Docker remote daemon (TCP): Cannot connect to the Docker daemon

I’m trying to connect a docker daemon from a client to a remote host via TCP but I’m getting this error:

What could be possible reasons for that? What is a proper debugging approach for finding a solution?

• System: Ubuntu 18.04 (client and host)
• ufw: enabled for all incoming & outgoing (for testing purposes)
• access rights: working with root on client & host

WHAT I DID

On host:

Add and save these lines:

Check if it worked:

Test with docker:

Everything worked on the host. However, when I’m trying to connect from the client with the remote host I’m getting an error.

On client:

Connecting via ssh works:

1 Answer 1

You have the Docker daemon listening on the localhost address, 127.0.0.1 . You won’t be able to connect to that from a remote host. The only host that can connect to that address is. the local host.

To have the Docker daemon accept connections from remote hosts, you probably want:

That means, «listen for connections from all hosts». But you don’t really want that, because that would grant unauthenticated root access to your system to anyone who was able to connect to that port. You could use iptables to limit access to only particular remote hosts, but it’s still a problem, because anybody able to access any of those hosts would have, againt, unauthenticated root access to your Docker host.

What you really want to do is to read through «Protect the Docker daemon socket», which discusses how to set up certificate-based authentication for remote connections to the Docker daemon. Unlike the examples in your question, the configuration discussed in that document requires clients to authenticate using an SSL certificate.

This is much more more secure than permitting unauthenticated access from anywhere, and it is somewhat more than allowing unauthenticated access from specific hosts (because filesystem ownership and permissions can be used to restrict access to the SSL private keys required to grant access to the docker daemon).

[WSL] Cannot connect to the Docker daemon at tcp://127.0.0.1:2375. Is the docker daemon running? #3570

Comments

maxoyed commented Mar 14, 2019 •

I have tried with the latest version of my channel (Stable or Edge) I have uploaded Diagnostics Diagnostics ID: B8B66D54-EA07-4F2B-BB6A-03443045A59A/20190315005129

Expected behavior

Run docker info correctly under WSL.

Actual behavior

Cannot connect to the Docker daemon at tcp://127.0.0.1:2375.

Information

• Windows Version: Windows10 1809(PF0I6WPO)
• Docker for Windows Version: 2.0.0.3 (31259)
• WSL Version:
  

Steps to reproduce the behavior

Go to Docker Settings->General->Expose daemon on tcp://localhost:2375 without TLS

Open WSL terminal and export DOCKER_HOST=127.0.0.1:2375

Run docker info unber WSL , and get the Cannot connect to the Docker daemon at tcp://127.0.0.1:2375. Is the docker daemon running?

The text was updated successfully, but these errors were encountered:

maxoyed commented Mar 15, 2019

I already fixed this issue.
(By purge my Hyper-V environment and re-create a docker machine)

bigwhoop commented Jun 11, 2019

I had the same issue after installing the latest Windows updates and wanted to shed some light on what I did to make it work again.

First I tried to reinstall Docker for Windows, to no avail. Then I tried to remove the Hyper-V VM . but that still didn’t help either.

What finally did the trick was going to «Turn Windows features on or off», deselect «Hyper-V», restart, go to «Turn Windows features on or off» again, select «Hyper-V» again and restart a last time. Afterwards docker was reachable again.

danpalmer-niceincontact commented Sep 26, 2019 •

This fixed the issue for me:

Check to see if windows is listening on port 2375 by running netstat -ano | findstr 2375 . If it isn’t listening and docker is running w/ the «Expose daemon on tcp://localhost:2375 without TLS» then my issue might be the same thing you’re experiencing. Do the following:

netsh interface ipv4 show excludedportrange protocol=tcp

if you see a port range listed that includes port 2375, you can confirm that this is likely your issue.

Disable hyper-v and reboot
Run netsh int ipv4 add excludedportrange protocol=tcp startport=2375 numberofports=1 to reserve port 2375
Enable hyper-v and reboot

Hope this helps!

