Though it is usually hidden behind the docker client binary or other tools,
direct communication with the docker
(REST-ish) is sometimes needed in order to debug, understand proper usage, or
simply to learn more about the internals of how Docker works. By default the
Docker daemon listens on a UNIX socket located at
incoming HTTP requests, but also can be exposed on a TCP port. In most cases,
however, the TCP port exposing the Docker API is secured with TLS (otherwise
anyone with access to the API could quite trivially root the box where Docker
is running) and accessing TLS-secured endpoints using
curl can be a real
Communication with UNIX sockets was added in cURL version 7.40, but many Linux distributions come with and/or have an older version in their package manager. If our host distribution’s package version is out of date, we might consider using a container for the proper curl version. However, many of the library images have the same issue. Out of the box in a Debian Jessie container at the time of writing, for instance, we get a slightly older version:
We could build an image to compile
curl from source and use that, but the
resulting image would likely be several hundred megabytes in size. That is
very expensive for a simple image just to run some curl commands on a socket.
Building a small image to run the right curl
Luckily, the very exciting Alpine Linux project
has both a very small disk footprint, and a version of
curl which is
sufficiently up-to-date in their package manager. Consequently a small
Dockerfile such as this:
Will produce a resulting image which is only about 10MB in size, but contains
the curl command we need. I have such an image hosted at
(or you could build your own with the Dockerfile above), so to run curl on the
UNIX socket simply mount the socket in to a container based on this image:
You could make other images which inherit this small base image and add more
fancy stuff like
jq, but for simple debugging purposes a small Alpine-based
image works quite well.
I hope this helps in making communicating with the Docker UNIX socket a bit easier.
Until next time, stay sassy Internet.