Managing multiple Docker hosts can be done remotely and on-demand with socat tunnels. There is no need for deploying Docker Swarm, reconfiguring Docker daemon, or exposing its port with a proxy.
Socat tunnels to Docker hosts
Docker hosts can be administered either individually or through Docker Swarm. Because Docker daemon does not listen on a network interface by default, a workaround is needed to connect to it remotely.
On all Docker hosts install the socat utility and setup password-less authentication over SSH. On your workstation also install the socat utility and docker command. When needed setup the tunnels with a command like:
$ socat TCP-LISTEN:2350,bind=127.0.0.1,reuseaddr,fork,range=127.0.0.0/8 EXEC:"ssh root@1.2.3.50 socat STDIO UNIX-CONNECT\:/run/docker.sock"
$ for d in 50 51 52; do (socat TCP-LISTEN:23$d,bind=127.0.0.1,reuseaddr,fork,range=127.0.0.0/8 EXEC:"ssh root@1.2.3.$d socat STDIO UNIX-CONNECT\:/run/docker.sock" &); doneAfterwards you may control your Docker hosts from the workstation simply by adding something like -H 127.0.0.1:2350 to the command:
$ iptables -A INPUT -i lo -p tcp -j ACCEPT
$ docker -H 127.0.0.1:2352 ps -a