Docker 开放RemoteAPI 2375端口访问
Docker常见端口
2375 端口:未加密的docker socket; 远程登录root账号无密码访问主机(默认不开启)
2376 端口:TLS加密套接字,很可能是 服务器的CI 4243端口作为https 443端口的修改
2377 端口:集群模式套接字,适用于集群管理器,不适用于docker客户端
5000 端口:docker注册服务
4789和7946 端口:覆盖网络
修改配置文件
修改安装docker服务的宿主机配置文件,找到/usr/lib/systemd/system/docker.service
配置文件,修改 [Service]
部分,在ExecStart
配置项后追加如下参数。
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:5678 -H unix://var/run/docker.sock -H fd:// --containerd=/run/containerd/containerd.sock --graph /data/docker
### 注解
# unix://var/run/docker.sock : unix socket ,本地客户端将通过这个来连接访问Docker daemon
# tcp://0.0.0.0:2375 : tcp socket , 表示允许任何远程客户端2375端口连接 Docker Daemon
重启Docker服务
$ systemctl daemon-reload
$ systemctl restart docker
验证修改成功与否
root@test ~]# ps -ef|grep docker
root 66562 1 0 15:12 ? 00:00:00 /usr/bin/dockerd -H tcp://0.0.0.0:5678 -H unix://var/run/docker.sock -
Docker守护进程打开一个HTTP Socket,这样才能实现远程通信。
测试
-H为连接目标主机docker服务
查看docker版本信息
[root@ test ~]#
You have mail in /var/spool/mail/root
[root@test ~]# docker -H tcp://172.16.10.57:5678 version
Client: Docker Engine - Community
Version: 19.03.0
API version: 1.39 (downgraded from 1.40)
Go version: go1.12.5
Git commit: aeac9490dc
Built: Wed Jul 17 18:15:40 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.3
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: 774a1f4
Built: Thu Feb 28 06:02:24 2019
OS/Arch: linux/amd64
Experimental: false