In my previous write-ups, I explained how to set up rootless Docker, and I also mentioned that I prefer using Portainer to manage my containers. However, to enable Portainer to manage Docker daemons on multiple servers, I need to be able to connect to these daemons and add them as Portainer environments. Exposing the Docker API socket via TCP is one way to achieve this.<\/p>\n
By default, the Docker API socket is only accessible locally on the host machine. However, it is possible to expose the Docker API socket via TCP so that it can be accessed remotely.<\/p>\n
You can configure the Docker daemon to expose the API socket via TCP by adding the following configuration to the To enable the rootless docker daemon to listen to specific ports, you will need to add the following line to the After making changes to the docker.service configuration file and the daemon.json configuration file, you'll need to reload the daemon and restart the docker service for the changes to take effect. Here are the steps to do so:<\/p>\n However, it is a security risk to expose the Docker API socket via TCP as it allows remote access to the Docker API. Therefore, it is recommended to use TLS encryption and authentication to secure the connection.<\/p>\ndaemon.json<\/code> file, which can be found in ~\/.config\/systemd\/docker\/daemon.json<\/code><\/p>\n{\n "hosts": ["unix:\/\/\/run\/user\/1001\/docker.sock", "tcp:\/\/0.0.0.0:2375"],\n}<\/code><\/pre>\ndocker.service<\/code> configuration file located at ~\/.config\/systemd\/user<\/code><\/p>\nEnvironment=DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2375:2375\/tcp"<\/code><\/pre>\n\n
systemctl --user daemon-reload<\/code><\/pre>\n<\/li>\nsystemctl --user restart docker<\/code><\/pre>\n<\/li>\n<\/ol>\n