Securing Client and Daemon Communication

The client side of securing the daemon over the network.

We'll cover the following

Let’s look at how to secure the daemon over the network.

Docker implements a client-server model.

  • The client component implements the CLI.
  • The server (daemon) component implements the functionality, including the public-facing REST API.

The client

The client is called docker (docker.exe on Windows), and the daemon is called dockerd (dockerd.exe on Windows). A default installation puts them on the same host and configures them to communicate over a local IPC socket:

  • /var/run/docker.sock on Linux
  • //./pipe/docker_engine on Windows

It’s also possible to configure them to communicate over the network. By default, network communication occurs over an unsecured HTTP socket on port 2375/tcp.

Get hands-on with 1200+ tech skills courses.