Quick - how to: Remote access your docker machine (Debian example)

If you’ve installed docker on a Debian linux machine following the guide on docker.com, you are able to control your containers only if you SSH into this machine or open some kind of tunnel (e.g. Putty) or configure NAT in case of a local vm.

Reason: the default installation of docker only listens to local sockets.

To access the docker machine from a remote client the docker service needs to be configured differently.

/etc/default/docker is a configuration file with a DOCKER_OPTS environment variable. Normally you would set the option -H tcp://ip-address:port here.

The problem: this option gets ignored with docker on Debian.

On Debian you have to modify the service description docker.service located under /etc/systemd/system/multi-user.target.wants

The key ExecStart should edited like this:

ExecStart=/usr/bin/docker daemon -H tcp://

( are all network interfaces – alternatively you can set another ip address here, f.i. if you have more than one network interface)

After editing the docker.service the systemctl daemon needs to be reloaded with

systemctl daemon-reload

After a restart of docker with

service docker restart

docker should be reachable via remote client.

Remark: if you are logged into your docker machine you need to set global DOCKER_HOST environment variable to tcp://, otherwise the docker command will not work.

export DOCKER_HOST=tcp://

On your remote client you also need to set DOCKER_HOST environment variable with ip-address and port of your docker machine:

for Windows: set DOCKER_HOST=tcp://x.x.x.x:2375

for OS X/Linux: export set DOCKER_HOST=tcp://x.x.x.x:2375

Now you can create/delete/control your containers and images of your remote docker machine with your local docker installation.

Hint – Small local docker installation:

On OS X: Just install Docker Toolbox, but don’t install Kinematic and Oracle VM (VirtualBox)! – following this guide: https://docs.docker.com/engine/installation/mac/

On Windows: Use Chocolatey to install a simple and clean docker client without the Oracle VM and Kitematic from Docker Toolbox.


Be warned: The docker endpoint has no security at this time and is reachable in your local network without authentication or encryption!