StarGate01 commented Oct 7, 2019

Thank you, @danpalmer-niceincontact, this fixed my system. Do you have an idea what could have caused this? Multiple network adapters, internet sharing, .

xXGoziXx commented Jan 16, 2020

*netstat -ano | findstr 2375

danpalmer-niceincontact commented Jan 16, 2020

*netstat -ano | findstr 2375

fixed my typo, thanks

Nareshgitty commented Jan 20, 2020

Follow following steps for window 10 docker version : Version 2.0.0.3 (31259) or above
Step 1: Right click on «Dcoker Desktop is running icon »
Step 2: click on Settings
Step 3: In “General Tab” you must enable checkbox “Expose Demon on tcp://localhost:2375 without TLS”

maximgeerinck commented Feb 3, 2020

Check to see if windows is listening on port 2375 by running netstat -ano | findstr 2375 . If it isn’t listening and docker is running w/ the «Expose daemon on tcp://localhost:2375 without TLS» then my issue might be the same thing you’re experiencing. Do the following:

netsh interface ipv4 show excludedportrange protocol=tcp

if you see a port range listed that includes port 2375, you can confirm that this is likely your issue.

Disable hyper-v and reboot
Run netsh int ipv4 add excludedportrange protocol=tcp startport=2375 numberofports=1 to reserve port 2375
Enable hyper-v and reboot

Thanks this worked!

dsmith73 commented Apr 8, 2020 •

Tried it. Still no luck. 🙁

netstat -ano | findstr 2375
TCP 127.0.0.1:2375 0.0.0.0:0 LISTENING 13120

Still not working.
docker context ls
$ docker context ls NAME DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR default * Current DOCKER_HOST based configuration tcp://127.0.0.1:2375 swarm Warning: DOCKER_HOST environment variable overrides the active context. To use a context, either set the global —contex t flag, or unset DOCKER_HOST environment variable.

docker ps
$ docker ps Cannot connect to the Docker daemon at tcp://127.0.0.1:2375. Is the docker daemon running?

netsh gives the following:
`netsh interface ipv4 show excludedportrange protocol=tcp

Protocol tcp Port Exclusion Ranges Start Port End Port

• • Administered port exclusions.`

wisehackermonkey commented May 13, 2020 •

i’m exhibitying the same issue.

what i ran (windows bash ubuntu18.04)

what i expected

what happend

what ive tried

@danpalmer-niceincontact solution,

• turned off hyper-v
• rebooted,
• turn on hyper v.

my system info

my system was updated by docker to use the new wsl 2

docker context ls

docker ps

docker wsl 2

windows version

any thoughts?

simonmatt commented May 15, 2020 •

I did every step by the official guide, then this issue occurs. I tried to remove the variable export DOCKER_HOST=tcp://localhost:2735 from

/.zshrc on my WSL Ubuntu, and then restarted terminal, after that, it works properly with command docker version on WSL.
If you guys using

/.bashrc , maybe you try to remove the variable from your

OS: Windows 10 build 19041
WSL2: Ubuntu 18.04
Docker Desktop: 2.3.0.2(45183)

andre-orion commented May 17, 2020 •

Isso corrigiu o problema para mim:

Verifique se o Windows está escutando na porta 2375 executando netstat -ano | findstr 2375 . Se ele não estiver ouvindo e o docker estiver em execução com o «Daemon Expose no tcp: // localhost: 2375 sem TLS», meu problema pode ser o mesmo que você está enfrentando. Faça o seguinte:

netsh interface ipv4 show excludedportrange protocol=tcp

se você vir um intervalo de portas listado que inclua a porta 2375, poderá confirmar que esse é provavelmente o seu problema.

Desativar hyper-v e reinicialização
Execute netsh int ipv4 add excludedportrange protocol=tcp startport=2375 numberofports=1 para reservar a porta 2375
Ativar hyper-v e reinicialize

Espero que isto ajude!

@danpalmer-niceincontact ! You certainly helped a lot to clear my head. But, the determinant was the hint of @simonmatt ( #3570 (comment) ) Thank you very much!

In my bash file I remove two lines:
export DOCKER_HOST=tcp://localhost:2735
export DOCKER_HOST=tcp://127.0.0.1:2735

I restarted the terminal and it worked fine!

