1. Brief introduction

  • The Remote API has replaced rcli.
  • The daemon listens on unix:///var/run/docker.sock but you can Bind Docker to another host/port or a Unix socket.
  • The API tends to be REST. However, for some complex commands, like attach or pull, the HTTP connection is hijacked to transport stdoutstdin and stderr.
  • When the client API version is newer than the daemon’s, these calls return an HTTP 400 Bad Request error message.

2. Errors

The Remote API uses standard HTTP status codes to indicate the success or failure of the API call. The body of the response will be JSON in the following format:

{
"message": "page not found"
}

The status codes that are returned for each endpoint are specified in the endpoint documentation below.

3. Endpoints

3.1 Containers

List containers

GET /containers/json

List containers

Example request:

GET /containers/json?all=1&before=8dfafdbc3a40&size=1 HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json [
{
"Id": "8dfafdbc3a40",
"Names":["/boring_feynman"],
"Image": "ubuntu:latest",
"ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
"Command": "echo 1",
"Created": 1367854155,
"State": "Exited",
"Status": "Exit 0",
"Ports": [{"PrivatePort": 2222, "PublicPort": 3333, "Type": "tcp"}],
"Labels": {
"com.example.vendor": "Acme",
"com.example.license": "GPL",
"com.example.version": "1.0"
},
"SizeRw": 12288,
"SizeRootFs": 0,
"HostConfig": {
"NetworkMode": "default"
},
"NetworkSettings": {
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
"EndpointID": "2cdc4edb1ded3631c81f57966563e5c8525b81121bb3706a9a9a3ae102711f3f",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
},
"Mounts": [
{
"Name": "fac362...80535",
"Source": "/data",
"Destination": "/data",
"Driver": "local",
"Mode": "ro,Z",
"RW": false,
"Propagation": ""
}
]
},
{
"Id": "9cd87474be90",
"Names":["/coolName"],
"Image": "ubuntu:latest",
"ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
"Command": "echo 222222",
"Created": 1367854155,
"State": "Exited",
"Status": "Exit 0",
"Ports": [],
"Labels": {},
"SizeRw": 12288,
"SizeRootFs": 0,
"HostConfig": {
"NetworkMode": "default"
},
"NetworkSettings": {
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
"EndpointID": "88eaed7b37b38c2a3f0c4bc796494fdf51b270c2d22656412a2ca5d559a64d7a",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.8",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:08"
}
}
},
"Mounts": []
},
{
"Id": "3176a2479c92",
"Names":["/sleepy_dog"],
"Image": "ubuntu:latest",
"ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
"Command": "echo 3333333333333333",
"Created": 1367854154,
"State": "Exited",
"Status": "Exit 0",
"Ports":[],
"Labels": {},
"SizeRw":12288,
"SizeRootFs":0,
"HostConfig": {
"NetworkMode": "default"
},
"NetworkSettings": {
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
"EndpointID": "8b27c041c30326d59cd6e6f510d4f8d1d570a228466f956edf7815508f78e30d",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.6",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:06"
}
}
},
"Mounts": []
},
{
"Id": "4cb07b47f9fb",
"Names":["/running_cat"],
"Image": "ubuntu:latest",
"ImageID": "d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82",
"Command": "echo 444444444444444444444444444444444",
"Created": 1367854152,
"State": "Exited",
"Status": "Exit 0",
"Ports": [],
"Labels": {},
"SizeRw": 12288,
"SizeRootFs": 0,
"HostConfig": {
"NetworkMode": "default"
},
"NetworkSettings": {
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
"EndpointID": "d91c7b2f0644403d7ef3095985ea0e2370325cd2332ff3a3225c4247328e66e9",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.5",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:05"
}
}
},
"Mounts": []
}
]

Query parameters:

  • all – 1/True/true or 0/False/false, Show all containers. Only running containers are shown by default (i.e., this defaults to false)
  • limit – Show limit last created containers, include non-running ones.
  • since – Show only containers created since Id, include non-running ones.
  • before – Show only containers created before Id, include non-running ones.
  • size – 1/True/true or 0/False/false, Show the containers sizes
  • filters - a JSON encoded value of the filters (a map[string][]string) to process on the containers list. Available filters:
    • exited=<int>; -- containers with exit code of <int> ;
    • status=(created|restarting|running|paused|exited|dead)
    • label=key or label="key=value" of a container label
    • isolation=(default|process|hyperv) (Windows daemon only)
    • ancestor=(<image-name>[:<tag>]<image id> or <image@digest>)
    • before=(<container id> or <container name>)
    • since=(<container id> or <container name>)
    • volume=(<volume name> or <mount point destination>)
    • network=(<network id> or <network name>)

Status codes:

  • 200 – no error
  • 400 – bad parameter
  • 500 – server error

Create a container

POST /containers/create

Create a container

Example request:

POST /containers/create HTTP/1.1
Content-Type: application/json {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"FOO=bar",
"BAZ=quux"
],
"Cmd": [
"date"
],
"Entrypoint": "",
"Image": "ubuntu",
"Labels": {
"com.example.vendor": "Acme",
"com.example.license": "GPL",
"com.example.version": "1.0"
},
"Volumes": {
"/volumes/data": {}
},
"WorkingDir": "",
"NetworkDisabled": false,
"MacAddress": "12:34:56:78:9a:bc",
"ExposedPorts": {
"22/tcp": {}
},
"StopSignal": "SIGTERM",
"HostConfig": {
"Binds": ["/tmp:/tmp"],
"Links": ["redis3:redis"],
"Memory": 0,
"MemorySwap": 0,
"MemoryReservation": 0,
"KernelMemory": 0,
"CpuPercent": 80,
"CpuShares": 512,
"CpuPeriod": 100000,
"CpuQuota": 50000,
"CpusetCpus": "0,1",
"CpusetMems": "0,1",
"MaximumIOps": 0,
"MaximumIOBps": 0,
"BlkioWeight": 300,
"BlkioWeightDevice": [{}],
"BlkioDeviceReadBps": [{}],
"BlkioDeviceReadIOps": [{}],
"BlkioDeviceWriteBps": [{}],
"BlkioDeviceWriteIOps": [{}],
"MemorySwappiness": 60,
"OomKillDisable": false,
"OomScoreAdj": 500,
"PidMode": "",
"PidsLimit": -1,
"PortBindings": { "22/tcp": [{ "HostPort": "11022" }] },
"PublishAllPorts": false,
"Privileged": false,
"ReadonlyRootfs": false,
"Dns": ["8.8.8.8"],
"DnsOptions": [""],
"DnsSearch": [""],
"ExtraHosts": null,
"VolumesFrom": ["parent", "other:ro"],
"CapAdd": ["NET_ADMIN"],
"CapDrop": ["MKNOD"],
"GroupAdd": ["newgroup"],
"RestartPolicy": { "Name": "", "MaximumRetryCount": 0 },
"NetworkMode": "bridge",
"Devices": [],
"Ulimits": [{}],
"LogConfig": { "Type": "json-file", "Config": {} },
"SecurityOpt": [],
"StorageOpt": {},
"CgroupParent": "",
"VolumeDriver": "",
"ShmSize": 67108864
},
"NetworkingConfig": {
"EndpointsConfig": {
"isolated_nw" : {
"IPAMConfig": {
"IPv4Address":"172.20.30.33",
"IPv6Address":"2001:db8:abcd::3033",
"LinkLocalIPs:["169.254.34.68", "fe80::3468"]
},
"Links":["container_1", "container_2"],
"Aliases":["server_x", "server_y"]
}
}
}

Example response:

  HTTP/1.1 201 Created
Content-Type: application/json {
"Id":"e90e34656806",
"Warnings":[]
}

JSON parameters:

  • Hostname  -主机名-包含主机名使用集装箱的字符串值  A string value containing the hostname to use for the container. This must be a valid RFC 1123 hostname.
  • Domainname - 域名-包含用于容器的域名称的字符串值 A string value containing the domain name to use for the container.
  • User - 指定容器内的用户 A string value specifying the user inside the container.
  • AttachStdin - 布尔值,开放输入 Boolean value, attaches to stdin.
  • AttachStdout - 布尔值,高度标准 Boolean value, attaches to stdout.
  • AttachStderr - 布尔值, Boolean value, attaches to stderr.
  • Tty - 布尔值,附加标准流到终端 Boolean value, Attach standard streams to a tty, including stdin if it is not closed.
  • OpenStdin - 布尔值,打开标准输入 Boolean value, opens stdin,
  • StdinOnce -布尔值,1连接的客户端断开后关闭标准输入  Boolean value, close stdin after the 1 attached client disconnects.
  • Env - 环境变量列表 A list of environment variables in the form of ["VAR=value"[,"VAR2=value2"]]
  • Labels - 添加一个标签到容器 Adds a map of labels to a container. To specify a map: {"key":"value"[,"key2":"value2"]}
  • Cmd - 指定为字符串命令 Command to run specified as a string or an array of strings.
  • Entrypoint 指定字符串命令所在目录 - Set the entry point for the container as a string or an array of strings.
  • Image - 所属镜像 A string specifying the image name to use for the container.
  • Volumes - 容器安装路径 An object mapping mount point paths (strings) inside the container to empty objects.
  • WorkingDir - 字符串指定运行命令的工作目录 A string specifying the working directory for commands to run in.
  • NetworkDisabled - 布尔值,是否正禁用网络 Boolean value, when true disables networking for the container
  • ExposedPorts - 端口映射 An object mapping ports to an empty object in the form of: "ExposedPorts": { "<port>/<tcp|udp>: {}" }
  • StopSignal - 停止容器信号 Signal to stop a container as a string or unsigned integer. SIGTERM by default.
  • HostConfig
    • Binds – A list of volume bindings for this container. Each volume binding is a string in one of these forms:

