Securing Client and Daemon Communication
The client side of securing the daemon over the network.
We'll cover the following
Let’s look at how to secure the daemon over the network.
Docker implements a client-server model.
- The client component implements the CLI.
- The server (daemon) component implements the functionality, including the public-facing REST API.
The client
The client is called docker
(docker.exe
on Windows), and the daemon is called dockerd
(dockerd.exe
on Windows). A default installation puts them on the same host and configures them to communicate over a local IPC socket:
/var/run/docker.sock
on Linux//./pipe/docker_engine
on Windows
It’s also possible to configure them to communicate over the network. By default, network communication occurs over an unsecured HTTP socket on port 2375/tcp
.
Get hands-on with 1200+ tech skills courses.