Use docker cli access the swarm cluster provisioned by Docker for AWS

gimil · February 13, 2017, 4:57am

Expected behavior

Run docker cli on my laptop to manage the swarm cluster provisioned by Docker for AWS. E.g. I want to run “docker node ls” on my local laptop and list all nodes in the Swarm cluster on AWS.

Actual behavior

Since the port 2377 is not public available on the manager node, I did an ssh port forwarding first:

ssh -i <my_key> -L 12345:<the_manager_node_private_ip>:2377 docker@<the_manager_node_public_ip>

Then I run:

DOCKER_HOST=“tcp://localhost:12345” docker --tls ps

But I got error:

error during connect: Get https://localhost:12345/v1.25/containers/json: malformed HTTP response “\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x04\b\x00\x00\x00\x00\x00\x00\x0e\xff\xf1”

Additional Information

Steps to reproduce the behavior

Please see Actual behavior above.

friism · February 13, 2017, 5:18am

All traffic between cli and daemon is on the Docker socket. Details here: https://docs.docker.com/docker-for-aws/deploy/#/connecting-via-ssh

gimil · February 13, 2017, 4:11pm

@friism thanks for replying the question. However, I don’t want to ssh to the manager node. Instead, I’d like to call the docker API remotely, because I’m working on creating an app to manage the swarm cluster on aws. How do I do that?

friism · February 13, 2017, 4:55pm

If the app managing the cluster is running on the cluster itself then you can run the app on manager nodes and mount the docker socket with -v /var/run/docker.sock:/var/run/docker.sock.

If not on the swarm, then using SSH is really the only secure way to contact managers.