New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add unix socket and multiple -H #938

Merged
merged 6 commits into from Jun 20, 2013

Conversation

Projects
None yet
10 participants
@vieux
Collaborator

vieux commented Jun 19, 2013

-H now can be (if no scheme, tcp is assumed):

  • tcp://host -> tcp connection on host:4243
  • tcp://host:port -> tcp connection on host:port
  • tcp://:port -> tcp connection on 127.0.0.1:port
  • unix://path/to/socket -> unix socket located at path/to/socket

You can also listen to multiple host/socket:

docker -H tcp://127.0.0.1:4243 -H tcp://0.0.0.0:4444 -H unix:///var/run/docker.sock -d

/cc @shykes @creack @benoitc

@lmctv

This comment has been minimized.

lmctv commented on 063c838 Jun 19, 2013

Would you mind an hurray for url-like listen options and unix domain sockets support?

@dhrp

This comment has been minimized.

Contributor

dhrp commented on docs/sources/use/basics.rst in 063c838 Jun 19, 2013

I understand what you mean, but there is a typo, and perhaps the following line would be more clear;

Bind Docker to another host/port or a unix socket

With -H it is possible to make the Docker daemon to listen on a specific ip and port. By default, it will listen on tcp://127.0.0.1:4243 to allow only local connections but you can set it to 0.0.0.0:4243 or a specific host ip to give access to everybody.

Similarly, the Docker client can use -H to connect to a custom port.

-H accepts host and port assignment in the following format: tcp://[host][:port] or unix://path
For example:

  • tcp://host -> tcp connection on host:4243
  • tcp://host:port -> tcp connection on host:port
  • tcp://:port -> tcp connection on 127.0.0.1:port
  • unix://path/to/socket -> unix socket located at path/to/socket
@dhrp

This comment has been minimized.

Contributor

dhrp commented on docs/sources/use/basics.rst in 063c838 Jun 19, 2013

exemple should be example

return e
}
//as the daemon is launched as root, change to permission of the socket to allow non-root to connect
if proto == "unix" {

This comment has been minimized.

@shykes

shykes Jun 19, 2013

Collaborator

Is there a way to do this only if the socket doesn't already exist? This way the sysadmin could control security of his socket by changing uid/gid/permissions himself.

Maybe this can be done in a separate pull request.

@shykes

This comment has been minimized.

Collaborator

shykes commented Jun 19, 2013

LGTM

@benoitc

This comment has been minimized.

Contributor

benoitc commented Jun 20, 2013

+1

@warpfork warpfork referenced this pull request Jun 20, 2013

Closed

Host-user security #560

@vieux

This comment has been minimized.

Collaborator

vieux commented Jun 20, 2013

@creack ping (feel free to merge before/after 0.4.3)

@creack

This comment has been minimized.

Contributor

creack commented Jun 20, 2013

LGTM

creack added a commit that referenced this pull request Jun 20, 2013

Merge pull request #938 from dotcloud/add_unix_socket-feature
* Runtime: Add unix socket and multiple -H

@creack creack merged commit fa68fe6 into master Jun 20, 2013

@creack creack deleted the add_unix_socket-feature branch Jun 20, 2013

@losinggeneration

This comment has been minimized.

Contributor

losinggeneration commented on commands.go in dede158 Jul 8, 2013

funny typo: socker -> socket

@matthewmueller

This comment has been minimized.

Contributor

matthewmueller commented Aug 18, 2013

Maybe this isn't related to this PR, but it seems like to get the API working and docker build working now you need:

sudo docker -d -H 127.0.0.1:4243 -H unix:///var/run/docker.sock

That seems a bit complicated to me. Can we have some reasonable defaults?

@dsissitka

This comment has been minimized.

Contributor

dsissitka commented Aug 18, 2013

Docker 0.5.3 appears to work as expected for me:

http://i.imgur.com/FvLpZhI.png

Perhaps you're using an older Docker client?

