Remote management of docker

  • I don't know how others do things, I'm going to tell you what I do:

    In LE I have many server services installed, and among them are Zerotier and WireGuard, for the remote connection I preferably use Zerotier VPN, where my LE has the IP address 10.10.10.1, and as an alternative I also have WireGuard VPN available, where my LE has the IP address 10.10.20.1. So then, with my smartphone from anywhere I can access to portainer in LE with the IPs 10.10.10.1 and 10.10.20.1, and check, for example, which containers have been updated by the container updater ouroboros, and also put running and stopping other containers. Obviously, with my smartphone I can open an SSH session with Termius or an SFTP session with the X-plore file explorer at any time to do other things.

    Does this help you?

    Edited 3 times, last by elonesna (January 16, 2021 at 9:50 PM).

  • Hi elonesna. Thank you for that suggestion. It might be slightly overdoing it for my initial plan though. Maybe I should have elaborated a bit.

    I have a portainer on another server. On that I have 2 "homes" as seen here, one on the local machine an another on an odroid.

    So I just wanted to be able to add the docker service running on libreeelec to this list as well. But it is somehow setup in a different way than all the guides are explaining.

  • My devices are based on LibreELEC and CoreELEC. Not all are in the same home, but in four different homes. I have a main server with hard drives and satellite tuners in my main home, and a distant secondary server that sends SAT>IP TV channels to main server.

    Well, all devices are networked via Zerotier in domain 10.10.10.0 and also via WireGuard in domain 10.10.20.0. This allows me to make changes to the networks without irretrievably losing the connection with the devices.

    I have no problem managing all devices with my smartphone via SSH, SFTP and VNC from anywhere.

    Edited once, last by elonesna (January 17, 2021 at 6:16 PM).

  • I got it working.

    BEWARE OF SECURITY ISSUES

    The below guide is an un-secured and un-authenticated method.

    I am using this on a LAN with myself as the only user with access.

    On the libreelec host go to the folder:

    cd /storage/.config/system.d/

    edit the docker.service config file:

    nano docker.service

    Add

    -H unix:///var/run/docker.sock/

    and

    -H tcp://0.0.0.0:2375/

    to the ExecStart option.

    E.g. my docker.service file now looks like this:

    Test the connection from the client machine:

    docker -H 0.0.0.0:2375 info

    (where 0.0.0.0 should be the actual ip of the libreelec host.)

    If the connection works you will get a bunch of info printed and as mentioned initially a warning about security:

    Code
    WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
    Access to the remote API is equivalent to root access on the host. Refer
    to the 'Docker daemon attack surface' section in the documentation for
    more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface