Enable TCP access for Docker for Mac

pushdev · August 16, 2016, 9:59am

Expected behavior

The switch to UNIX domain sockets is not supported by lots and lots of programs, particularly Java. We need to be able to enable REST TCP access for these programs.

Actual behavior

Undocumented. Clearly there is support since you can screen into the docker VM and dork with /etc/init.d/docker, but these settings are lost on startup. Basically being able to set DOCKER_OPTS for the VM would suffice, but there is no documentation as to how to do this.

Information

the output of:
- Moby Menu > Diagnose & Feedback on OSX

Docker for Mac: version: mac-v1.12.0.1
OS X: version 10.11.6 (build: 15G31)
logs: /tmp/7DCEAFA7-DA7F-40AF-9DC8-E77BC015A981/20160816-105502.tar.gz
[OK] docker-cli
[OK] app
[OK] moby-syslog
[OK] disk
[OK] virtualization
[OK] system
[OK] menubar
[OK] osxfs
[OK] db
[OK] slirp
[OK] moby-console
[OK] logs
[OK] vmnetd
[OK] env
[OK] moby
[OK] driver.amd64-linux

a reproducible case if this is a bug, Dockerfiles FTW
page URL if this is a docs issue or the name of a man page
host distribution and version ( OSX 10.10.x, OSX 10.11.x, Windows, etc )

Steps to reproduce the behavior

pushdev · August 16, 2016, 10:00am

I cannot post the links. Your forum software is lying to me!

dsheets · August 16, 2016, 10:20am

I believe using something like socat as described in Using pycharm docker plugin with docker beta would work for your use case?

jpapejr · August 16, 2016, 11:31am

Running socat -4 TCP-LISTEN:2375,fork UNIX-CONNECT:/var/run/docker.sock & inside your container that has /var/run/docker.sock (host) mounted to /var/run/docker.sock inside the container will work just fine.

pushdev · August 16, 2016, 11:57am

That is one of the horrendous workarounds, yes. Not exactly user friendly though.

dsheets · August 16, 2016, 12:19pm

Hi John,

I recommend running socat on the OS X host so that Docker for Mac knows about the Docker operations you perform. In particular, file system bind mounts made via the TCP socket will not have inotify events enabled (as of Beta 23). Finally, I also recommend only listening on the loopback interface or restricting the subnet allowed access in the socat invocation in order to prevent unintentional exposure of the Docker server.

Best regards,

David