host-cloudsavvy-it\/#Setting_Up_The_Remote_Host\" >Setting Up The Remote Host<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-and-why-to-use-a-remote-docker-host-cloudsavvy-it\/#Connecting_To_The_Remote_Host\" >Connecting To The Remote Host<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-and-why-to-use-a-remote-docker-host-cloudsavvy-it\/#Enhancing_Security\" >Enhancing Security<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-and-why-to-use-a-remote-docker-host-cloudsavvy-it\/#Creating_Contexts\" >Creating Contexts<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-and-why-to-use-a-remote-docker-host-cloudsavvy-it\/#Drawbacks_of_Remote_Hosts\" >Drawbacks of Remote Hosts<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-and-why-to-use-a-remote-docker-host-cloudsavvy-it\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How and Why to Use A Remote Docker Host \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage aligncenter size-full wp-image-11186\" data-pagespeed-lazy-src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/05\/38a27d3e.jpeg?width=1200&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Blue Docker logo on a purple background\" width=\"1602\" height=\"902\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>The <code>docker<\/code> CLI program is independent of the Docker daemon which runs your containers. Although both components usually run on your local machine, you can run <code>docker<\/code> commands against a remote Docker host.<\/p>\n<p>Using a remote host can be helpful in a few scenarios. You might set up a shared Docker Engine installation for a small development team. Each developer could then connect to the remote containers with their local <code>docker exec<\/code> command.<\/p>\n<p>Remote hosts are more frequently valuable when you\u2019ve got a powerful server going unused. If your laptop\u2019s slow or running out of storage, using a dedicated Docker host on your network can greatly increase performance. You still get all the convenience of the local <code>docker<\/code> CLI in your terminal.<\/p>\n<h2 id=\"setting-up-the-remote-host\"><span class=\"ez-toc-section\" id=\"Setting_Up_The_Remote_Host\"><\/span>Setting Up The Remote Host<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Make sure you\u2019ve got Docker installed on the system which will be your remote host. You only need the <code>docker-cli<\/code> package on your local machine, as you won\u2019t be running Docker Engine.<\/p>\n<p>A fresh Docker installation provides a Unix socket by default. Remote access requires a TCP socket. Run <code>dockerd<\/code> (the Docker daemon executable) with the <code>-H<\/code> flag to define the sockets you want to bind to.<\/p>\n<pre>sudo dockerd -H unix:\/\/\/var\/run\/docker.sock -H tcp:\/\/0.0.0.0:2375<\/pre>\n<p>This command will bind Docker to the default Unix socket and port 2375 on your machine\u2019s loopback address. You can bind to additional sockets and IP addresses by repeating the <code>-H<\/code> flag.<\/p>\n<p>The flags need to be passed each time you run <code>dockerd<\/code>. If you want them to persist after reboots, either create a shell alias or modify the Docker service definition. Here\u2019s how you can achieve the latter with <code>systemd<\/code>, which most Linux distributions use for service management.<\/p>\n<p>Edit <code>\/etc\/systemd\/system\/docker.service.d\/options.conf<\/code> (or create it if it doesn\u2019t exist). Find the <code>[Service]<\/code> section and change the <code>ExecStart<\/code> line:<\/p>\n<pre>[Service]&#13;\nExecStart=\/usr\/bin\/dockerd -H unix:\/\/\/var\/run\/docker.sock -H tcp:\/\/0.0.0.0:2375<\/pre>\n<p>Reload your <code>systemd<\/code> configuration to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ly the changes:<\/p>\n<pre>sudo systemctl daemon-reload<\/pre>\n<p>If Docker\u2019s already running, use <code>sudo systemctl restart docker<\/code> to restart the service. The Docker daemon will now bind to TCP port 2375 each time it starts. Make sure traffic to the port is permitted by your firewall configuration. If you\u2019re using <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/wiki.ubuntu.com\/UncomplicatedFirewall\">ufw<\/a>, run <code>ufw allow 2375<\/code> to open the port.<\/p>\n<h2 id=\"connecting-to-the-remote-host\"><span class=\"ez-toc-section\" id=\"Connecting_To_The_Remote_Host\"><\/span>Connecting To The Remote Host<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The Docker CLI uses the <code>DOCKER_HOST<\/code> environment variable to determine the host to connect to. The local daemon\u2019s Unix socket will be used when the variable isn\u2019t set.<\/p>\n<p>You can use a remote host for a single <code>docker<\/code> command by prepending the <code>DOCKER_HOST<\/code> variable:<\/p>\n<pre>DOCKER_HOST=tcp:\/\/192.168.0.1:2375 docker run httpd:latest -d<\/pre>\n<p>This will start a new container from the <code>httpd:latest<\/code> image using the Docker engine at <code>192.168.0.1:2375<\/code>.<\/p>\n<p>If you\u2019re going to be running multiple commands in one session, export the <code>DOCKER_HOST<\/code> variable into your shell:<\/p>\n<pre>export DOCKER_HOST=tcp:\/\/192.168.0.1:2375&#13;\n&#13;\ndocker run httpd:latest -d --name httpd&#13;\ndocker ps&#13;\ndocker rm httpd --force<\/pre>\n<p>You can make <code>docker<\/code> always use a remote host by setting <code>DOCKER_HOST<\/code> globally in your shell\u2019s configuration file. Here\u2019s how you\u2019d do that in Bash:<\/p>\n<pre>echo \"export DOCKER_HOST=tcp:\/\/192.168.0.1:2375\" &gt;&gt; ~\/.bashrc<\/pre>\n<p>Now the <code>DOCKER_HOST<\/code> environment variable will be set each time your shell starts.<\/p>\n<h2 id=\"enhancing-security\"><span class=\"ez-toc-section\" id=\"Enhancing_Security\"><\/span>Enhancing Security<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The basic TCP socket is unprotected. Anyone who can reach your machine over the network can use the Docker socket to control your containers.