      • host_path:container_path to bind-mount a host path into the container
      • host_path:container_path:ro to make the bind-mount read-only inside the container.
      • volume_name:container_path to bind-mount a volume managed by a volume plugin into the container.
      • volume_name:container_path:ro to make the bind mount read-only inside the container.
    • Links - 容器的链接列表 A list of links for the container. Each link entry should be in the form of container_name:alias.
    • Memory - 内存-字节的内存限制 Memory limit in bytes.
    • MemorySwap - 总内存限制(内存+交换) Total memory limit (memory + swap); set -1 to enable unlimited swap. You must use this with memory and make the swap value larger than memory.
    • MemoryReservation - 内存软限制的字节数 Memory soft limit in bytes.
    • KernelMemory - 内核内存限制的字节数 Kernel memory limit in bytes.
    • CpuPercent - 可用CPU百分比整数 An integer value containing the usable percentage of the available CPUs. (Windows daemon only)
    • CpuShares - 容器的CPU比例 整型值 An integer value containing the container’s CPU Shares (ie. the relative weight vs other containers).
    • CpuPeriod - 点用CPU周期的长度 The length of a CPU period in microseconds.
    • CpuQuota - 微秒,容器可以使用的CPU周期 Microseconds of CPU time that the container can get in a CPU period.
    • CpusetCpus - String value containing the cgroups CpusetCpus to use.
    • CpusetMems - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.
    • MaximumIOps - Maximum IO absolute rate in terms of IOps.
    • MaximumIOBps - Maximum IO absolute rate in terms of bytes per second.
    • BlkioWeight - Block IO weight (relative weight) accepts a weight value between 10 and 1000.
    • BlkioWeightDevice - Block IO weight (relative device weight) in the form of: "BlkioWeightDevice": [{"Path": "device_path", "Weight": weight}]
    • BlkioDeviceReadBps - Limit read rate (bytes per second) from a device in the form of: "BlkioDeviceReadBps": [{"Path": "device_path", "Rate": rate}], for example: "BlkioDeviceReadBps": [{"Path": "/dev/sda", "Rate": "1024"}]"
    • BlkioDeviceWriteBps - Limit write rate (bytes per second) to a device in the form of: "BlkioDeviceWriteBps": [{"Path": "device_path", "Rate": rate}], for example: "BlkioDeviceWriteBps": [{"Path": "/dev/sda", "Rate": "1024"}]"
    • BlkioDeviceReadIOps - Limit read rate (IO per second) from a device in the form of: "BlkioDeviceReadIOps": [{"Path": "device_path", "Rate": rate}], for example: "BlkioDeviceReadIOps": [{"Path": "/dev/sda", "Rate": "1000"}]
    • BlkioDeviceWiiteIOps - Limit write rate (IO per second) to a device in the form of: "BlkioDeviceWriteIOps": [{"Path": "device_path", "Rate": rate}], for example: "BlkioDeviceWriteIOps": [{"Path": "/dev/sda", "Rate": "1000"}]
    • MemorySwappiness - Tune a container’s memory swappiness behavior. Accepts an integer between 0 and 100.
    • OomKillDisable - Boolean value, whether to disable OOM Killer for the container or not.
    • OomScoreAdj - An integer value containing the score given to the container in order to tune OOM killer preferences.
    • PidMode - Set the PID (Process) Namespace mode for the container; "container:<name|id>": joins another container’s PID namespace "host": use the host’s PID namespace inside the container
    • PidsLimit - Tune a container’s pids limit. Set -1 for unlimited.
    • PortBindings - A map of exposed container ports and the host port they should map to. A JSON object in the form { <port>/<protocol>: [{ "HostPort": "<port>" }] } Take note that port is specified as a string and not an integer value.
    • PublishAllPorts - Allocates a random host port for all of a container’s exposed ports. Specified as a boolean value.
    • Privileged - Gives the container full access to the host. Specified as a boolean value.
    • ReadonlyRootfs - Mount the container’s root filesystem as read only. Specified as a boolean value.
    • Dns - A list of DNS servers for the container to use.
    • DnsOptions - A list of DNS options
    • DnsSearch - A list of DNS search domains
    • ExtraHosts - A list of hostnames/IP mappings to add to the container’s /etc/hosts file. Specified in the form["hostname:IP"].
    • VolumesFrom - A list of volumes to inherit from another container. Specified in the form <container name>[:<ro|rw>]
    • CapAdd - A list of kernel capabilities to add to the container.
    • Capdrop - A list of kernel capabilities to drop from the container.
    • GroupAdd - A list of additional groups that the container process will run as
    • RestartPolicy – The behavior to apply when the container exits. The value is an object with a Name property of either"always" to always restart, "unless-stopped" to restart always except when user has manually stopped the container or"on-failure" to restart only when the container exit code is non-zero. If on-failure is used, MaximumRetryCountcontrols the number of times to retry before giving up. The default is not to restart. (optional) An ever increasing delay (double the previous delay, starting at 100mS) is added before each restart to prevent flooding the server.
    • UsernsMode - Sets the usernamespace mode for the container when usernamespace remapping option is enabled. supported values are: host.
    • NetworkMode - Sets the networking mode for the container. Supported standard values are: bridgehostnone, andcontainer:<name|id>. Any other value is taken as a custom network’s name to which this container should connect to.
    • Devices - A list of devices to add to the container specified as a JSON object in the form { "PathOnHost": "/dev/deviceName", "PathInContainer": "/dev/deviceName", "CgroupPermissions": "mrw"}
    • Ulimits - A list of ulimits to set in the container, specified as { "Name": <name>, "Soft": <soft limit>, "Hard": <hard limit> }, for example: Ulimits: { "Name": "nofile", "Soft": 1024, "Hard": 2048 }
    • Sysctls - A list of kernel parameters (sysctls) to set in the container, specified as { <name>: <Value> }, for example: { "net.ipv4.ip_forward": "1" }
    • SecurityOpt: A list of string values to customize labels for MLS systems, such as SELinux.
    • StorageOpt: Storage driver options per container. Options can be passed in the form {"size":"120G"}
    • LogConfig - Log configuration for the container, specified as a JSON object in the form { "Type": "<driver_name>", "Config": {"key1": "val1"}}. Available types: json-filesyslogjournaldgelffluentdawslogssplunk,etwlogsnonejson-file logging driver.
    • CgroupParent - Path to cgroups under which the container’s cgroup is created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups are created if they do not already exist.
    • VolumeDriver - Driver that this container users to mount volumes.
    • ShmSize - Size of /dev/shm in bytes. The size must be greater than 0. If omitted the system uses 64MB.

Query parameters:

  • name – Assign the specified name to the container. Must match /?[a-zA-Z0-9_-]+.

Status codes:

  • 201 – no error
  • 400 – bad parameter
  • 404 – no such container
  • 406 – impossible to attach (container not running)
  • 409 – conflict
  • 500 – server error

Inspect a container

GET /containers/(id or name)/json

Return low-level information on the container id

Example request:

  GET /containers/4fa6e0f0c678/json HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"AppArmorProfile": "",
"Args": [
"-c",
"exit 9"
],
"Config": {
"AttachStderr": true,
"AttachStdin": false,
"AttachStdout": true,
"Cmd": [
"/bin/sh",
"-c",
"exit 9"
],
"Domainname": "",
"Entrypoint": null,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"ExposedPorts": null,
"Hostname": "ba033ac44011",
"Image": "ubuntu",
"Labels": {
"com.example.vendor": "Acme",
"com.example.license": "GPL",
"com.example.version": "1.0"
},
"MacAddress": "",
"NetworkDisabled": false,
"OnBuild": null,
"OpenStdin": false,
"StdinOnce": false,
"Tty": false,
"User": "",
"Volumes": {
"/volumes/data": {}
},
"WorkingDir": "",
"StopSignal": "SIGTERM"
},
"Created": "2015-01-06T15:47:31.485331387Z",
"Driver": "devicemapper",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"MaximumIOps": 0,
"MaximumIOBps": 0,
"BlkioWeight": 0,
"BlkioWeightDevice": [{}],
"BlkioDeviceReadBps": [{}],
"BlkioDeviceWriteBps": [{}],
"BlkioDeviceReadIOps": [{}],
"BlkioDeviceWriteIOps": [{}],
"CapAdd": null,
"CapDrop": null,
"ContainerIDFile": "",
"CpusetCpus": "",
"CpusetMems": "",
"CpuPercent": 80,
"CpuShares": 0,
"CpuPeriod": 100000,
"Devices": [],
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"ExtraHosts": null,
"IpcMode": "",
"Links": null,
"LxcConf": [],
"Memory": 0,
"MemorySwap": 0,
"MemoryReservation": 0,
"KernelMemory": 0,
"OomKillDisable": false,
"OomScoreAdj": 500,
"NetworkMode": "bridge",
"PidMode": "",
"PortBindings": {},
"Privileged": false,
"ReadonlyRootfs": false,
"PublishAllPorts": false,
"RestartPolicy": {
"MaximumRetryCount": 2,
"Name": "on-failure"
},
"LogConfig": {
"Config": null,
"Type": "json-file"
},
"SecurityOpt": null,
"Sysctls": {
"net.ipv4.ip_forward": "1"
},
"StorageOpt": null,
"VolumesFrom": null,
"Ulimits": [{}],
"VolumeDriver": "",
"ShmSize": 67108864
},
"HostnamePath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hostname",
"HostsPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/hosts",
"LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log",
"Id": "ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39",
"Image": "04c5d3b7b0656168630d3ba35d8889bd0e9caafcaeb3004d2bfbc47e7c5d35d2",
"MountLabel": "",
"Name": "/boring_euclid",
"NetworkSettings": {
"Bridge": "",
"SandboxID": "",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": null,
"SandboxKey": "",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"bridge": {
"NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812",
"EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:02"
}
}
},
"Path": "/bin/sh",
"ProcessLabel": "",
"ResolvConfPath": "/var/lib/docker/containers/ba033ac4401106a3b513bc9d639eee123ad78ca3616b921167cd74b20e25ed39/resolv.conf",
"RestartCount": 1,
"State": {
"Error": "",
"ExitCode": 9,
"FinishedAt": "2015-01-06T15:47:32.080254511Z",
"OOMKilled": false,
"Dead": false,
"Paused": false,
"Pid": 0,
"Restarting": false,
"Running": true,
"StartedAt": "2015-01-06T15:47:32.072697474Z",
"Status": "running"
},
"Mounts": [
{
"Name": "fac362...80535",
"Source": "/data",
"Destination": "/data",
"Driver": "local",
"Mode": "ro,Z",
"RW": false,
"Propagation": ""
}
]
}

Example request, with size information:

GET /containers/4fa6e0f0c678/json?size=1 HTTP/1.1

Example response, with size information:

HTTP/1.1 200 OK
Content-Type: application/json {
....
"SizeRw": 0,
"SizeRootFs": 972,
....
}

Query parameters:

  • size – 1/True/true or 0/False/false, return container size information. Default is false.

Status codes:

  • 200 – no error
  • 404 – no such container
  • 500 – server error

List processes running inside a container

GET /containers/(id or name)/top

List processes running inside the container id. On Unix systems this is done by running the ps command. This endpoint is not supported on Windows.

Example request:

GET /containers/4fa6e0f0c678/top HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"Titles" : [
"UID", "PID", "PPID", "C", "STIME", "TTY", "TIME", "CMD"
],
"Processes" : [
[
"root", "13642", "882", "0", "17:03", "pts/0", "00:00:00", "/bin/bash"
],
[
"root", "13735", "13642", "0", "17:06", "pts/0", "00:00:00", "sleep 10"
]
]
}

Example request:

GET /containers/4fa6e0f0c678/top?ps_args=aux HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"Titles" : [
"USER","PID","%CPU","%MEM","VSZ","RSS","TTY","STAT","START","TIME","COMMAND"
]
"Processes" : [
[
"root","13642","0.0","0.1","18172","3184","pts/0","Ss","17:03","0:00","/bin/bash"
],
[
"root","13895","0.0","0.0","4348","692","pts/0","S+","17:15","0:00","sleep 10"
]
],
}

Query parameters:

  • ps_args – ps arguments to use (e.g., aux), defaults to -ef

Status codes:

  • 200 – no error
  • 404 – no such container
  • 500 – server error

Get container logs

GET /containers/(id or name)/logs

Get stdout and stderr logs from the container id

Note: This endpoint works only for containers with the json-file or journald logging drivers.

