Managing multiple Docker hosts can be done remotely and on-demand with
socat tunnels. There is no need for deploying Docker Swarm, reconfiguring Docker daemon, or exposing its port with a proxy.
Socat tunnels to Docker hosts
Docker hosts can be administered either individually or through Docker Swarm. Because Docker daemon does not listen on a network interface by default, a workaround is needed to connect to it remotely.
On all Docker hosts install the
socat utility and setup password-less authentication over SSH. On your workstation also install the
socat utility and
docker command. When needed setup the tunnels with a command like:
$ socat TCP-LISTEN:2350,bind=127.0.0.1,reuseaddr,fork,range=127.0.0.0/8 EXEC:"ssh firstname.lastname@example.org socat STDIO UNIX-CONNECT\:/run/docker.sock" $ for d in 50 51 52; do (socat TCP-LISTEN:23$d,bind=127.0.0.1,reuseaddr,fork,range=127.0.0.0/8 EXEC:"ssh email@example.com.$d socat STDIO UNIX-CONNECT\:/run/docker.sock" &); done
Afterwards you may control your Docker hosts from the workstation simply by adding something like
-H 127.0.0.1:2350 to the command:
$ iptables -A INPUT -i lo -p tcp -j ACCEPT $ docker -H 127.0.0.1:2352 ps -a