Docker Docker Engine API Enable Remote Access with TLS on Systemd
Example
Copy the package installer unit file to /etc where changes will not be overwritten on an upgrade:
cp /lib/systemd/system/docker.service /etc/systemd/system/docker.service
Update /etc/systemd/system/docker.service with your options on ExecStart:
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2376 \
--tlsverify --tlscacert=/etc/docker/certs/ca.pem \
--tlskey=/etc/docker/certs/key.pem \
--tlscert=/etc/docker/certs/cert.pem
Note that dockerd is the 1.12 daemon name, prior it was docker daemon. Also note that 2376 is dockers standard TLS port, 2375 is the standard unencrypted port. See this page for steps to create your own TLS self signed CA, cert, and key.
After making changes to the systemd unit files, run the following to reload the systemd config:
systemctl daemon-reload
And then run the following to restart docker:
systemctl restart docker
It's a bad idea to skip TLS encryption when exposing the Docker port since anyone with network access to this port effectively has full root access on the host.