Example request:

 GET /containers/4fa6e0f0c678/logs?stderr=1&stdout=1&timestamps=1&follow=1&tail=10&since=1428990821 HTTP/1.1

Example response:

 HTTP/1.1 101 UPGRADED
Content-Type: application/vnd.docker.raw-stream
Connection: Upgrade
Upgrade: tcp {{ STREAM }}

Query parameters:

  • details - 1/True/true or 0/False/flase, Show extra details provided to logs. Default false.
  • follow – 1/True/true or 0/False/false, return stream. Default false.
  • stdout – 1/True/true or 0/False/false, show stdout log. Default false.
  • stderr – 1/True/true or 0/False/false, show stderr log. Default false.
  • since – UNIX timestamp (integer) to filter logs. Specifying a timestamp will only output log-entries since that timestamp. Default: 0 (unfiltered)
  • timestamps – 1/True/true or 0/False/false, print timestamps for every log line. Default false.
  • tail – Output specified number of lines at the end of logs: all or <number>. Default all.

Status codes:

  • 101 – no error, hints proxy about hijacking
  • 200 – no error, no upgrade header found
  • 404 – no such container
  • 500 – server error

Inspect changes on a container’s filesystem

GET /containers/(id or name)/changes

Inspect changes on container id’s filesystem

Example request:

GET /containers/4fa6e0f0c678/changes HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json [
{
"Path": "/dev",
"Kind": 0
},
{
"Path": "/dev/kmsg",
"Kind": 1
},
{
"Path": "/test",
"Kind": 1
}
]

Values for Kind:

  • 0: Modify
  • 1: Add
  • 2: Delete

Status codes:

  • 200 – no error
  • 404 – no such container
  • 500 – server error

Export a container

GET /containers/(id or name)/export

Export the contents of container id

Example request:

GET /containers/4fa6e0f0c678/export HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/octet-stream {{ TAR STREAM }}

Status codes:

  • 200 – no error
  • 404 – no such container
  • 500 – server error

Get container stats based on resource usage

GET /containers/(id or name)/stats

This endpoint returns a live stream of a container’s resource usage statistics.

Example request:

GET /containers/redis1/stats HTTP/1.1

Example response:

  HTTP/1.1 200 OK
Content-Type: application/json {
"read" : "2015-01-08T22:57:31.547920715Z",
"pids_stats": {
"current": 3
},
"networks": {
"eth0": {
"rx_bytes": 5338,
"rx_dropped": 0,
"rx_errors": 0,
"rx_packets": 36,
"tx_bytes": 648,
"tx_dropped": 0,
"tx_errors": 0,
"tx_packets": 8
},
"eth5": {
"rx_bytes": 4641,
"rx_dropped": 0,
"rx_errors": 0,
"rx_packets": 26,
"tx_bytes": 690,
"tx_dropped": 0,
"tx_errors": 0,
"tx_packets": 9
}
},
"memory_stats" : {
"stats" : {
"total_pgmajfault" : 0,
"cache" : 0,
"mapped_file" : 0,
"total_inactive_file" : 0,
"pgpgout" : 414,
"rss" : 6537216,
"total_mapped_file" : 0,
"writeback" : 0,
"unevictable" : 0,
"pgpgin" : 477,
"total_unevictable" : 0,
"pgmajfault" : 0,
"total_rss" : 6537216,
"total_rss_huge" : 6291456,
"total_writeback" : 0,
"total_inactive_anon" : 0,
"rss_huge" : 6291456,
"hierarchical_memory_limit" : 67108864,
"total_pgfault" : 964,
"total_active_file" : 0,
"active_anon" : 6537216,
"total_active_anon" : 6537216,
"total_pgpgout" : 414,
"total_cache" : 0,
"inactive_anon" : 0,
"active_file" : 0,
"pgfault" : 964,
"inactive_file" : 0,
"total_pgpgin" : 477
},
"max_usage" : 6651904,
"usage" : 6537216,
"failcnt" : 0,
"limit" : 67108864
},
"blkio_stats" : {},
"cpu_stats" : {
"cpu_usage" : {
"percpu_usage" : [
8646879,
24472255,
36438778,
30657443
],
"usage_in_usermode" : 50000000,
"total_usage" : 100215355,
"usage_in_kernelmode" : 30000000
},
"system_cpu_usage" : 739306590000000,
"throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
},
"precpu_stats" : {
"cpu_usage" : {
"percpu_usage" : [
8646879,
24350896,
36438778,
30657443
],
"usage_in_usermode" : 50000000,
"total_usage" : 100093996,
"usage_in_kernelmode" : 30000000
},
"system_cpu_usage" : 9492140000000,
"throttling_data" : {"periods":0,"throttled_periods":0,"throttled_time":0}
}
}

The precpu_stats is the cpu statistic of last read, which is used for calculating the cpu usage percent. It is not the exact copy of the “cpu_stats” field.

Query parameters:

  • stream – 1/True/true or 0/False/false, pull stats once then disconnect. Default true.

Status codes:

  • 200 – no error
  • 404 – no such container
  • 500 – server error

Resize a container TTY

POST /containers/(id or name)/resize

Resize the TTY for container with id. The unit is number of characters. You must restart the container for the resize to take effect.

Example request:

  POST /containers/4fa6e0f0c678/resize?h=40&w=80 HTTP/1.1

Example response:

  HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8

Query parameters:

  • h – height of tty session
  • w – width

Status codes:

  • 200 – no error
  • 404 – No such container
  • 500 – Cannot resize container

Start a container

POST /containers/(id or name)/start

Start the container id

Example request:

POST /containers/e90e34656806/start HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Query parameters:

  • detachKeys – Override the key sequence for detaching a container. Format is a single character [a-Z] or ctrl-<value>where <value> is one of: a-z@^[, or _.

Status codes:

  • 204 – no error
  • 304 – container already started
  • 404 – no such container
  • 500 – server error

Stop a container

POST /containers/(id or name)/stop

Stop the container id

Example request:

POST /containers/e90e34656806/stop?t=5 HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Query parameters:

  • t – number of seconds to wait before killing the container

Status codes:

  • 204 – no error
  • 304 – container already stopped
  • 404 – no such container
  • 500 – server error

Restart a container

POST /containers/(id or name)/restart

Restart the container id

Example request:

POST /containers/e90e34656806/restart?t=5 HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Query parameters:

  • t – number of seconds to wait before killing the container

Status codes:

  • 204 – no error
  • 404 – no such container
  • 500 – server error

Kill a container

POST /containers/(id or name)/kill

Kill the container id

Example request:

POST /containers/e90e34656806/kill HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Query parameters:

  • signal - Signal to send to the container: integer or string like SIGINT. When not set, SIGKILL is assumed and the call waits for the container to exit.

Status codes:

  • 204 – no error
  • 404 – no such container
  • 500 – server error

Update a container

POST /containers/(id or name)/update

Update configuration of one or more containers.

Example request:

   POST /containers/e90e34656806/update HTTP/1.1
Content-Type: application/json {
"BlkioWeight": 300,
"CpuShares": 512,
"CpuPeriod": 100000,
"CpuQuota": 50000,
"CpusetCpus": "0,1",
"CpusetMems": "0",
"Memory": 314572800,
"MemorySwap": 514288000,
"MemoryReservation": 209715200,
"KernelMemory": 52428800,
"RestartPolicy": {
"MaximumRetryCount": 4,
"Name": "on-failure"
},
}

Example response:

   HTTP/1.1 200 OK
Content-Type: application/json {
"Warnings": []
}

Status codes:

  • 200 – no error
  • 400 – bad parameter
  • 404 – no such container
  • 500 – server error

Rename a container

POST /containers/(id or name)/rename

Rename the container id to a new_name

Example request:

POST /containers/e90e34656806/rename?name=new_name HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Query parameters:

  • name – new name for the container

Status codes:

  • 204 – no error
  • 404 – no such container
  • 409 - conflict name already assigned
  • 500 – server error

Pause a container

POST /containers/(id or name)/pause

Pause the container id

Example request:

POST /containers/e90e34656806/pause HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Status codes:

  • 204 – no error
  • 404 – no such container
  • 500 – server error

Unpause a container

POST /containers/(id or name)/unpause

Unpause the container id

Example request:

POST /containers/e90e34656806/unpause HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Status codes:

  • 204 – no error
  • 404 – no such container
  • 500 – server error

Attach to a container

POST /containers/(id or name)/attach

Attach to the container id

Example request:

POST /containers/16253994b7c4/attach?logs=1&stream=0&stdout=1 HTTP/1.1

Example response:

HTTP/1.1 101 UPGRADED
Content-Type: application/vnd.docker.raw-stream
Connection: Upgrade
Upgrade: tcp {{ STREAM }}

Query parameters:

  • detachKeys – Override the key sequence for detaching a container. Format is a single character [a-Z] or ctrl-<value>where <value> is one of: a-z@^[, or _.
  • logs – 1/True/true or 0/False/false, return logs. Default false.
  • stream – 1/True/true or 0/False/false, return stream. Default false.
  • stdin – 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false.
  • stdout – 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false.
  • stderr – 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false.

Status codes:

  • 101 – no error, hints proxy about hijacking
  • 200 – no error, no upgrade header found
  • 400 – bad parameter
  • 404 – no such container
  • 500 – server error

    Stream details:

    When using the TTY setting is enabled in POST /containers/create, the stream is the raw data from the process PTY and client’s stdin. When the TTY is disabled, then the stream is multiplexed to separate stdout and stderr.

    The format is a Header and a Payload (frame).

    HEADER

    The header contains the information which the stream writes (stdout or stderr). It also contains the size of the associated frame encoded in the last four bytes (uint32).

    It is encoded on the first eight bytes like this:

    header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}

    STREAM_TYPE can be:

  • 0: stdin (is written on stdout)

  • 1: stdout

  • 2: stderr

    SIZE1, SIZE2, SIZE3, SIZE4 are the four bytes of the uint32 size encoded as big endian.

    PAYLOAD

    The payload is the raw stream.

    IMPLEMENTATION

    The simplest way to implement the Attach protocol is the following:

    1. Read eight bytes.
    2. Choose stdout or stderr depending on the first byte.
    3. Extract the frame size from the last four bytes.
    4. Read the extracted size and output it on the correct output.
    5. Goto 1.

Attach to a container (websocket)

GET /containers/(id or name)/attach/ws

Attach to the container id via websocket

Implements websocket protocol handshake according to RFC 6455

Example request

GET /containers/e90e34656806/attach/ws?logs=0&stream=1&stdin=1&stdout=1&stderr=1 HTTP/1.1

Example response

{{ STREAM }}

Query parameters:

  • detachKeys – Override the key sequence for detaching a container. Format is a single character [a-Z] or ctrl-<value>where <value> is one of: a-z@^[, or _.
  • logs – 1/True/true or 0/False/false, return logs. Default false.
  • stream – 1/True/true or 0/False/false, return stream. Default false.
  • stdin – 1/True/true or 0/False/false, if stream=true, attach to stdin. Default false.
  • stdout – 1/True/true or 0/False/false, if logs=true, return stdout log, if stream=true, attach to stdout. Default false.
  • stderr – 1/True/true or 0/False/false, if logs=true, return stderr log, if stream=true, attach to stderr. Default false.

Status codes:

  • 200 – no error
  • 400 – bad parameter
  • 404 – no such container
  • 500 – server error

Wait a container

POST /containers/(id or name)/wait

Block until container id stops, then returns the exit code

Example request:

POST /containers/16253994b7c4/wait HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {"StatusCode": 0}

Status codes:

  • 200 – no error
  • 404 – no such container
  • 500 – server error

Remove a container

DELETE /containers/(id or name)

Remove the container id from the filesystem

Example request:

DELETE /containers/16253994b7c4?v=1 HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Query parameters:

  • v – 1/True/true or 0/False/false, Remove the volumes associated to the container. Default false.
  • force - 1/True/true or 0/False/false, Kill then remove the container. Default false.

