With automation in mind, when you want to execute docker commands remotely, you want to do it in a secure manner, as you don’t want to expose your Docker port to the whole world.
One way in doing that, is forwarding the remote docker socket via a local port over a SSH Tunnel. With this way, you can execute docker commands locally on your workstation, as if the swarm is running on your workstation/laptop/node/bastion host etc.
Without the tunnel, I have a swarm on my laptop with no running services:
As you can see, we have no services running, but the remote swarm has a couple, so after forwarding the connection, we should see our remote services.
Setting up the SSH Tunnel:
Here we will forward the remote docker socket:
/var/run/docker.sock to a local port bound to localhost:
Now the SSH Tunnel will be established, and you can detach your screen session, or open a new shell session. To detach your screen session:
'ctrl + a' then d
Verifying that the tunnel is established:
You can use netstat to verify that the port is listening:
Inform the Docker Client to use the Port:
Now we need to inform the docker client, to use the new port to talk to the docker daemon. We do that by setting the
DOCKER_HOST environment variable to point to
This will remain for the lifetime of the shell session.
Testing it Out:
Now we can run our commands locally, and we should see the output of our remote swarm:
1 2 3 4 5
Terminating our SSH Tunnel:
To terminate our SSH Tunnel, reconnect to your shell session, and hit
ctrl + c:
1 2 3 4
ctrl + c :
And exit the screen session:
With this way, you can do lots of automation with docker swarm, not limited to swarm, but one of them.