@matthewmueller

This comment has been minimized.

Contributor

matthewmueller commented Aug 18, 2013

hmm weird, i don't think that's it though.

$ docker version
Client version: 0.5.3
Server version: 0.5.3
Go version: go1.1
@dsissitka

This comment has been minimized.

Contributor

dsissitka commented Aug 18, 2013

How can we reproduce the problem?

@matthewmueller

This comment has been minimized.

Contributor

matthewmueller commented Aug 18, 2013

To clarify, here's what I did:

Vanilla:

$ sudo docker -d &
$ curl -i localhost:4243/images/json
curl: (7) couldn't connect to host

Adding localhost:

$ sudo docker -d -H 127.0.0.1:4243
$ curl -i localhost:4243/images/json
[{...}, {...}]
$ sudo docker build -t node .
dial unix /var/run/docker.sock: connection refused

Adding localhost and unix socket:

sudo docker -d -H 127.0.0.1:4243 -H unix:///var/run/docker.sock
$ curl -i localhost:4243/images/json
[{...}, {...}]
$ sudo docker build -t node .
# Successfully Building
@crosbymichael

This comment has been minimized.

Member

crosbymichael commented Aug 18, 2013

You have to run the client with the -H option to tell it where to find the
daemon when you change the default.

'docker -H localhost:4243 build .'

On Saturday, August 17, 2013, Matthew Mueller wrote:

To clarify, here's what I did:

Vanilla:

$ sudo docker -d &
$ curl -i localhost:4243/images/json
curl: (7) couldn't connect to host

Adding localhost:

$ sudo docker -d -H 127.0.0.1:4243
$ curl -i localhost:4243/images/json
[{...}, {...}]
$ sudo docker build -t node .
dial unix /var/run/docker.sock: connection refused

Adding localhost and unix socket:

sudo docker -d -H 127.0.0.1:4243 -H unix:///var/run/docker.sock
$ curl -i localhost:4243/images/json
[{...}, {...}]
$ sudo docker build -t node .

Successfully Building


Reply to this email directly or view it on GitHubhttps://github.com//pull/938#issuecomment-22824327
.

Thanks,


Michael Crosby
812-250-6603
crosby.michael@gmail.com

@matthewmueller

This comment has been minimized.

Contributor

matthewmueller commented Aug 18, 2013

@crosbymichael sorry maybe I'm confused, but isn't 127.0.0.1:4243 the default?

$ docker
  Usage: docker [OPTIONS] COMMAND [arg...]
    -H=[tcp://127.0.0.1:4243]:

I actually don't want to change it and just use the default, but the API doesn't seem to work without passing in the host.

@crosbymichael

This comment has been minimized.

Member

crosbymichael commented Aug 18, 2013

The default is to serve the API via the unix socket.

On Saturday, August 17, 2013, Matthew Mueller wrote:

@crosbymichael https://github.com/crosbymichael sorry maybe I'm
confused, but isn't 127.0.0.1:4243 the default?

$ docker
Usage: docker [OPTIONS] COMMAND [arg...]
-H=[tcp://127.0.0.1:4243]:

I actually don't want to change it and just use the default, but the API
doesn't seem to work without passing in the host.


Reply to this email directly or view it on GitHubhttps://github.com//pull/938#issuecomment-22824390
.

Thanks,


Michael Crosby
812-250-6603
crosby.michael@gmail.com

@matthewmueller

This comment has been minimized.

Contributor

matthewmueller commented Aug 18, 2013

Oh interesting, is that new?

Maybe the CLI should be changed to -H=[unix:///var/run/docker.sock]: then. I figured that was the default.

@crosbymichael

This comment has been minimized.

Member

crosbymichael commented Aug 18, 2013

@matthewmueller sounds good to me, go ahead and open a pull request ;)

@matthewmueller

This comment has been minimized.

Contributor

matthewmueller commented Aug 18, 2013

@crosbymichael done :-D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment