Technology
Step-by-Step Guide to Changing Docker Daemon Port
Step-by-Step Guide to Changing Docker Daemon Port
As a DevOps professional, you might find it necessary to change the default Docker daemon port to enhance security or comply with organizational policies. This guide will walk you through the process of enabling TCP port 2375 for external connections and changing the Docker daemon port. Specifically, we will discuss the necessary steps to modify the Docker service configuration and apply the changes.
Understanding Docker Daemon Ports
The Docker daemon runs on a TCP port, which is typically set to 2375 for external connections. By default, Docker listens on localhost, but in some scenarios, such as hosting a Docker registry, you might need to change this port to accept external connections. This involves modifying the Docker service configuration and ensuring that the port is properly reloaded and restarted.
Enabling TCP Port 2375 for External Connection to Docker
Step 1: Modifying Docker Configuration
To enable TCP port 2375 for external connections, you must modify the Docker daemon configuration. This involves editing a specific configuration file. Typically, for Docker to listen on a different port, you need to change the DOCKER_HOST environment variable in the service file.
Step 2: Editing Service Configuration
Perform the following steps to edit the Docker service configuration:
Locate the Docker service file in the systemd configuration directory. On most systems, the file is located at Open the file with a text editor such as nano or vim. For example:[Service]
Note: If the file does not exist, you may need to create it.
Add or modify the ExecStart directive to include the new port. The end of the file should look like this:ExecStart/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://run_
Step 3: Reload the Systemd Daemon
After modifying the Docker service configuration, it is crucial to reload the systemd daemon to apply the changes.
sudo systemctl daemon-reload
This command ensures that the updated configuration is recognized by the systemd daemon and will be used the next time the Docker service is started.
Step 4: Restart the Docker Service
Next, you need to restart the Docker service to apply the changes made to the configuration file.
sudo systemctl restart docker
This ensures that the Docker daemon listens on the specified port and that the new configuration takes effect.
Enhancing Security with Port 2375
By enabling port 2375, you can expose the Docker daemon for external connections. However, this also increases the security risk, as port 2375 is not part of the standard Docker remote API. To secure this port, it is recommended to use encryption and restrict access to the Docker daemon. This can be achieved by:
Using a secure connection such as tcp://host:2376 with TLS. Using a reverse proxy or firewall to limit access to the Docker daemon. Implementing authentication and authorization controls.Conclusion
Modifying the Docker daemon port is a straightforward process that involves editing the Docker service configuration and reloading the systemd daemon. By following this guide, you can successfully enable TCP port 2375 for external connections and ensure that your Docker daemon is configured to your requirements.