Status codes:

  • 204 – no error
  • 400 – bad parameter
  • 404 – no such container
  • 409 – conflict
  • 500 – server error

Retrieving information about files and folders in a container

HEAD /containers/(id or name)/archive

See the description of the X-Docker-Container-Path-Stat header in the following section.

Get an archive of a filesystem resource in a container

GET /containers/(id or name)/archive

Get a tar archive of a resource in the filesystem of container id.

Query parameters:

  • path - resource in the container’s filesystem to archive. Required.

    If not an absolute path, it is relative to the container’s root directory. The resource specified by path must exist. To assert that the resource is expected to be a directory, path should end in / or /. (assuming a path separator of /). If path ends in /.then this indicates that only the contents of the path directory should be copied. A symlink is always resolved to its target.

    Note: It is not possible to copy certain system files such as resources under /proc/sys/dev, and mounts created by the user in the container.

Example request:

GET /containers/8cce319429b2/archive?path=/root HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/x-tar
X-Docker-Container-Path-Stat: eyJuYW1lIjoicm9vdCIsInNpemUiOjQwOTYsIm1vZGUiOjIxNDc0ODQwOTYsIm10aW1lIjoiMjAxNC0wMi0yN1QyMDo1MToyM1oiLCJsaW5rVGFyZ2V0IjoiIn0= {{ TAR STREAM }}

On success, a response header X-Docker-Container-Path-Stat will be set to a base64-encoded JSON object containing some filesystem header information about the archived resource. The above example value would decode to the following JSON object (whitespace added for readability):

{
"name": "root",
"size": 4096,
"mode": 2147484096,
"mtime": "2014-02-27T20:51:23Z",
"linkTarget": ""
}

HEAD request can also be made to this endpoint if only this information is desired.

Status codes:

  • 200 - success, returns archive of copied resource
  • 400 - client error, bad parameter, details in JSON response body, one of:
    • must specify path parameter (path cannot be empty)
    • not a directory (path was asserted to be a directory but exists as a file)
  • 404 - client error, resource not found, one of: – no such container (container id does not exist)
    • no such file or directory (path does not exist)
  • 500 - server error

Extract an archive of files or folders to a directory in a container

PUT /containers/(id or name)/archive

Upload a tar archive to be extracted to a path in the filesystem of container id.

Query parameters:

  • path - path to a directory in the container to extract the archive’s contents into. Required.

    If not an absolute path, it is relative to the container’s root directory. The path resource must exist.

  • noOverwriteDirNonDir - If “1”, “true”, or “True” then it will be an error if unpacking the given content would cause an existing directory to be replaced with a non-directory and vice versa.

Example request:

PUT /containers/8cce319429b2/archive?path=/vol1 HTTP/1.1
Content-Type: application/x-tar {{ TAR STREAM }}

Example response:

HTTP/1.1 200 OK

Status codes:

  • 200 – the content was extracted successfully
  • 400 - client error, bad parameter, details in JSON response body, one of:
    • must specify path parameter (path cannot be empty)
    • not a directory (path should be a directory but exists as a file)
    • unable to overwrite existing directory with non-directory (if noOverwriteDirNonDir)
    • unable to overwrite existing non-directory with directory (if noOverwriteDirNonDir)
  • 403 - client error, permission denied, the volume or container rootfs is marked as read-only.
  • 404 - client error, resource not found, one of: – no such container (container id does not exist)
    • no such file or directory (path resource does not exist)
  • 500 – server error

3.2 Images

List Images

GET /images/json

Example request:

GET /images/json?all=0 HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json [
{
"RepoTags": [
"ubuntu:12.04",
"ubuntu:precise",
"ubuntu:latest"
],
"Id": "8dbd9e392a964056420e5d58ca5cc376ef18e2de93b5cc90e868a1bbc8318c1c",
"Created": 1365714795,
"Size": 131506275,
"VirtualSize": 131506275,
"Labels": {}
},
{
"RepoTags": [
"ubuntu:12.10",
"ubuntu:quantal"
],
"ParentId": "27cf784147099545",
"Id": "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc",
"Created": 1364102658,
"Size": 24653,
"VirtualSize": 180116135,
"Labels": {
"com.example.version": "v1"
}
}
]

Example request, with digest information:

GET /images/json?digests=1 HTTP/1.1

Example response, with digest information:

HTTP/1.1 200 OK
Content-Type: application/json [
{
"Created": 1420064636,
"Id": "4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125",
"ParentId": "ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2",
"RepoDigests": [
"localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
],
"RepoTags": [
"localhost:5000/test/busybox:latest",
"playdate:latest"
],
"Size": 0,
"VirtualSize": 2429728,
"Labels": {}
}
]

The response shows a single image Id associated with two repositories (RepoTags): localhost:5000/test/busybox: andplaydate. A caller can use either of the RepoTags values localhost:5000/test/busybox:latest or playdate:latest to reference the image.

You can also use RepoDigests values to reference an image. In this response, the array has only one reference and that is to thelocalhost:5000/test/busybox repository; the playdate repository has no digest. You can reference this digest using the value:localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d...

See the docker run and docker build commands for examples of digest and tag references on the command line.

Query parameters:

  • all – 1/True/true or 0/False/false, default false
  • filters – a JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:
    • dangling=true
    • label=key or label="key=value" of an image label
    • before=(<image-name>[:<tag>]<image id> or <image@digest>)
    • since=(<image-name>[:<tag>]<image id> or <image@digest>)
  • filter - only return images with the specified name

Build image from a Dockerfile

POST /build

Build an image from a Dockerfile

Example request:

POST /build HTTP/1.1

{{ TAR STREAM }}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {"stream": "Step 1..."}
{"stream": "..."}
{"error": "Error...", "errorDetail": {"code": 123, "message": "Error..."}}

The input stream must be a tar archive compressed with one of the following algorithms: identity (no compression), gzip,bzip2xz.

The archive must include a build instructions file, typically called Dockerfile at the archive’s root. The dockerfile parameter may be used to specify a different build instructions file. To do this, its value must be the path to the alternate build instructions file to use.

The archive may include any number of other files, which are accessible in the build context (See the ADD build command).

The build is canceled if the client drops the connection by quitting or being killed.

Query parameters:

  • dockerfile - Path within the build context to the Dockerfile. This is ignored if remote is specified and points to an individual filename.
  • t – A name and optional tag to apply to the image in the name:tag format. If you omit the tag the default latest value is assumed. You can provide one or more t parameters.
  • remote – A Git repository URI or HTTP/HTTPS URI build source. If the URI specifies a filename, the file’s contents are placed into a file called Dockerfile.
  • q – Suppress verbose build output.
  • nocache – Do not use the cache when building the image.
  • pull - Attempt to pull the image even if an older image exists locally.
  • rm - Remove intermediate containers after a successful build (default behavior).
  • forcerm - Always remove intermediate containers (includes rm).
  • memory - Set memory limit for build.
  • memswap - Total memory (memory + swap), -1 to enable unlimited swap.
  • cpushares - CPU shares (relative weight).
  • cpusetcpus - CPUs in which to allow execution (e.g., 0-30,1).
  • cpuperiod - The length of a CPU period in microseconds.
  • cpuquota - Microseconds of CPU time that the container can get in a CPU period.
  • buildargs – JSON map of string pairs for build-time variables. Users pass these values at build-time. Docker uses thebuildargs as the environment context for command(s) run via the Dockerfile’s RUN instruction or for variable expansion in other Dockerfile instructions. This is not meant for passing secret values. Read more about the buildargs instruction
  • shmsize - Size of /dev/shm in bytes. The size must be greater than 0. If omitted the system uses 64MB.
  • labels – JSON map of string pairs for labels to set on the image.

    Request Headers:

  • Content-type – Set to "application/tar".

  • X-Registry-Config – A base64-url-safe-encoded Registry Auth Config JSON object with the following structure:

        {
    "docker.example.com": {
    "username": "janedoe",
    "password": "hunter2"
    },
    "https://index.docker.io/v1/": {
    "username": "mobydock",
    "password": "conta1n3rize14"
    }
    }

    This object maps the hostname of a registry to an object containing the “username” and “password” for that registry. Multiple registries may be specified as the build may be based on an image requiring authentication to pull from any arbitrary registry. Only the registry domain name (and port if not the default “443”) are required. However (for legacy reasons) the “official” Docker, Inc. hosted registry must be specified with both a “https://” prefix and a “/v1/” suffix even though Docker will prefer to use the v2 registry API.

Status codes:

  • 200 – no error
  • 500 – server error

Create an image

POST /images/create

Create an image either by pulling it from the registry or by importing it

Example request:

POST /images/create?fromImage=ubuntu HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {"status": "Pulling..."}
{"status": "Pulling", "progress": "1 B/ 100 B", "progressDetail": {"current": 1, "total": 100}}
{"error": "Invalid..."}
...

When using this endpoint to pull an image from the registry, the X-Registry-Auth header can be used to include a base64-encoded AuthConfig object.

Query parameters:

  • fromImage – Name of the image to pull. The name may include a tag or digest. This parameter may only be used when pulling an image. The pull is cancelled if the HTTP connection is closed.
  • fromSrc – Source to import. The value may be a URL from which the image can be retrieved or - to read the image from the request body. This parameter may only be used when importing an image.
  • repo – Repository name given to an image when it is imported. The repo may include a tag. This parameter may only be used when importing an image.
  • tag – Tag or digest.

    Request Headers:

  • X-Registry-Auth – base64-encoded AuthConfig object, containing either login information, or a token

    • Credential based login:

      {
      "username": "jdoe",
      "password": "secret",
      "email": "jdoe@acme.com"
      }
    • Token based login:

      {
      "registrytoken": "9cbaf023786cd7..."
      }

Status codes:

  • 200 – no error
  • 500 – server error

Inspect an image

GET /images/(name)/json

Return low-level information on the image name

Example request:

GET /images/example/json HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"Id" : "sha256:85f05633ddc1c50679be2b16a0479ab6f7637f8884e0cfe0f4d20e1ebb3d6e7c",
"Container" : "cb91e48a60d01f1e27028b4fc6819f4f290b3cf12496c8176ec714d0d390984a",
"Comment" : "",
"Os" : "linux",
"Architecture" : "amd64",
"Parent" : "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
"ContainerConfig" : {
"Tty" : false,
"Hostname" : "e611e15f9c9d",
"Volumes" : null,
"Domainname" : "",
"AttachStdout" : false,
"PublishService" : "",
"AttachStdin" : false,
"OpenStdin" : false,
"StdinOnce" : false,
"NetworkDisabled" : false,
"OnBuild" : [],
"Image" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
"User" : "",
"WorkingDir" : "",
"Entrypoint" : null,
"MacAddress" : "",
"AttachStderr" : false,
"Labels" : {
"com.example.license" : "GPL",
"com.example.version" : "1.0",
"com.example.vendor" : "Acme"
},
"Env" : [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"ExposedPorts" : null,
"Cmd" : [
"/bin/sh",
"-c",
"#(nop) LABEL com.example.vendor=Acme com.example.license=GPL com.example.version=1.0"
]
},
"DockerVersion" : "1.9.0-dev",
"VirtualSize" : 188359297,
"Size" : 0,
"Author" : "",
"Created" : "2015-09-10T08:30:53.26995814Z",
"GraphDriver" : {
"Name" : "aufs",
"Data" : null
},
"RepoDigests" : [
"localhost:5000/test/busybox/example@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"
],
"RepoTags" : [
"example:1.0",
"example:latest",
"example:stable"
],
"Config" : {
"Image" : "91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
"NetworkDisabled" : false,
"OnBuild" : [],
"StdinOnce" : false,
"PublishService" : "",
"AttachStdin" : false,
"OpenStdin" : false,
"Domainname" : "",
"AttachStdout" : false,
"Tty" : false,
"Hostname" : "e611e15f9c9d",
"Volumes" : null,
"Cmd" : [
"/bin/bash"
],
"ExposedPorts" : null,
"Env" : [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Labels" : {
"com.example.vendor" : "Acme",
"com.example.version" : "1.0",
"com.example.license" : "GPL"
},
"Entrypoint" : null,
"MacAddress" : "",
"AttachStderr" : false,
"WorkingDir" : "",
"User" : ""
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:1834950e52ce4d5a88a1bbd131c537f4d0e56d10ff0dd69e66be3b7dfa9df7e6",
"sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
]
}
}

