Docker API connection via TCP rather than unix socket

Connecting to Docker API via TCP rather than unix socket for security purposes.

This change requires additional actions in the docker configuration to expose the api on a specific local port.

Author: 0xIbra

README.md

@@ -2,6 +2,45 @@ PHP Docker client
 ==================
 > Docker API driver for PHP.
 
+Docker configuration
+--------------------
+Docker Engine API must be exposed on a local port in order to be able to connect.
+
+##### 1. Edit the `docker.service` which by default on debian is located at `/lib/systemd/system/docker.service`  
+
+From this:
+```shell
+# /lib/systemd/system/docker.service
+...
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
+...
+```
+
+To this:
+```shell
+# /lib/systemd/system/docker.service
+...
+ExecStart=/usr/bin/dockerd
+...
+```
+
+##### 2. Edit `/etc/docker/daemon.json` to expose docker api at `127.0.0.1:2375`
+Add `hosts` to the json file as next:
+```json
+{
+  ...
+  "hosts": ["fd://", "tcp://127.0.0.1:2375"]
+  ...
+}
+```
+
+##### 3. Restart Docker completely
+```shell
+systemctl daemon-reload
+systemctl restart docker
+service docker restart
+```
+
 Installation
 ------------
     composer require ibra-akv/php-docker-client
@@ -15,8 +54,7 @@ Initialize client
 use IterativeCode\Component\DockerClient\DockerClient;
 
 $docker = new DockerClient([
-    'docker_base_uri' => 'http://localhost/v1.41', # Optional (default: http://localhost/v1.41)
-    'unix_socket' => '/var/run/docker.sock' # Optional (defaukt: /var/run/docker.sock)
+    'local_endpoint' => 'http://localhost:2375/v1.41', # Optional (default: http://localhost:2375)
 ]);
 
 ```

composer.json

@@ -1,9 +1,8 @@
 {
     "name": "ibra-akv/php-docker-client",
-    "version": "1.41.13",
-    "description": "Docker APIs driver for PHP.",
-    "homepage": "https://github.com/ibra-akv/php-docker-client",
+    "description": "Docker API driver for PHP.",
     "type": "library",
+    "homepage": "https://github.com/ibra-akv/php-docker-client",
     "license": "MIT",
     "authors": [
         {

docs/DockerClient.md

@@ -28,7 +28,7 @@ public __construct($options = [])
 $options : array
 ###### Tags
 **throws**
-- DockerSocketNotFound
+- DockerConnectionFailed
 
 
 #### listContainers()

src/DockerClient.php

@@ -4,7 +4,7 @@
 
 use GuzzleHttp\Exception\GuzzleException;
 use IterativeCode\Component\DockerClient\Exception\BadParameterException;
-use IterativeCode\Component\DockerClient\Exception\DockerSocketNotFound;
+use IterativeCode\Component\DockerClient\Exception\DockerConnectionFailed;
 use IterativeCode\Component\DockerClient\Exception\ResourceBusyException;
 use IterativeCode\Component\DockerClient\Exception\ResourceNotFound;
 use GuzzleHttp\Client as HttpClient;
@@ -18,34 +18,27 @@ class DockerClient
     private $options;
 
     /** @var string */
-    private $dockerApiEndpoint = 'http://localhost';
-
-    /** @var string  */
-    private $unixSocket = '/var/run/docker.sock';
+    private $dockerApiEndpoint = 'http://localhost:2375';
 
     /**
      * DockerClient constructor.
      *
      * @param array $options
      *
-     * @throws DockerSocketNotFound
+     * @throws DockerConnectionFailed
      */
     public function __construct($options = [])
     {
         $this->options = $options;
 
-        if (!empty($options['docker_base_uri'])) {
-            $this->dockerApiEndpoint = $options['docker_base_uri'];
+        if (!empty($options['local_endpoint'])) {
+            $this->dockerApiEndpoint = $options['local_endpoint'];
         }
 
         $this->http = new HttpClient([
             'base_uri' => $this->dockerApiEndpoint,
         ]);
 
-        if (!empty($options['unix_socket'])) {
-            $this->unixSocket = $options['unix_socket'];
-        }
-
         $this->testConnection();
     }
 
@@ -54,13 +47,9 @@ private function testConnection()
         try {
             return $this->info();
         } catch (\Exception $e) {
-            $search = 'failed binding local connection end';
-            if (strpos(strtolower($e->getMessage()), $search) !== false) {
-                $text = sprintf('Could not bind to docker socket at %s', $this->unixSocket);
-                throw new DockerSocketNotFound($text);
-            }
+            $text = sprintf('Docker API connection failed: %s', $this->dockerApiEndpoint);
 
-            throw $e;
+            throw new DockerConnectionFailed($text);
         }
     }
 
@@ -76,7 +65,6 @@ private function testConnection()
      */
     private function request($method, $url, $options = [], $resolveResponse = true)
     {
-        $options = array_replace_recursive(['curl' => [CURLOPT_UNIX_SOCKET_PATH => $this->unixSocket]], $options);
         $response =  $this->http->request($method, $url, $options);
         if ($resolveResponse) {
             return json_decode($response->getBody()->getContents(), true);

src/Exception/DockerSocketNotFound.php renamed to src/Exception/DockerConnectionFailed.php

@@ -2,7 +2,7 @@
 
 namespace IterativeCode\Component\DockerClient\Exception;
 
-class DockerSocketNotFound extends \Exception
+class DockerConnectionFailed extends \Exception
 {
 
 }