How to connect to remote docker running on Ubuntu host

Question

I installed docker on an Ubuntu 16.04 following the official directions and am successfully running the registry as a container. I want to remote connect into another container, so I try:

docker -H tcp://1.2.3.4:2375 exec -it 19f36d1bdfaf /bin/bash

And I get an error:

error during connect: Post http://1.2.3.4:2375/v1.29/containers/19f36d1bdfaf/exec: dial tcp 1.2.3.4:2375: connectex: No connection could be made because the target machine actively refused it.

Why am I getting this error and how do I resolve it?

The docker.json file has contents:

{
  "hosts": [
    "tcp://0.0.0.0:2375",
    "npipe://"
  ]
}

When I view the services it looks like the daemon is not listening on tcp://0.0.0.0:2375 as I would expect (this is just for testing, I'm going to secure this once I can get it actually working):

UPDATE:

Got it to partially work by creating a daemon.json file (a copy of docker.json), then running:

sudo dockerd

The problem with this is that now the client does not work: docker info results in an error:

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

UPDATE and SOLUTION: Andreas' answer helped me realize the daemon was not being run properly. Looking at that screenshot earlier in this post, the docker daemon was not being launched with the right -H option. I then found this Github issue which solved the problem. So all that was needed was:

• Edit the $DOCKER_OPTS variable in /etc/default/docker: DOCKER_OPTS="-H tcp://0.0.0.0:2375" (note that this is not very secure, it's just for testing)
• Edit the /lib/systemd/system/docker.service file by adding a line under [Service] for the EnvironmentFile: EnvironmentFile=-/etc/default/docker then update the ExecStart line: ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd://
• Restart the service sudo service docker restart
• Restart the daemon with systemctl daemon-reload

Note that I did not add a daemon.json file -- I left the existing docker.json file.

Answer 1

By default the docker daemon isn't exposed to the outside world for security reasons. You can of course change this setting when starting your docker daemon with the -H flag.

To test it out, you can simply start your daemon manually (be sure to stop the service before). Assuming 1.2.3.4 is the ip of the host running the daemon you want to connect to.

<path to>/dockerd -H tcp://1.2.3.4:2375

Or you bind it to all network interfaces:

<path to>/dockerd -H tcp://0.0.0.0:2375

You can provide more than one -H option here to not disable the unix socket when binding to the tcp socket. For details on the daemon binding options, please see the docs (Bind Docker to another host/port or a Unix socket).

To have this permanently, you can configure your daemon startup settings in a daemon.json file where you can also specify an array of hosts. Please see the docs (Configure the Docker daemon) and Linux configuration File for this, too.

{
  "hosts": [
    "tcp://0.0.0.0:2375",
    "unix:///var/run/docker.sock"
  ]
}

You can provide a list of entries for hosts, so your daemon can listen to tcp and the unix socket at the same time.

Please be aware that by just binding to tcp 0.0.0.0 anyone that is able to reach your machine is also able to start containers remotely and thus is almost able to do anything on your system like with a really bad root user password. You should only do this for testing or in an environment that is isolated / firewalled correctly.

Answer 2

Andreas' answer helped me realize the daemon was not being run properly. Looking at that screenshot earlier in this post, the docker daemon was not being launched with the right -H option. I then found this Github issue which solved the problem. So all that was needed was:

• Edit the $DOCKER_OPTS variable in /etc/default/docker: DOCKER_OPTS="-H tcp://0.0.0.0:2375" (note that this is not very secure, it's just for testing)
• Edit the /lib/systemd/system/docker.service file by adding a line under [Service] for the EnvironmentFile: EnvironmentFile=-/etc/default/docker then update the ExecStart line: ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd://
• Restart the service sudo service docker restart

Note that I did not add a daemon.json file -- I left the existing docker.json file.