The Docker Engine can be installed as a standalone instance, to be shared remotely as a service.
From arivis Cloud, the segmentation container is Linux based, so for both reduced costs and ease of implementation, we would recommend a Linux based distribution to host the Docker Engine.
Here is an overview of the required steps when creating the virtual machine on AWS.
Set up Docker's apt repository:
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
Install the Docker packages:
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Configure remote access for Docker daemon | Docker Docs
Please note opening TCP to the Docker Engine is a security risk.
Connection to the containers can provide root access. Ensure that necessary firewall restrictions are in place to allow only expected clients. Within a Cloud environment external access is typically blocked by default but access from other machines within the virtual network need to be considered.
Edit the systemctl service override:
sudo systemctl edit docker.service
The Docker instructions specify using 127.0.0.1, which will only bind to the localhost interface. To permit external connections, 0.0.0.0 will listen on all interfaces, you can modify this to a specific interface IP as required.
Add these lines between the top comments:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375
Save the file (CTRL+X) and reload the systemctl configuration.
sudo systemctl daemon-reload
Restart Docker
sudo systemctl restart docker.service
Within AWS the VM Security Group settings must receive a new port rule to allow 2375 from any specific clients that need to connect. Also a port range for the containers is required (if 10 containers may run in parallel, use 5000-5009):
Last updated: 2025.02.18
Code snippets were used from the links provided at the time of writing. Check the contained links for updates to any presented commands.