Status codes:

  • 200 – no error
  • 404 – no such image
  • 500 – server error

Get the history of an image

GET /images/(name)/history

Return the history of the image name

Example request:

GET /images/ubuntu/history HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json [
{
"Id": "3db9c44f45209632d6050b35958829c3a2aa256d81b9a7be45b362ff85c54710",
"Created": 1398108230,
"CreatedBy": "/bin/sh -c #(nop) ADD file:eb15dbd63394e063b805a3c32ca7bf0266ef64676d5a6fab4801f2e81e2a5148 in /",
"Tags": [
"ubuntu:lucid",
"ubuntu:10.04"
],
"Size": 182964289,
"Comment": ""
},
{
"Id": "6cfa4d1f33fb861d4d114f43b25abd0ac737509268065cdfd69d544a59c85ab8",
"Created": 1398108222,
"CreatedBy": "/bin/sh -c #(nop) MAINTAINER Tianon Gravi <admwiggin@gmail.com> - mkimage-debootstrap.sh -i iproute,iputils-ping,ubuntu-minimal -t lucid.tar.xz lucid http://archive.ubuntu.com/ubuntu/",
"Tags": null,
"Size": 0,
"Comment": ""
},
{
"Id": "511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158",
"Created": 1371157430,
"CreatedBy": "",
"Tags": [
"scratch12:latest",
"scratch:latest"
],
"Size": 0,
"Comment": "Imported from -"
}
]

Status codes:

  • 200 – no error
  • 404 – no such image
  • 500 – server error

Push an image on the registry

POST /images/(name)/push

Push the image name on the registry

Example request:

POST /images/test/push HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {"status": "Pushing..."}
{"status": "Pushing", "progress": "1/? (n/a)", "progressDetail": {"current": 1}}}
{"error": "Invalid..."}
...

If you wish to push an image on to a private registry, that image must already have a tag into a repository which references that registry hostname and port. This repository name should then be used in the URL. This duplicates the command line’s flow.

The push is cancelled if the HTTP connection is closed.

Example request:

POST /images/registry.acme.com:5000/test/push HTTP/1.1

Query parameters:

  • tag – The tag to associate with the image on the registry. This is optional.

Request Headers:

  • X-Registry-Auth – base64-encoded AuthConfig object, containing either login information, or a token

    • Credential based login:

      {
      "username": "jdoe",
      "password": "secret",
      "email": "jdoe@acme.com",
      }
    • Identity token based login:

      {
      "identitytoken": "9cbaf023786cd7..."
      }

Status codes:

  • 200 – no error
  • 404 – no such image
  • 500 – server error

Tag an image into a repository

POST /images/(name)/tag

Tag the image name into a repository

Example request:

POST /images/test/tag?repo=myrepo&tag=v42 HTTP/1.1

Example response:

HTTP/1.1 201 Created

Query parameters:

  • repo – The repository to tag in
  • tag - The new tag name

Status codes:

  • 201 – no error
  • 400 – bad parameter
  • 404 – no such image
  • 409 – conflict
  • 500 – server error

Remove an image

DELETE /images/(name)

Remove the image name from the filesystem

Example request:

DELETE /images/test HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-type: application/json [
{"Untagged": "3e2f21a89f"},
{"Deleted": "3e2f21a89f"},
{"Deleted": "53b4f83ac9"}
]

Query parameters:

  • force – 1/True/true or 0/False/false, default false
  • noprune – 1/True/true or 0/False/false, default false

Status codes:

  • 200 – no error
  • 404 – no such image
  • 409 – conflict
  • 500 – server error

Search images

GET /images/search

Search for an image on Docker Hub.

Note: The response keys have changed from API v1.6 to reflect the JSON sent by the registry server to the docker daemon’s request.

Example request:

GET /images/search?term=sshd HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json [
{
"description": "",
"is_official": false,
"is_automated": false,
"name": "wma55/u1210sshd",
"star_count": 0
},
{
"description": "",
"is_official": false,
"is_automated": false,
"name": "jdswinbank/sshd",
"star_count": 0
},
{
"description": "",
"is_official": false,
"is_automated": false,
"name": "vgauthier/sshd",
"star_count": 0
}
...
]

Query parameters:

  • term – term to search
  • limit – maximum returned search results
  • filters – a JSON encoded value of the filters (a map[string][]string) to process on the images list. Available filters:
    • stars=<number>
    • is-automated=(true|false)
    • is-official=(true|false)

Status codes:

  • 200 – no error
  • 500 – server error

3.3 Misc

Check auth configuration

POST /auth

Validate credentials for a registry and get identity token, if available, for accessing the registry without password.

Example request:

POST /auth HTTP/1.1
Content-Type: application/json {
"username": "hannibal",
"password": "xxxx",
"serveraddress": "https://index.docker.io/v1/"
}

Example response:

HTTP/1.1 200 OK

{
"Status": "Login Succeeded",
"IdentityToken": "9cbaf023786cd7..."
}

Status codes:

  • 200 – no error
  • 204 – no error
  • 500 – server error

Display system-wide information

GET /info

Display system-wide information

Example request:

GET /info HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"Architecture": "x86_64",
"ClusterStore": "etcd://localhost:2379",
"CgroupDriver": "cgroupfs",
"Containers": 11,
"ContainersRunning": 7,
"ContainersStopped": 3,
"ContainersPaused": 1,
"CpuCfsPeriod": true,
"CpuCfsQuota": true,
"Debug": false,
"DockerRootDir": "/var/lib/docker",
"Driver": "btrfs",
"DriverStatus": [[""]],
"ExperimentalBuild": false,
"HttpProxy": "http://test:test@localhost:8080",
"HttpsProxy": "https://test:test@localhost:8080",
"ID": "7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS",
"IPv4Forwarding": true,
"Images": 16,
"IndexServerAddress": "https://index.docker.io/v1/",
"InitPath": "/usr/bin/docker",
"InitSha1": "",
"KernelMemory": true,
"KernelVersion": "3.12.0-1-amd64",
"Labels": [
"storage=ssd"
],
"MemTotal": 2099236864,
"MemoryLimit": true,
"NCPU": 1,
"NEventsListener": 0,
"NFd": 11,
"NGoroutines": 21,
"Name": "prod-server-42",
"NoProxy": "9.81.1.160",
"OomKillDisable": true,
"OSType": "linux",
"OperatingSystem": "Boot2Docker",
"Plugins": {
"Volume": [
"local"
],
"Network": [
"null",
"host",
"bridge"
]
},
"RegistryConfig": {
"IndexConfigs": {
"docker.io": {
"Mirrors": null,
"Name": "docker.io",
"Official": true,
"Secure": true
}
},
"InsecureRegistryCIDRs": [
"127.0.0.0/8"
]
},
"SecurityOptions": [
"apparmor",
"seccomp",
"selinux"
],
"ServerVersion": "1.9.0",
"SwapLimit": false,
"SystemStatus": [["State", "Healthy"]],
"SystemTime": "2015-03-10T11:11:23.730591467-07:00"
}

Status codes:

  • 200 – no error
  • 500 – server error

Show the docker version information

GET /version

Show the docker version information

Example request:

GET /version HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"Version": "1.12.0",
"Os": "linux",
"KernelVersion": "3.19.0-23-generic",
"GoVersion": "go1.6.3",
"GitCommit": "deadbee",
"Arch": "amd64",
"ApiVersion": "1.24",
"BuildTime": "2016-06-14T07:09:13.444803460+00:00",
"Experimental": true
}

Status codes:

  • 200 – no error
  • 500 – server error

Ping the docker server

GET /_ping

Ping the docker server

Example request:

GET /_ping HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: text/plain OK

Status codes:

  • 200 - no error
  • 500 - server error

Create a new image from a container’s changes

POST /commit

Create a new image from a container’s changes

Example request:

POST /commit?container=44c004db4b17&comment=message&repo=myrepo HTTP/1.1
Content-Type: application/json {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": null,
"Cmd": [
"date"
],
"Mounts": [
{
"Source": "/data",
"Destination": "/data",
"Mode": "ro,Z",
"RW": false
}
],
"Labels": {
"key1": "value1",
"key2": "value2"
},
"WorkingDir": "",
"NetworkDisabled": false,
"ExposedPorts": {
"22/tcp": {}
}
}

Example response:

HTTP/1.1 201 Created
Content-Type: application/json {"Id": "596069db4bf5"}

JSON parameters:

  • config - the container’s configuration

Query parameters:

  • container – source container
  • repo – repository
  • tag – tag
  • comment – commit message
  • author – author (e.g., “John Hannibal Smith <hannibal@a-team.com>“)
  • pause – 1/True/true or 0/False/false, whether to pause the container before committing
  • changes – Dockerfile instructions to apply while committing

Status codes:

  • 201 – no error
  • 404 – no such container
  • 500 – server error

Monitor Docker’s events

GET /events

Get container events from docker, either in real time via streaming, or via polling (using since).

