Install Docker on Arch Linux and run it remotely

Installation

docker Install the package.

# pacman -Syu docker
# systemctl enable docker
# systemctl restart docker

Make sure the installation is complete and the docker daemon is running.

# docker info

Hello World

Run the container for the first time. If you get the following output, you are successful.

# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:fc6a51919cfeb2e6763f62b6d9e8815acbf7cd2e476ea353743570610737b752
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

Remote access (plaintext)

Server settings

To make docker available to remote hosts, specify the port and expose the Remote API. If you customarily do not encrypt the communication, the port number is 2375.

# systemctl edit docker

config:/lib/systemd/system/docker.service.d/override.conf


[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375
# systemctl daemon-reload
# systemctl restart docker

Client settings

Set the following environment variables.

% export DOCKER_HOST=a300:2375

How to use

The docker command on the client is always executed on the server.

% docker version
Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea
 Built:             Wed Nov 13 07:22:34 2019
 OS/Arch:           darwin/amd64
 Experimental:      false

Server:
 Engine:
  Version:          19.03.6-ce
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.7
  Git commit:       369ce74a3c
  Built:            Thu Feb 13 18:14:54 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.3.3.m
  GitCommit:        d76c121f76a5fc8a462dc64594aea72fe18e1178.m
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Remote access (TLS)

A certificate is required to encrypt communications with TLS. The explanation here is based on the assumption that a self-signed certificate will be created.

Server certificate

First, generate a certificate authority (CA) private key and public key.

# mkdir /etc/docker/certs.d
# cd /etc/docker/certs.d
# openssl genrsa -out ca-key.pem 4096
# openssl req -new -x509 -days 3650 -key ca-key.pem -sha256 -out ca.pem
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:a300
Email Address []:

Create a server private key and a Certificate Signing Request (CSR).

# openssl genrsa -out server-key.pem 4096
# sudo openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr

Generate a server certificate. Here, it is set to be accessible by host name or IP address.

config:/etc/docker/certs.d/extfile.cnf


subjectAltName = DNS:a300,IP:192.168.0.16,IP:127.0.0.1
extendedKeyUsage = serverAuth
# openssl x509 -req -days 3650 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf
# rm server.csr extfile.cnf

Set permissions so that anyone can access the certificate so that only root (Docker) can access the private key.

# chmod -v 0400 ca-key.pem server-key.pem
# chmod -v 0444 ca.pem server-cert.pem

Client certificate

Create a client private key and a Certificate Signing Request (CSR).

# openssl genrsa -out key.pem 4096
# sudo openssl req -subj '/CN=mbp2015' -new -key key.pem -out client.csr

Generate a client certificate.

config:/etc/docker/certs.d/extfile-client.cnf


extendedKeyUsage = clientAuth
# openssl x509 -req -days 3650 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile-client.cnf
# rm client.csr extfile-client.cnf

If you cannot ssh login to the server with root privileges, you will need to go to your home directory and change the administrator to get the client certificate and private key with scp.

# mv key.pem ~
# mv cert.pem ~
# cp ca.pem ~
# chown $USER key.pem cert.pem ca.pem
% mkdir -p ~/.docker/certs.d
% scp a300:~/key.pem ~/.docker/certs.d
% scp a300:~/cert.pem ~/.docker/certs.d
% scp a300:~/ca.pem ~/.docker/certs.d
% chmod 400 ~/.docker/certs.d/key.pem
% chmod 444 ~/.docker/certs.d/cert.pem ~/.docker/certs.d/ca.pem

Be sure to delete the client private key from the server. You can use this private key to run docker without sudo. This is the same as giving that user root privileges.

# rm ~/key.pem ~/cert.pem ~/ca.pem

Server settings

To make docker available to remote hosts, specify the port and expose the Remote API. The port number for customarily encrypting communications is 2376.

# systemctl edit docker

config:/lib/systemd/system/docker.service.d/override.conf


[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H fd:// -H tcp://0.0.0.0:2376
# systemctl daemon-reload
# systemctl restart docker

Client settings

Set the following environment variables.

% export DOCKER_CERT_PATH=~/.docker/certs.d
% export DOCKER_HOST=a300:2376
% export DOCKER_TLS_VERIFY=1

How to use

The docker command on the client is always executed on the server.

