Docker Community Forums

Share and learn in the Docker community.

Enable TCP access for Docker for Mac


(Pushdev) #1

Expected behavior

The switch to UNIX domain sockets is not supported by lots and lots of programs, particularly Java. We need to be able to enable REST TCP access for these programs.

Actual behavior

Undocumented. Clearly there is support since you can screen into the docker VM and dork with /etc/init.d/docker, but these settings are lost on startup. Basically being able to set DOCKER_OPTS for the VM would suffice, but there is no documentation as to how to do this.

Information

  • the output of:
    • Moby Menu > Diagnose & Feedback on OSX

Docker for Mac: version: mac-v1.12.0.1
OS X: version 10.11.6 (build: 15G31)
logs: /tmp/7DCEAFA7-DA7F-40AF-9DC8-E77BC015A981/20160816-105502.tar.gz
[OK] docker-cli
[OK] app
[OK] moby-syslog
[OK] disk
[OK] virtualization
[OK] system
[OK] menubar
[OK] osxfs
[OK] db
[OK] slirp
[OK] moby-console
[OK] logs
[OK] vmnetd
[OK] env
[OK] moby
[OK] driver.amd64-linux

  • a reproducible case if this is a bug, Dockerfiles FTW

  • page URL if this is a docs issue or the name of a man page

  • host distribution and version ( OSX 10.10.x, OSX 10.11.x, Windows, etc )

Steps to reproduce the behavior


(Pushdev) #2

I cannot post the links. Your forum software is lying to me!


(David Sheets) #3

I believe using something like socat as described in Using pycharm docker plugin with docker beta would work for your use case?


(John Pape) #4

Running socat -4 TCP-LISTEN:2375,fork UNIX-CONNECT:/var/run/docker.sock & inside your container that has /var/run/docker.sock (host) mounted to /var/run/docker.sock inside the container will work just fine.


(Pushdev) #5

That is one of the horrendous workarounds, yes. Not exactly user friendly though.


(David Sheets) #6

Hi John,

I recommend running socat on the OS X host so that Docker for Mac knows about the Docker operations you perform. In particular, file system bind mounts made via the TCP socket will not have inotify events enabled (as of Beta 23). Finally, I also recommend only listening on the loopback interface or restricting the subnet allowed access in the socat invocation in order to prevent unintentional exposure of the Docker server.

Best regards,

David