Docker containers report the following events:

attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update

Docker images report the following events:

delete, import, load, pull, push, save, tag, untag

Docker volumes report the following events:

create, mount, unmount, destroy

Docker networks report the following events:

create, connect, disconnect, destroy

Docker daemon report the following event:

reload

Example request:

GET /events?since=1374067924

Example response:

HTTP/1.1 200 OK
Content-Type: application/json
Server: Docker/1.10.0 (linux)
Date: Fri, 29 Apr 2016 15:18:06 GMT
Transfer-Encoding: chunked {
"status": "pull",
"id": "alpine:latest",
"Type": "image",
"Action": "pull",
"Actor": {
"ID": "alpine:latest",
"Attributes": {
"name": "alpine"
}
},
"time": 1461943101,
"timeNano": 1461943101301854122
}
{
"status": "create",
"id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"from": "alpine",
"Type": "container",
"Action": "create",
"Actor": {
"ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"Attributes": {
"com.example.some-label": "some-label-value",
"image": "alpine",
"name": "my-container"
}
},
"time": 1461943101,
"timeNano": 1461943101381709551
}
{
"status": "attach",
"id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"from": "alpine",
"Type": "container",
"Action": "attach",
"Actor": {
"ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"Attributes": {
"com.example.some-label": "some-label-value",
"image": "alpine",
"name": "my-container"
}
},
"time": 1461943101,
"timeNano": 1461943101383858412
}
{
"Type": "network",
"Action": "connect",
"Actor": {
"ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
"Attributes": {
"container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"name": "bridge",
"type": "bridge"
}
},
"time": 1461943101,
"timeNano": 1461943101394865557
}
{
"status": "start",
"id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"from": "alpine",
"Type": "container",
"Action": "start",
"Actor": {
"ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"Attributes": {
"com.example.some-label": "some-label-value",
"image": "alpine",
"name": "my-container"
}
},
"time": 1461943101,
"timeNano": 1461943101607533796
}
{
"status": "resize",
"id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"from": "alpine",
"Type": "container",
"Action": "resize",
"Actor": {
"ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"Attributes": {
"com.example.some-label": "some-label-value",
"height": "46",
"image": "alpine",
"name": "my-container",
"width": "204"
}
},
"time": 1461943101,
"timeNano": 1461943101610269268
}
{
"status": "die",
"id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"from": "alpine",
"Type": "container",
"Action": "die",
"Actor": {
"ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"Attributes": {
"com.example.some-label": "some-label-value",
"exitCode": "0",
"image": "alpine",
"name": "my-container"
}
},
"time": 1461943105,
"timeNano": 1461943105079144137
}
{
"Type": "network",
"Action": "disconnect",
"Actor": {
"ID": "7dc8ac97d5d29ef6c31b6052f3938c1e8f2749abbd17d1bd1febf2608db1b474",
"Attributes": {
"container": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"name": "bridge",
"type": "bridge"
}
},
"time": 1461943105,
"timeNano": 1461943105230860245
}
{
"status": "destroy",
"id": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"from": "alpine",
"Type": "container",
"Action": "destroy",
"Actor": {
"ID": "ede54ee1afda366ab42f824e8a5ffd195155d853ceaec74a927f249ea270c743",
"Attributes": {
"com.example.some-label": "some-label-value",
"image": "alpine",
"name": "my-container"
}
},
"time": 1461943105,
"timeNano": 1461943105338056026
}

Query parameters:

  • since – Timestamp used for polling
  • until – Timestamp used for polling
  • filters – A json encoded value of the filters (a map[string][]string) to process on the event list. Available filters:
    • container=<string>; -- container to filter
    • event=<string>; -- event to filter
    • image=<string>; -- image to filter
    • label=<string>; -- image and container label to filter
    • type=<string>; -- either container or image or volume or network or daemon
    • volume=<string>; -- volume to filter
    • network=<string>; -- network to filter
    • daemon=<string>; -- daemon name or id to filter

Status codes:

  • 200 – no error
  • 500 – server error

Get a tarball containing all images in a repository

GET /images/(name)/get

Get a tarball containing all images and metadata for the repository specified by name.

If name is a specific name and tag (e.g. ubuntu:latest), then only that image (and its parents) are returned. If name is an image ID, similarly only that image (and its parents) are returned, but with the exclusion of the ‘repositories’ file in the tarball, as there were no image names referenced.

See the image tarball format for more details.

Example request

GET /images/ubuntu/get

Example response:

HTTP/1.1 200 OK
Content-Type: application/x-tar Binary data stream

Status codes:

  • 200 – no error
  • 500 – server error

Get a tarball containing all images

GET /images/get

Get a tarball containing all images and metadata for one or more repositories.

For each value of the names parameter: if it is a specific name and tag (e.g. ubuntu:latest), then only that image (and its parents) are returned; if it is an image ID, similarly only that image (and its parents) are returned and there would be no names referenced in the ‘repositories’ file for this image ID.

See the image tarball format for more details.

Example request

GET /images/get?names=myname%2Fmyapp%3Alatest&names=busybox

Example response:

HTTP/1.1 200 OK
Content-Type: application/x-tar Binary data stream

Status codes:

  • 200 – no error
  • 500 – server error

Load a tarball with a set of images and tags into docker

POST /images/load

Load a set of images and tags into a Docker repository. See the image tarball format for more details.

Example request

POST /images/load

Tarball in body

Example response:

HTTP/1.1 200 OK

Status codes:

  • 200 – no error
  • 500 – server error

Image tarball format

An image tarball contains one directory per image layer (named using its long ID), each containing these files:

  • VERSION: currently 1.0 - the file format version
  • json: detailed layer information, similar to docker inspect layer_id
  • layer.tar: A tarfile containing the filesystem changes in this layer

The layer.tar file contains aufs style .wh..wh.aufs files and directories for storing attribute changes and deletions.

If the tarball defines a repository, the tarball should also include a repositories file at the root that contains a list of repository and tag names mapped to layer IDs.

{"hello-world":
{"latest": "565a9d68a73f6706862bfe8409a7f659776d4d60a8d096eb4a3cbce6999cc2a1"}
}

Exec Create

POST /containers/(id or name)/exec

Sets up an exec instance in a running container id

Example request:

POST /containers/e90e34656806/exec HTTP/1.1
Content-Type: application/json {
"AttachStdin": false,
"AttachStdout": true,
"AttachStderr": true,
"DetachKeys": "ctrl-p,ctrl-q",
"Tty": false,
"Cmd": [
"date"
]
}

Example response:

HTTP/1.1 201 Created
Content-Type: application/json {
"Id": "f90e34656806",
"Warnings":[]
}

JSON parameters:

  • AttachStdin - Boolean value, attaches to stdin of the exec command.
  • AttachStdout - Boolean value, attaches to stdout of the exec command.
  • AttachStderr - Boolean value, attaches to stderr of the exec command.
  • DetachKeys – Override the key sequence for detaching a container. Format is a single character [a-Z] or ctrl-<value>where <value> is one of: a-z@^[, or _.
  • Tty - Boolean value to allocate a pseudo-TTY.
  • Cmd - Command to run specified as a string or an array of strings.

Status codes:

  • 201 – no error
  • 404 – no such container
  • 409 - container is paused
  • 500 - server error

Exec Start

POST /exec/(id)/start

Starts a previously set up exec instance id. If detach is true, this API returns after starting the exec command. Otherwise, this API sets up an interactive session with the exec command.

Example request:

POST /exec/e90e34656806/start HTTP/1.1
Content-Type: application/json {
"Detach": false,
"Tty": false
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/vnd.docker.raw-stream {{ STREAM }}

JSON parameters:

  • Detach - Detach from the exec command.
  • Tty - Boolean value to allocate a pseudo-TTY.

Status codes:

  • 200 – no error
  • 404 – no such exec instance
  • 409 - container is paused

    Stream details: Similar to the stream behavior of POST /containers/(id or name)/attach API

Exec Resize

POST /exec/(id)/resize

Resizes the tty session used by the exec command id. The unit is number of characters. This API is valid only if tty was specified as part of creating and starting the exec command.

Example request:

POST /exec/e90e34656806/resize?h=40&w=80 HTTP/1.1
Content-Type: text/plain

Example response:

HTTP/1.1 201 Created
Content-Type: text/plain

Query parameters:

  • h – height of tty session
  • w – width

Status codes:

  • 201 – no error
  • 404 – no such exec instance

Exec Inspect

GET /exec/(id)/json

Return low-level information about the exec command id.

Example request:

GET /exec/11fb006128e8ceb3942e7c58d77750f24210e35f879dd204ac975c184b820b39/json HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"CanRemove": false,
"ContainerID": "b53ee82b53a40c7dca428523e34f741f3abc51d9f297a14ff874bf761b995126",
"DetachKeys": "",
"ExitCode": 2,
"ID": "f33bbfb39f5b142420f4759b2348913bd4a8d1a6d7fd56499cb41a1bb91d7b3b",
"OpenStderr": true,
"OpenStdin": true,
"OpenStdout": true,
"ProcessConfig": {
"arguments": [
"-c",
"exit 2"
],
"entrypoint": "sh",
"privileged": false,
"tty": true,
"user": "1000"
},
"Running": false
}

Status codes:

  • 200 – no error
  • 404 – no such exec instance
  • 500 - server error

3.4 Volumes

List volumes

GET /volumes

Example request:

GET /volumes HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"Volumes": [
{
"Name": "tardis",
"Driver": "local",
"Mountpoint": "/var/lib/docker/volumes/tardis"
}
],
"Warnings": []
}

Query parameters:

  • filters - JSON encoded value of the filters (a map[string][]string) to process on the volumes list. Available filters:

    • name=<volume-name> Matches all or part of a volume name.
    • dangling=<boolean> When set to true (or 1), returns all volumes that are “dangling” (not in use by a container). When set to false (or 0), only volumes that are in use by one or more containers are returned.
    • driver=<volume-driver-name> Matches all or part of a volume driver name.

Status codes:

  • 200 - no error
  • 500 - server error

Create a volume

POST /volumes/create

Create a volume

Example request:

POST /volumes/create HTTP/1.1
Content-Type: application/json {
"Name": "tardis",
"Labels": {
"com.example.some-label": "some-value",
"com.example.some-other-label": "some-other-value"
},
}

Example response:

HTTP/1.1 201 Created
Content-Type: application/json {
"Name": "tardis",
"Driver": "local",
"Mountpoint": "/var/lib/docker/volumes/tardis",
"Status": null,
"Labels": {
"com.example.some-label": "some-value",
"com.example.some-other-label": "some-other-value"
},
}

Status codes:

  • 201 - no error
  • 500 - server error

JSON parameters:

  • Name - The new volume’s name. If not specified, Docker generates a name.
  • Driver - Name of the volume driver to use. Defaults to local for the name.
  • DriverOpts - A mapping of driver options and values. These options are passed directly to the driver and are driver specific.
  • Labels - Labels to set on the volume, specified as a map: {"key":"value" [,"key2":"value2"]}

Inspect a volume

GET /volumes/(name)

Return low-level information on the volume name

Example request:

GET /volumes/tardis

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"Name": "tardis",
"Driver": "local",
"Mountpoint": "/var/lib/docker/volumes/tardis/_data",
"Labels": {
"com.example.some-label": "some-value",
"com.example.some-other-label": "some-other-value"
}
}

Status codes:

  • 200 - no error
  • 404 - no such volume
  • 500 - server error

Remove a volume

DELETE /volumes/(name)

Instruct the driver to remove the volume (name).

Example request:

DELETE /volumes/tardis HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Status codes:

  • 204 - no error
  • 404 - no such volume or volume driver
  • 409 - volume is in use and cannot be removed
  • 500 - server error

3.5 Networks

List networks

GET /networks

Example request:

GET /networks?filters={"type":{"custom":true}} HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json [
{
"Name": "bridge",
"Id": "f2de39df4171b0dc801e8002d1d999b77256983dfc63041c0f34030aa3977566",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"Internal": false,
"IPAM": {
"Driver": "default",
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Containers": {
"39b69226f9d79f5634485fb236a23b2fe4e96a0a94128390a7fbbcc167065867": {
"EndpointID": "ed2419a97c1d9954d05b46e462e7002ea552f216e9b136b80a7db8d98b442eda",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
}
},
{
"Name": "none",
"Id": "e086a3893b05ab69242d3c44e49483a3bbbd3a26b46baa8f61ab797c1088d794",
"Scope": "local",
"Driver": "null",
"EnableIPv6": false,
"Internal": false,
"IPAM": {
"Driver": "default",
"Config": []
},
"Containers": {},
"Options": {}
},
{
"Name": "host",
"Id": "13e871235c677f196c4e1ecebb9dc733b9b2d2ab589e30c539efeda84a24215e",
"Scope": "local",
"Driver": "host",
"EnableIPv6": false,
"Internal": false,
"IPAM": {
"Driver": "default",
"Config": []
},
"Containers": {},
"Options": {}
}
]

Query parameters:

  • filters - JSON encoded network list filter. The filter value is one of:

    • driver=<driver-name> Matches a network’s driver.
    • id=<network-id> Matches all or part of a network id.
    • label=<key> or label=<key>=<value> of a network label.
    • name=<network-name> Matches all or part of a network name.
    • type=["custom"|"builtin"] Filters networks by type. The custom keyword returns all user-defined networks.