% docker version
Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea
 Built:             Wed Nov 13 07:22:34 2019
 OS/Arch:           darwin/amd64
 Experimental:      false

Server:
 Engine:
  Version:          19.03.6-ce
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.7
  Git commit:       369ce74a3c
  Built:            Thu Feb 13 18:14:54 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.3.3.m
  GitCommit:        d76c121f76a5fc8a462dc64594aea72fe18e1178.m
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Auto-completion

zsh

In .zshrc, specify the path of the directory where you want to put the definition file in fpath.

fpath=($ZDOTDIR/completion $fpath)
autoload -Uz compinit
compinit -i -d "$ZCACHEDIR/.zcompdump"

Get the docker and docker-compose definition files and restart the shell.

mkdir $ZDOTDIR/completion
curl -L https://raw.githubusercontent.com/docker/cli/master/contrib/completion/zsh/_docker > $ZDOTDIR/completion/_docker
curl -L https://raw.githubusercontent.com/docker/compose/master/contrib/completion/zsh/_docker-compose > $ZDOTDIR/completion/_docker-compose
exec $SHELL -l

Recommended Posts

Install Docker on Arch Linux and run it remotely
Install Minecraft on Arch Linux
Install and run dropbox on Ubuntu 20.04
Install Arch Linux on DeskMini A300
How to install OpenCV on Cloud9 and run it in Python
Install wsl2 and master linux on windows
Install and launch k3s on Manjaro Linux
Install and Configure TigerVNC server on Linux
Run Keycloak on Amazon Linux 2 without Docker
Until you install Arch Linux on VMware
Install ROS and ROS module for Roomba on RaspberryPi3 and try to run it
Install Python3 and Django on Amazon Linux (EC2) and run your web server
Install and run Python3.5 + NumPy + SciPy on Windows 10
jblas on Arch Linux
Install docker on Fedora31
Install Docker on AWS
Install Python 3.6 on Docker
How to install Fast.ai on Alibaba Cloud GPU and run it on Jupyter notebook
Install selenium on Mac and try it with python
Install Apache 2.4 on Ubuntu 19.10 Eoan Ermine and run CGI
Install and develop Git, VSCode, Docker on Chrome OS
Compile and install MySQL-python for python2.7 on amazon linux
Downgrade Mcomix on Arch Linux
Install the JDK on Linux
Recording and playback on Linux
Install tomcat 5.5 on Amazon Linux.
Install Homebrew on Amazon Linux 2
Run IPython Notebook on Docker
Install Docker on WSL Ubuntu 18.04
Install strongSwan 5.9.1 on Amazon Linux 2
Run FreeBSD on Linux + qemu
Install LAMP on Amazon Linux 2 and build a WordPress environment.
Install Python Pillow on Amazon Linux
[MariaDB] Install MariaDB on Linux and create a DB and an operating user.
raspberry pi 4 centos7 install on docker
Install Mecab and mecab-python3 on Ubuntu 14.04
Install oracle java8 on amazon linux2
Install OpenCV and Chainer on Ubuntu
Install mecab on Sakura shared server and call it from python
(Windows10) Install Linux environment and gnuplot.
Install CUDA 8.0 and Chainer on Ubuntu 16.04
Build and install OpenCV on Windows
Install CUDA on Linux Mint Mate 20
Completion of docker command on Linux
Run a Linux server on GCP
How to install VMware-Tools on Linux
Install pyenv on EC2 (Amazon Linux)
Run TensorFlow Docker Image on Python3
Run Matplotlib on a Docker container
Rip Music CDs on Arch Linux
[Linux] Docker environment construction on Redhat
Install fabric on Ubuntu and try
[Note] Install Imagick on Amazon Linux2
[Note] Run Django on Amazon Linux 2
Install lp_solve on Mac OS X and call it with python.
Run docker-compose on Amazon Linux2 on ARM64
Prepare a machine learning project format and run it on SageMaker
Install easy_install and pip on windows
Until you install and run matplotlib
Run cron on Amazon Linux (set on Linux)
Until you install Apache and Tomcat on Linux (CentOS) and deploy Java apps