Docker-Docs/config/daemon/systemd.md

256 lines
8.6 KiB
Markdown

---
description: Controlling and configuring Docker using systemd
keywords: docker, daemon, systemd, configuration
redirect_from:
- /engine/articles/systemd/
- /articles/systemd/
- /engine/admin/systemd/
title: Control Docker with systemd
---
Many Linux distributions use systemd to start the Docker daemon. This document
shows a few examples of how to customize Docker's settings.
## Start the Docker daemon
### Start manually
Once Docker is installed, you need to start the Docker daemon.
Most Linux distributions use `systemctl` to start services. If you
do not have `systemctl`, use the `service` command.
- **`systemctl`**:
```bash
$ sudo systemctl start docker
```
- **`service`**:
```bash
$ sudo service docker start
```
### Start automatically at system boot
If you want Docker to start at boot, see
[Configure Docker to start on boot](../../engine/install/linux-postinstall.md#configure-docker-to-start-on-boot).
## Custom Docker daemon options
There are a number of ways to configure the daemon flags and environment variables
for your Docker daemon. The recommended way is to use the platform-independent
`daemon.json` file, which is located in `/etc/docker/` on Linux by default. See
[Daemon configuration file](../../engine/reference/commandline/dockerd.md#daemon-configuration-file).
You can configure nearly all daemon configuration options using `daemon.json`. The following
example configures two options. One thing you cannot configure using `daemon.json` mechanism is
a [HTTP proxy](#http-proxy).
### Runtime directory and storage driver
You may want to control the disk space used for Docker images, containers,
and volumes by moving it to a separate partition.
To accomplish this, set the following flags in the `daemon.json` file:
```none
{
"data-root": "/mnt/docker-data",
"storage-driver": "overlay2"
}
```
### HTTP/HTTPS proxy
The Docker daemon uses the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environmental variables in
its start-up environment to configure HTTP or HTTPS proxy behavior. You cannot configure
these environment variables using the `daemon.json` file.
This example overrides the default `docker.service` file.
If you are behind an HTTP or HTTPS proxy server, for example in corporate settings,
you need to add this configuration in the Docker systemd service file.
> **Note for rootless mode**
>
> The location of systemd configuration files are different when running Docker
> in [rootless mode](../../engine/security/rootless.md). When running in rootless
> mode, Docker is started as a user-mode systemd service, and uses files stored
> in each users' home directory in `~/.config/systemd/user/docker.service.d/`.
> In addition, `systemctl` must be executed without `sudo` and with the `--user`
> flag. Select the _"rootless mode"_ tab below if you are running Docker in rootless mode.
<ul class="nav nav-tabs">
<li class="active"><a data-toggle="tab" data-target="#rootful">regular install</a></li>
<li><a data-toggle="tab" data-target="#rootless">rootless mode</a></li>
</ul>
<div class="tab-content">
<div id="rootful" class="tab-pane fade in active" markdown="1">
1. Create a systemd drop-in directory for the docker service:
```bash
sudo mkdir -p /etc/systemd/system/docker.service.d
```
2. Create a file named `/etc/systemd/system/docker.service.d/http-proxy.conf`
that adds the `HTTP_PROXY` environment variable:
```conf
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
```
If you are behind an HTTPS proxy server, set the `HTTPS_PROXY` environment
variable:
```conf
[Service]
Environment="HTTPS_PROXY=https://proxy.example.com:443"
```
Multiple environment variables can be set; to set both a non-HTTPS and
a HTTPs proxy;
```conf
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
Environment="HTTPS_PROXY=https://proxy.example.com:443"
```
3. If you have internal Docker registries that you need to contact without
proxying you can specify them via the `NO_PROXY` environment variable.
The `NO_PROXY` variable specifies a string that contains comma-separated
values for hosts that should be excluded from proxying. These are the
options you can specify to exclude hosts:
* IP address prefix (`1.2.3.4`)
* Domain name, or a special DNS label (`*`)
* A domain name matches that name and all subdomains. A domain name with
a leading "." matches subdomains only. For example, given the domains
`foo.example.com` and `example.com`:
* `example.com` matches `example.com` and `foo.example.com`, and
* `.example.com` matches only `foo.example.com`
* A single asterisk (`*`) indicates that no proxying should be done
* Literal port numbers are accepted by IP address prefixes (`1.2.3.4:80`)
and domain names (`foo.example.com:80`)
Config example:
```conf
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
Environment="HTTPS_PROXY=https://proxy.example.com:443"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"
```
4. Flush changes and restart Docker
```bash
sudo systemctl daemon-reload
sudo systemctl restart docker
```
5. Verify that the configuration has been loaded and matches the changes you
made, for example:
```bash
sudo systemctl show --property=Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:80 HTTPS_PROXY=https://proxy.example.com:443 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp
```
</div>
<div id="rootless" class="tab-pane fade in" markdown="1">
1. Create a systemd drop-in directory for the docker service:
```bash
mkdir -p ~/.config/systemd/user/docker.service.d
```
2. Create a file named `~/.config/systemd/user/docker.service.d/http-proxy.conf`
that adds the `HTTP_PROXY` environment variable:
```conf
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
```
If you are behind an HTTPS proxy server, set the `HTTPS_PROXY` environment
variable:
```conf
[Service]
Environment="HTTPS_PROXY=https://proxy.example.com:443"
```
Multiple environment variables can be set; to set both a non-HTTPS and
a HTTPs proxy;
```conf
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
Environment="HTTPS_PROXY=https://proxy.example.com:443"
```
3. If you have internal Docker registries that you need to contact without
proxying, you can specify them via the `NO_PROXY` environment variable.
The `NO_PROXY` variable specifies a string that contains comma-separated
values for hosts that should be excluded from proxying. These are the
options you can specify to exclude hosts:
* IP address prefix (`1.2.3.4`)
* Domain name, or a special DNS label (`*`)
* A domain name matches that name and all subdomains. A domain name with
a leading "." matches subdomains only. For example, given the domains
`foo.example.com` and `example.com`:
* `example.com` matches `example.com` and `foo.example.com`, and
* `.example.com` matches only `foo.example.com`
* A single asterisk (`*`) indicates that no proxying should be done
* Literal port numbers are accepted by IP address prefixes (`1.2.3.4:80`)
and domain names (`foo.example.com:80`)
Config example:
```conf
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80"
Environment="HTTPS_PROXY=https://proxy.example.com:443"
Environment="NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp"
```
4. Flush changes and restart Docker
```bash
systemctl --user daemon-reload
systemctl --user restart docker
```
5. Verify that the configuration has been loaded and matches the changes you
made, for example:
```bash
systemctl --user show --property=Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:80 HTTPS_PROXY=https://proxy.example.com:443 NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp
```
</div>
</div> <!-- tab-content -->
## Configure where the Docker daemon listens for connections
See
[Configure where the Docker daemon listens for connections](../../engine/install/linux-postinstall.md#control-where-the-docker-daemon-listens-for-connections).
## Manually create the systemd unit files
When installing the binary without a package, you may want
to integrate Docker with systemd. For this, install the two unit files
(`service` and `socket`) from [the github repository](https://github.com/moby/moby/tree/master/contrib/init/systemd)
to `/etc/systemd/system`.