Status codes:

  • 200 - no error
  • 500 - server error

Inspect network

GET /networks/<network-id>

Example request:

GET /networks/7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99 HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"Name": "net01",
"Id": "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1/16"
}
],
"Options": {
"foo": "bar"
}
},
"Internal": false,
"Containers": {
"19a4d5d687db25203351ed79d478946f861258f018fe384f229f2efa4b23513c": {
"Name": "test",
"EndpointID": "628cadb8bcb92de107b2a1e516cbffe463e321f548feb37697cce00ad694f21a",
"MacAddress": "02:42:ac:13:00:02",
"IPv4Address": "172.19.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {
"com.example.some-label": "some-value",
"com.example.some-other-label": "some-other-value"
}
}

Status codes:

  • 200 - no error
  • 404 - network not found

Create a network

POST /networks/create

Create a network

Example request:

POST /networks/create HTTP/1.1
Content-Type: application/json {
"Name":"isolated_nw",
"CheckDuplicate":false,
"Driver":"bridge",
"EnableIPv6": true,
"IPAM":{
"Config":[
{
"Subnet":"172.20.0.0/16",
"IPRange":"172.20.10.0/24",
"Gateway":"172.20.10.11"
},
{
"Subnet":"2001:db8:abcd::/64",
"Gateway":"2001:db8:abcd::1011"
}
],
"Options": {
"foo": "bar"
}
},
"Internal":true,
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {
"com.example.some-label": "some-value",
"com.example.some-other-label": "some-other-value"
}
}

Example response:

HTTP/1.1 201 Created
Content-Type: application/json {
"Id": "22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30",
"Warning": ""
}

Status codes:

  • 201 - no error
  • 404 - plugin not found
  • 500 - server error

JSON parameters:

  • Name - The new network’s name. this is a mandatory field
  • CheckDuplicate - Requests daemon to check for networks with same name
  • Driver - Name of the network driver plugin to use. Defaults to bridge driver
  • Internal - Restrict external access to the network
  • IPAM - Optional custom IP scheme for the network
  • EnableIPv6 - Enable IPv6 on the network
  • Options - Network specific options to be used by the drivers
  • Labels - Labels to set on the network, specified as a map: {"key":"value" [,"key2":"value2"]}

Connect a container to a network

POST /networks/(id)/connect

Connect a container to a network

Example request:

POST /networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/connect HTTP/1.1
Content-Type: application/json {
"Container":"3613f73ba0e4",
"EndpointConfig": {
"IPAMConfig": {
"IPv4Address":"172.24.56.89",
"IPv6Address":"2001:db8::5689"
}
}
}

Example response:

HTTP/1.1 200 OK

Status codes:

  • 200 - no error
  • 403 - operation not supported for swarm scoped networks
  • 404 - network or container is not found
  • 500 - Internal Server Error

JSON parameters:

  • container - container-id/name to be connected to the network

Disconnect a container from a network

POST /networks/(id)/disconnect

Disconnect a container from a network

Example request:

POST /networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30/disconnect HTTP/1.1
Content-Type: application/json {
"Container":"3613f73ba0e4",
"Force":false
}

Example response:

HTTP/1.1 200 OK

Status codes:

  • 200 - no error
  • 403 - operation not supported for swarm scoped networks
  • 404 - network or container not found
  • 500 - Internal Server Error

JSON parameters:

  • Container - container-id/name to be disconnected from a network
  • Force - Force the container to disconnect from a network

Remove a network

DELETE /networks/(id)

Instruct the driver to remove the network (id).

Example request:

DELETE /networks/22be93d5babb089c5aab8dbc369042fad48ff791584ca2da2100db837a1c7c30 HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Status codes:

  • 204 - no error
  • 404 - no such network
  • 500 - server error

3.6 Nodes

Note: Nodes operations require to first be part of a Swarm.

List nodes

GET /nodes

List nodes

Example request:

GET /nodes HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json [
{
"ID": "24ifsmvkjbyhk",
"Version": {
"Index": 8
},
"CreatedAt": "2016-06-07T20:31:11.853781916Z",
"UpdatedAt": "2016-06-07T20:31:11.999868824Z",
"Spec": {
"Role": "MANAGER",
"Availability": "ACTIVE"
},
"Description": {
"Hostname": "bf3067039e47",
"Platform": {
"Architecture": "x86_64",
"OS": "linux"
},
"Resources": {
"NanoCPUs": 4000000000,
"MemoryBytes": 8272408576
},
"Engine": {
"EngineVersion": "1.12.0-dev",
"Plugins": [
{
"Type": "Volume",
"Name": "local"
},
{
"Type": "Network",
"Name": "overlay"
}
]
}
},
"Status": {
"State": "READY"
},
"Manager": {
"Raft": {
"RaftID": 10070664527094528000,
"Addr": "172.17.0.2:4500",
"Status": {
"Leader": true,
"Reachability": "REACHABLE"
}
}
},
"Attachment": {
"Network": {
"ID": "4qvuz4ko70xaltuqbt8956gd1",
"Version": {
"Index": 6
},
"CreatedAt": "2016-06-07T20:31:11.912919752Z",
"UpdatedAt": "2016-06-07T20:31:11.921784144Z",
"Spec": {
"Name": "ingress",
"Labels": {
"com.docker.swarm.internal": "true"
},
"DriverConfiguration": {},
"IPAM": {
"Driver": {},
"Configs": [
{
"Family": "UNKNOWN",
"Subnet": "10.255.0.0/16"
}
]
}
},
"DriverState": {
"Name": "overlay",
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "256"
}
},
"IPAM": {
"Driver": {
"Name": "default"
},
"Configs": [
{
"Family": "UNKNOWN",
"Subnet": "10.255.0.0/16"
}
]
}
},
"Addresses": [
"10.255.0.2/16"
]
}
}
]

Query parameters:

  • filters – a JSON encoded value of the filters (a map[string][]string) to process on the nodes list. Available filters:

    • id=<node id>
    • name=<node name>
    • membership=(pending|accepted|rejected)`
    • role=(worker|manager)`

Status codes:

  • 200 – no error
  • 500 – server error

Inspect a node

GET /nodes/<id>

Return low-level information on the node id

Example request:

  GET /nodes/24ifsmvkjbyhk HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json {
"ID": "24ifsmvkjbyhk",
"Version": {
"Index": 8
},
"CreatedAt": "2016-06-07T20:31:11.853781916Z",
"UpdatedAt": "2016-06-07T20:31:11.999868824Z",
"Spec": {
"Role": "MANAGER",
"Availability": "ACTIVE"
},
"Description": {
"Hostname": "bf3067039e47",
"Platform": {
"Architecture": "x86_64",
"OS": "linux"
},
"Resources": {
"NanoCPUs": 4000000000,
"MemoryBytes": 8272408576
},
"Engine": {
"EngineVersion": "1.12.0-dev",
"Plugins": [
{
"Type": "Volume",
"Name": "local"
},
{
"Type": "Network",
"Name": "overlay"
}
]
}
},
"Status": {
"State": "READY"
},
"Manager": {
"Raft": {
"RaftID": 10070664527094528000,
"Addr": "172.17.0.2:4500",
"Status": {
"Leader": true,
"Reachability": "REACHABLE"
}
}
},
"Attachment": {
"Network": {
"ID": "4qvuz4ko70xaltuqbt8956gd1",
"Version": {
"Index": 6
},
"CreatedAt": "2016-06-07T20:31:11.912919752Z",
"UpdatedAt": "2016-06-07T20:31:11.921784144Z",
"Spec": {
"Name": "ingress",
"Labels": {
"com.docker.swarm.internal": "true"
},
"DriverConfiguration": {},
"IPAM": {
"Driver": {},
"Configs": [
{
"Family": "UNKNOWN",
"Subnet": "10.255.0.0/16"
}
]
}
},
"DriverState": {
"Name": "overlay",
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "256"
}
},
"IPAM": {
"Driver": {
"Name": "default"
},
"Configs": [
{
"Family": "UNKNOWN",
"Subnet": "10.255.0.0/16"
}
]
}
},
"Addresses": [
"10.255.0.2/16"
]
}
}

Status codes:

  • 200 – no error
  • 404 – no such node
  • 500 – server error

3.7 Swarm

Initialize a new Swarm

POST /swarm/init

Initialize a new Swarm

Example request:

POST /swarm/init HTTP/1.1
Content-Type: application/json {
"ListenAddr": "0.0.0.0:4500",
"AdvertiseAddr": "192.168.1.1:4500",
"ForceNewCluster": false,
"Spec": {
"Orchestration": {},
"Raft": {},
"Dispatcher": {},
"CAConfig": {}
}
}

Example response:

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8

Status codes:

  • 200 – no error
  • 400 – bad parameter
  • 406 – node is already part of a Swarm

JSON Parameters:

  • ListenAddr – Listen address used for inter-manager communication, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP). This can either be an address/port combination in the form 192.168.1.1:4567, or an interface followed by a port number, like eth0:4567. If the port number is omitted, the default swarm listening port is used.
  • AdvertiseAddr – Externally reachable address advertised to other nodes. This can either be an address/port combination in the form 192.168.1.1:4567, or an interface followed by a port number, like eth0:4567. If the port number is omitted, the port number from the listen address is used. If AdvertiseAddr is not specified, it will be automatically detected when possible.
  • ForceNewCluster – Force creating a new Swarm even if already part of one.
  • Spec – Configuration settings of the new Swarm.
    • Orchestration – Configuration settings for the orchestration aspects of the Swarm.

      • TaskHistoryRetentionLimit – Maximum number of tasks history stored.
    • Raft – Raft related configuration.
      • SnapshotInterval – Number of logs entries between snapshot.
      • KeepOldSnapshots – Number of snapshots to keep beyond the current snapshot.
      • LogEntriesForSlowFollowers – Number of log entries to keep around to sync up slow followers after a snapshot is created.
      • HeartbeatTick – Amount of ticks (in seconds) between each heartbeat.
      • ElectionTick – Amount of ticks (in seconds) needed without a leader to trigger a new election.
    • Dispatcher – Configuration settings for the task dispatcher.
      • HeartbeatPeriod – The delay for an agent to send a heartbeat to the dispatcher.
    • CAConfig – Certificate authority configuration.
      • NodeCertExpiry – Automatic expiry for nodes certificates.
      • ExternalCA - Configuration for forwarding signing requests to an external certificate authority.
        • Protocol - Protocol for communication with the external CA (currently only “cfssl” is supported).
        • URL - URL where certificate signing requests should be sent.
        • Options - An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver.