OS: Windows 10 build 19041

WSL2: Ubuntu 18.04

Docker Desktop: 2.3.0.2(45183)

#WSL UBUNTU
$ docker version
Client: Docker Engine — Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:25:46 2020
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine — Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:29:16 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683

WSL2 Cannot connect to the Docker daemon

here is my setup:

• Windows 10 PRO — build 19041.153 — insider program — slow ring
• Ubuntu 18.04LTS subsystem in WSL2 mode
• Docker for desktop 2.2.0.4 — enabled WSL2 integration with my Ubuntu subsystem

I was currently forced to use Windows for development, so I became microsoft insider member and installed ubuntu with WSL2 mode. Docker desktop supports intergration for WSL2, so I tried it. For a week it worked flawlessly. Today after PC restart, I can’t get docker running again. Ubuntu can see injected binaries from Docker desktop, but it can’t connect to windows hosted docker daemon anymore.

When I call in subsys terminal docker info it returns

or with docker-compose up

What I’ve tried already:

• expose daemon without TLS with envs like DOCKER_HOST=localhost:2375 , DOCKER_HOST=tcp://localhost:2375 , DOCKER_HOST=127.0.0.1:2375 , DOCKER_HOST=tcp://127.0.0.1:2375 => same result
• uninstall Docker desktop and install previous version
• turn off win firewall

I really, really need this to work. Thanks for any ideas. Weirdest thing is it worked yesterday and I didn’t make any changes in system from then.

5 Answers 5

I know this may be outdated for present question, but this should save us precious time, especially when Windows 20H1=2004 is going to Production this month (May 2020).

Operating System Version: Windows 10 Education (Same as Enterprise and a superset of Pro).
Version: 2004
Build (Version OS): 19041.264
Others: Windows Feature Experience Pack 120.2202.130.0.

Shell: WSL Terminal

First, i have installed WSL v1 previously, then executed procedure for upgrade to WSL v2, and this error shows up: «ERROR: Cannot connect to the Docker daemon at tcp://localhost:2375. Is the docker daemon running?».

Second, to fix that, I followed instructions stated here: Link, and it worked.

Third, after some tests i think the missing change in the upgrade, was remove DOCKER_HOST variable from shell’s start script.

SUMMARY: In my case, the procedure for a permanent fix should be following STEPs:

1. Test if it’s your case unsetting DOCKER_HOST variable (See image below).

2. If the error disappears with previous step, then time to fix changes removing setting of DOCKER_HOST variable in the shell’s start script (In my case was $HOME/.bashrc).
Commented this out:
#export DOCKER_HOST=tcp://localhost:2375
#export DOCKER_BUILDKIT=1

NOTE: Also include DOCKER_BUILDKIT.

3. Close and open the Terminal.

Test in Step 1:

Cannot connect to the Docker daemon on bash on Ubuntu windows

I am able to install docker, docker-compose and docker-machine

However when I try to run

Is there any suggestion for solving this problem?

7 Answers 7

Running docker against an engine on a different machine is actually quite easy, as Docker can expose a TCP endpoint which the CLI can attach to.

This TCP endpoint is turned off by default; to activate it, right-click the Docker icon in your taskbar and choose Settings, and tick the box next to “Expose daemon on tcp://localhost:2375 without TLS”.

With that done, all we need to do is instruct the CLI under Bash to connect to the engine running under Windows instead of to the non-existing engine running under Bash, like this:

There are two ways to make this permanent – either add an alias for the above command or export an environment variable which instructs Docker where to find the host engine (NOTE: make sure to use single apostrophe’s below):

Now, running docker commands from Bash works just like they’re supposed to.

The Docker client and server can now be installed and run purely in WSL without Docker Desktop for Windows if you are running Windows 10 version 1803 or greater. I have it working on the following WSL:

Simply follow the same instructions to install on Ubuntu but make sure to choose a specific version to install. Presently, version 18.06.1

ubuntu works fine but later versions up to 5:18.09.6

ubuntu-bionic have an issue with starting up a container. The following command will install the latest working version:

To get the Docker server running in WSL after installation, close all open terminals and start a new Ubuntu terminal as administrator (i.e., right click the Ubuntu shortcut and click ‘Run as administrator’). Finally, run the following commands:

sudo service docker start will have to be run each time Windows is rebooted. However, if you wish to avoid that, you can automate it using the Task Scheduler and a shell script by following the steps listed here.