According to most literature you've got two options when trying to manage a docker daemon on a remote machine.
- Configure SSL and keys on both machines.
- SSH to the remote machine and run commands there directly.
The former works pretty well for production but is kind of a pain to configure. The latter means you can't build from local code without putting everything on the remote machine.
A reasonably effective solution
Communication to a local Docker daemon is done via a unix domain sock. We've already got SSH to manage our remote boxes, so setting up another secure tunnel and opening up another port feels a little silly anyway. Luckily we can just listen on a local unix domain sock and forward that traffic to the unix domain sock the remote docker daemon is listening to via SSH.
Socat is the tool for this job.
socat "UNIX-LISTEN:/tmp/docker_remote.sock,reuseaddr,fork" \ "EXEC:ssh user@host socat STDIO UNIX-CONNECT\:/var/run/docker.sock"
Docker can now be invoked locally with
docker -H unix://tmp/docker_remote.sock
and will happily run commands on our remote docker daemon just as if we'd
configured the SSL tunnel.
I've got a shell script that makes this a little more user friendly in a gist.