Remote management of docker

SandVP · January 16, 2021 at 7:06 PM

Hi

I have been trying to enable remote management of docker but the guide I try to follow seem to not work for libreeelec. dockerd | Docker Documentation

So how can I manage the docker containers on libreelec from a remote portainer?

elonesna · January 16, 2021 at 9:25 PM

I don't know how others do things, I'm going to tell you what I do:

In LE I have many server services installed, and among them are Zerotier and WireGuard, for the remote connection I preferably use Zerotier VPN, where my LE has the IP address 10.10.10.1, and as an alternative I also have WireGuard VPN available, where my LE has the IP address 10.10.20.1. So then, with my smartphone from anywhere I can access to portainer in LE with the IPs 10.10.10.1 and 10.10.20.1, and check, for example, which containers have been updated by the container updater ouroboros, and also put running and stopping other containers. Obviously, with my smartphone I can open an SSH session with Termius or an SFTP session with the X-plore file explorer at any time to do other things.

Does this help you?

SandVP · January 17, 2021 at 2:21 PM

Hi elonesna. Thank you for that suggestion. It might be slightly overdoing it for my initial plan though. Maybe I should have elaborated a bit.

I have a portainer on another server. On that I have 2 "homes" as seen here, one on the local machine an another on an odroid.

So I just wanted to be able to add the docker service running on libreeelec to this list as well. But it is somehow setup in a different way than all the guides are explaining.

elonesna · January 17, 2021 at 2:41 PM

My devices are based on LibreELEC and CoreELEC. Not all are in the same home, but in four different homes. I have a main server with hard drives and satellite tuners in my main home, and a distant secondary server that sends SAT>IP TV channels to main server.

Well, all devices are networked via Zerotier in domain 10.10.10.0 and also via WireGuard in domain 10.10.20.0. This allows me to make changes to the networks without irretrievably losing the connection with the devices.

I have no problem managing all devices with my smartphone via SSH, SFTP and VNC from anywhere.

SandVP · March 15, 2021 at 5:30 PM

I got it working.

BEWARE OF SECURITY ISSUES

The below guide is an un-secured and un-authenticated method.

I am using this on a LAN with myself as the only user with access.

On the libreelec host go to the folder:

cd /storage/.config/system.d/

edit the docker.service config file:

nano docker.service

Add

-H unix:///var/run/docker.sock/

and

-H tcp://0.0.0.0:2375/

to the ExecStart option.

E.g. my docker.service file now looks like this:

Code

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target


[Service]
Type=notify
Environment=PATH=/bin:/sbin:/usr/bin:/usr/sbin:/storage/.kodi/addons/service.system.docker/bin
ExecStartPre=/storage/.kodi/addons/service.system.docker/bin/docker-config
EnvironmentFile=-/storage/.kodi/userdata/addon_data/service.system.docker/config/docker.conf
ExecStart=/storage/.kodi/addons/service.system.docker/bin/dockerd --exec-opt native.cgroupdriver=systemd \
--log-driver=journald \
--group=root \
$DOCKER_DAEMON_OPTS \
$DOCKER_STORAGE_OPTS \
-H unix:///var/run/docker.sock \
-H tcp://0.0.0.0:2375
ExecReload=/bin/kill -s HUP $MAINPID
TasksMax=8192
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal


[Install]
WantedBy=multi-user.target
Alias=docker.service

Display More

Test the connection from the client machine:

docker -H 0.0.0.0:2375 info

(where 0.0.0.0 should be the actual ip of the libreelec host.)

If the connection works you will get a bunch of info printed and as mentioned initially a warning about security:

Code

WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface

Remote management of docker

Similar Threads

Chrome Addon missing Video Acceleration Information