通常,docker链接本地 socker管理本地的docker,也可以进行添加配置,远程链接。同时,打开docker的socker意味着暴露了更大的攻击面,你应该明白。
sock
在此前编辑的文件中添加一条"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"],如下:
[root@linuxea.com_10_10_240_145 ~]$ cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://9ykgc5q2.mirror.aliyuncs.com","https://registry.docker-cn.com"],
"bip": "192.168.100.1/24",
"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
}而后重启
[root@linuxea.com_10_10_240_145 ~]$ systemctl restart docker[root@linuxea.com_10_10_240_145 ~]$ ss -tlnp|grep 2375
LISTEN 0 32768 *:2375 *:* users:(("dockerd",pid=12639,fd=5))[root@linuxea.com_10_10_240_145 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2563e96a47a marksugar/mariadb:10.2.15 "/start.sh" 2 weeks ago Up About an hour mariadb
6f008567ba35 marksugar/nginx_createrepo "/startup.sh" 4 weeks ago Up About an hour nginx_createrepo
5536d55fb3f1 marksugar/redis:4.0.11 "/startup.sh" 3 months ago Up About an hour redis
f3b6eaca7b74 marksugar/maxscale:2.1.9 "/start.sh" 4 months ago Up About an hour maxscale要被其他节点访问到,还需要添加防火墙规则
[root@linuxea.com_10_10_240_145 ~]$ iptables -I INPUT -p tcp --dport 2375 -j ACCEPT接着就可以在其他节点访问本机的2375端口进行管理
[root@linuxea.com202 ~]# docker -H 10.10.240.145:2375 ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c2563e96a47a marksugar/mariadb:10.2.15 "/start.sh" 2 weeks ago Up About an hour mariadb
6f008567ba35 marksugar/nginx_createrepo "/startup.sh" 4 weeks ago Up About an hour nginx_createrepo
5536d55fb3f1 marksugar/redis:4.0.11 "/startup.sh" 3 months ago Up About an hour redis
f3b6eaca7b74 marksugar/maxscale:2.1.9 "/start.sh" 4 months ago Up About an hour maxscale学习更多
学习如何使用Docker CLI命令,Dockerfile命令,使用这些命令可以帮助你更有效地使用Docker应用程序。查看Docker文档和我的其他帖子以了解更多信息。
- docker目录
- 白话容器
- docker-compose
