Securing docker daemon

Best practices for securing the Docker daemon, including using TLS and avoiding insecure remote access.

Posted Jan 6, 2022 Updated Mar 28, 2026

By Jan Toth

1 min read

Securing docker daemon

Best practices

By default, the Docker daemon listens on a Unix socket which is only accessible locally. Exposing the daemon over TCP without TLS is insecure and should be avoided. When remote access is needed, always enable TLS encryption.

  
export DOCKER_HOST=192.1681.2 <---- insecure
/var/run/docker.sock   < --- secure
export DOCKER_TLS=true

Docker

This post is licensed under CC BY 4.0 by the author.

Best practices

Trending Tags