<\/p>\n<p>Docker supports SSH instead of TCP. This is usually a better option if the host has an SSH server available. It prevents unauthenticated users from gaining access. Using SSH requires no extra configuration. <code>DOCKER_HOST<\/code> lets you pass in an SSH connection string:<\/p>\n<pre>DOCKER_HOST=ssh:\/\/user@hostname docker run -d --name httpd<\/pre>\n<p>Alternatively, you can use SSH bindings to directly bind the remote host\u2019s Docker Unix socket to your local machine:<\/p>\n<pre>ssh -L \/var\/run\/docker.sock:\/var\/run\/docker.sock<\/pre>\n<p>Now you don\u2019t need to use <code>DOCKER_HOST<\/code> at all. The remote <code>docker.sock<\/code> will be bound to its local counterpart. Docker will auto-detect this as its standard Unix socket.<\/p>\n<p>Using one of the SSH-based solutions is the preferred way to approach Docker daemon security. Docker <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.docker.com\/engine\/security\/protect-access\">also supports TLS<\/a> if you supply a certificate authority and server and client keys:<\/p>\n<pre>dockerd --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=0.0.0.0:2375<\/pre>\n<p>Now clients will be able to connect on port 2375 if they present a valid SSL certificate trusted by the certificate authority <code>ca.pem<\/code>.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>What Is a PEM File and How Do You Use It?<\/em><\/strong><\/p>\n<h2 id=\"creating-contexts\"><span class=\"ez-toc-section\" id=\"Creating_Contexts\"><\/span>Creating Contexts<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Docker lets you set up several \u201ccontexts\u201d for connecting to different hosts. Contexts can be used instead of the <code>DOCKER_HOST<\/code> environment variable. They make it easier to switch between multiple remote hosts.<\/p>\n<pre>docker context create --docker host=tcp:\/\/192.168.0.1:2375 --description remote&#13;\ndocker context create --docker host=unix:\/\/\/var\/run\/docker.sock --description local<\/pre>\n<p>These commands create two different contexts \u2013 one for your local <code>docker.sock<\/code> and one for a remote connection.<\/p>\n<p>You can switch between contexts using the <code>docker context use<\/code> command:<\/p>\n<pre>docker context use remote&#13;\n&#13;\n# Container is started on \"remote\"&#13;\ndocker run httpd:-latest -d&#13;\n&#13;\ndocker context use local&#13;\n&#13;\n# Lists containers running on \"local\"&#13;\ndocker ps<\/pre>\n<p>Contexts are useful when you work with several Docker hosts. They\u2019re less hassle than continually resetting the <code>DOCKER_HOST<\/code> variable as you move betwen hosts.<\/p>\n<h2 id=\"drawbacks-of-remote-hosts\"><span class=\"ez-toc-section\" id=\"Drawbacks_of_Remote_Hosts\"><\/span>Drawbacks of Remote Hosts<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>We noted earlier that a remote host can improve build performance. This statement\u2019s only true if the machine running Docker Engine is quicker than your local hardware. The biggest drawback of a remote host is the extra overhead of interacting over the network. You also become dependent on the network \u2013 if you lose connectivity, you won\u2019t be able to manage your containers.<\/p>\n<p>You should have a reliable high-speed network connection if you\u2019re going to use a remote host as your main build server. The first <code>docker build<\/code> stage sends the contents of your image\u2019s build context (usually your working directory) to Docker Engine. This is quick when Docker\u2019s running locally but might take much longer to upload to a remote machine.<\/p>\n<p>Exposing a Docker daemon instance over the network is a security risk. You need to make sure access is restricted to authorised users and devices. Unintentional exposure of a Docker daemon socket could give attackers limitless access to the host. Docker usually runs as <code>root<\/code> so it\u2019s critical that only trusted individuals can start containers.<\/p>\n<h2 id=\"conclusion\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Setting up a remote Docker host lets you separate your container instances from your local development machine. A dedicated Docker build server can offer improved performance and greater image storage space.<\/p>\n<p>You should take care to audit the security of your implementation. A plain TCP socket might be safe on a private network but shouldn\u2019t be deployed in any sensitive environment. Using SSH helps mitigate the risks if you practice good SSH security hygiene, such as mandatory key-based authentication.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/11185\/how-and-why-to-use-a-remote-docker-host\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How and Why to Use A Remote Docker Host \u2013 CloudSavvy IT&#8221; The docker CLI program is independent of the Docker daemon which runs your containers. Although both components usually run on your local machine, you can run docker commands against a remote Docker host. Using a remote host can be helpful in a few&#8230;<\/p>\n","protected":false},"author":1,"featured_media":254662,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/05\/38a27d3e.jpeg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-254661","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/254661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=254661"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/254661\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/254662"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=254661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=254661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=254661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}