Join an existing Swarm

POST /swarm/join

Join an existing new Swarm

Example request:

POST /swarm/join HTTP/1.1
Content-Type: application/json {
"ListenAddr": "0.0.0.0:4500",
"AdvertiseAddr: "192.168.1.1:4500",
"RemoteAddrs": ["node1:4500"],
"JoinToken": "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
}

Example response:

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8

Status codes:

  • 200 – no error
  • 400 – bad parameter
  • 406 – node is already part of a Swarm

JSON Parameters:

  • ListenAddr – Listen address used for inter-manager communication if the node gets promoted to manager, as well as determining the networking interface used for the VXLAN Tunnel Endpoint (VTEP).
  • AdvertiseAddr – Externally reachable address advertised to other nodes. This can either be an address/port combination in the form 192.168.1.1:4567, or an interface followed by a port number, like eth0:4567. If the port number is omitted, the port number from the listen address is used. If AdvertiseAddr is not specified, it will be automatically detected when possible.
  • RemoteAddr – Address of any manager node already participating in the Swarm to join.
  • JoinToken – Secret token for joining this Swarm.

Leave a Swarm

POST /swarm/leave

Leave a Swarm

Example request:

POST /swarm/leave HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8

Status codes:

  • 200 – no error
  • 406 – node is not part of a Swarm

Update a Swarm

POST /swarm/update

Update a Swarm

Example request:

POST /swarm/update HTTP/1.1

{
"Name": "default",
"Orchestration": {
"TaskHistoryRetentionLimit": 10
},
"Raft": {
"SnapshotInterval": 10000,
"LogEntriesForSlowFollowers": 500,
"HeartbeatTick": 1,
"ElectionTick": 3
},
"Dispatcher": {
"HeartbeatPeriod": 5000000000
},
"CAConfig": {
"NodeCertExpiry": 7776000000000000
},
"JoinTokens": {
"Worker": "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx",
"Manager": "SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2"
}
}

Example response:

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8

Query parameters:

  • version – The version number of the swarm object being updated. This is required to avoid conflicting writes.
  • rotateWorkerToken - Set to true (or 1) to rotate the worker join token.
  • rotateManagerToken - Set to true (or 1) to rotate the manager join token.

Status codes:

  • 200 – no error
  • 400 – bad parameter
  • 406 – node is not part of a Swarm

JSON Parameters:

  • Orchestration – Configuration settings for the orchestration aspects of the Swarm.

    • TaskHistoryRetentionLimit – Maximum number of tasks history stored.
  • Raft – Raft related configuration.
    • SnapshotInterval – Number of logs entries between snapshot.
    • KeepOldSnapshots – Number of snapshots to keep beyond the current snapshot.
    • LogEntriesForSlowFollowers – Number of log entries to keep around to sync up slow followers after a snapshot is created.
    • HeartbeatTick – Amount of ticks (in seconds) between each heartbeat.
    • ElectionTick – Amount of ticks (in seconds) needed without a leader to trigger a new election.
  • Dispatcher – Configuration settings for the task dispatcher.
    • HeartbeatPeriod – The delay for an agent to send a heartbeat to the dispatcher.
  • CAConfig – CA configuration.
    • NodeCertExpiry – Automatic expiry for nodes certificates.
    • ExternalCA - Configuration for forwarding signing requests to an external certificate authority.
      • Protocol - Protocol for communication with the external CA (currently only “cfssl” is supported).
      • URL - URL where certificate signing requests should be sent.
      • Options - An object with key/value pairs that are interpreted as protocol-specific options for the external CA driver.
  • JoinTokens - Tokens that can be used by other nodes to join the Swarm.
    • Worker - Token to use for joining as a worker.
    • Manager - Token to use for joining as a manager.

3.8 Services

Note: Service operations require to first be part of a Swarm.

List services

GET /services

List services

Example request:

GET /services HTTP/1.1

Example response:

HTTP/1.1 200 OK
Content-Type: application/json [
{
"ID": "9mnpnzenvg8p8tdbtq4wvbkcz",
"Version": {
"Index": 19
},
"CreatedAt": "2016-06-07T21:05:51.880065305Z",
"UpdatedAt": "2016-06-07T21:07:29.962229872Z",
"Spec": {
"Name": "hopeful_cori",
"TaskTemplate": {
"ContainerSpec": {
"Image": "redis"
},
"Resources": {
"Limits": {},
"Reservations": {}
},
"RestartPolicy": {
"Condition": "ANY"
},
"Placement": {}
},
"Mode": {
"Replicated": {
"Replicas": 1
}
},
"UpdateConfig": {
"Parallelism": 1
},
"EndpointSpec": {
"Mode": "VIP",
"Ingress": "PUBLICPORT",
"ExposedPorts": [
{
"Protocol": "tcp",
"Port": 6379
}
]
}
},
"Endpoint": {
"Spec": {},
"ExposedPorts": [
{
"Protocol": "tcp",
"Port": 6379,
"PublicPort": 30000
}
],
"VirtualIPs": [
{
"NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
"Addr": "10.255.0.2/16"
},
{
"NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
"Addr": "10.255.0.3/16"
}
]
}
}
]

Query parameters:

  • filters – a JSON encoded value of the filters (a map[string][]string) to process on the services list. Available filters:

    • id=<node id>
    • name=<node name>

Status codes:

  • 200 – no error
  • 500 – server error

Create a service

POST /services/create

Create a service

Example request:

POST /services/create HTTP/1.1
Content-Type: application/json {
"Name": "web",
"TaskTemplate": {
"ContainerSpec": {
"Image": "nginx:alpine",
"Mounts": [
{
"ReadOnly": true,
"Source": "web-data",
"Target": "/usr/share/nginx/html",
"Type": "volume",
"VolumeOptions": {
"DriverConfig": {
},
"Labels": {
"com.example.something": "something-value"
}
}
}
],
"User": "33"
},
"LogDriver": {
"Name": "json-file",
"Options": {
"max-file": "3",
"max-size": "10M"
}
},
"Placement": {},
"Resources": {
"Limits": {
"MemoryBytes": 104857600.0
},
"Reservations": {
}
},
"RestartPolicy": {
"Condition": "on-failure",
"Delay": 10000000000.0,
"MaxAttempts": 10
}
},
"Mode": {
"Replicated": {
"Replicas": 4
}
},
"UpdateConfig": {
"Delay": 30000000000.0,
"Parallelism": 2,
"FailureAction": "pause"
},
"EndpointSpec": {
"Ports": [
{
"Protocol": "tcp",
"PublishedPort": 8080,
"TargetPort": 80
}
]
},
"Labels": {
"foo": "bar"
}
}

Example response:

HTTP/1.1 201 Created
Content-Type: application/json {
"Id":"ak7w3gjqoa3kuz8xcpnyy0pvl"
}

Status codes:

  • 201 – no error
  • 406 – server error or node is not part of a Swarm

JSON Parameters:

  • Annotations – Optional medata to associate with the service.

    • Name – User-defined name for the service.
    • Labels – A map of labels to associate with the service (e.g., {"key":"value"[,"key2":"value2"]}).
  • TaskTemplate – Specification of the tasks to start as part of the new service.
    • ContainerSpec - Container settings for containers started as part of this task.

      • Image – A string specifying the image name to use for the container.
      • Command – The command to be run in the image.
      • Args – Arguments to the command.
      • Env – A list of environment variables in the form of ["VAR=value"[,"VAR2=value2"]].
      • Dir – A string specifying the working directory for commands to run in.
      • User – A string value specifying the user inside the container.
      • Labels – A map of labels to associate with the service (e.g., {"key":"value"[,"key2":"value2"]}).
      • Mounts – Specification for mounts to be added to containers created as part of the service.
        • Target – Container path.
        • Source – Mount source (e.g. a volume name, a host path).
        • Type – The mount type (bind, or volume).
        • ReadOnly – A boolean indicating whether the mount should be read-only.
        • BindOptions - Optional configuration for the bind type.
          • Propagation – A propagation mode with the value [r]private[r]shared, or [r]slave.
        • VolumeOptions – Optional configuration for the volume type.
          • NoCopy – A boolean indicating if volume should be populated with the data from the target. (Default false)
          • Labels – User-defined name and labels for the volume.
          • DriverConfig – Map of driver-specific options.
            • Name - Name of the driver to use to create the volume.
            • Options - key/value map of driver specific options.
      • StopGracePeriod – Amount of time to wait for the container to terminate before forcefully killing it.
    • LogDriver - Log configuration for containers created as part of the service.
      • Name - Name of the logging driver to use (json-filesyslogjournaldgelffluentdawslogssplunk,etwlogsnone).
      • Options - Driver-specific options.
    • Resources – Resource requirements which apply to each individual container created as part of the service.
      • Limits – Define resources limits.

        • NanoCPUs – CPU limit in units of 10-9 CPU shares.
        • MemoryBytes – Memory limit in Bytes.
      • Reservation – Define resources reservation.
        • NanoCPUs – CPU reservation in units of 10-9 CPU shares.
        • MemoryBytes – Memory reservation in Bytes.
    • RestartPolicy – Specification for the restart policy which applies to containers created as part of this service.
      • Condition – Condition for restart (noneon-failure, or any).
      • Delay – Delay between restart attempts.
      • Attempts – Maximum attempts to restart a given container before giving up (default value is 0, which is ignored).
      • Window – Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded).
    • Placement – An array of constraints.
  • Mode – Scheduling mode for the service (replicated or global, defaults to replicated).
  • UpdateConfig – Specification for the update strategy of the service.
    • Parallelism – Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism).
    • Delay – Amount of time between updates.
    • FailureAction - Action to take if an updated task fails to run, or stops running during the update. Values are continue andpause.
  • Networks – Array of network names or IDs to attach the service to.
  • Endpoint – Properties that can be configured to access and load balance a service.
    • Spec –

      • Mode – The mode of resolution to use for internal load balancing between tasks (vip or dnsrr).
      • Ports – Exposed ports that this service is accessible on from the outside, in the form of: "Ports": { "<port>/<tcp|udp>: {}" }
    • VirtualIPs

Remove a service

DELETE /services/(id or name)

Stop and remove the service id

Example request:

DELETE /services/16253994b7c4 HTTP/1.1

Example response:

HTTP/1.1 204 No Content

Status codes:

  • 204 – no error
  • 404 – no such service
  • 500 – server error

Inspect one or more services

GET /services/(id or name)

Return information on the service id.

Example request:

GET /services/1cb4dnqcyx6m66g2t538x3rxha HTTP/1.1

Example response:

{
"ID": "ak7w3gjqoa3kuz8xcpnyy0pvl",
"Version": {
"Index": 95
},
"CreatedAt": "2016-06-07T21:10:20.269723157Z",
"UpdatedAt": "2016-06-07T21:10:20.276301259Z",
"Spec": {
"Name": "redis",
"Task": {
"ContainerSpec": {
"Image": "redis"
},
"Resources": {
"Limits": {},
"Reservations": {}
},
"RestartPolicy": {
"Condition": "ANY"
},
"Placement": {}
},
"Mode": {
"Replicated": {
"Replicas": 1
}
},
"UpdateConfig": {
"Parallelism": 1
},
"EndpointSpec": {
"Mode": "VIP",
"Ingress": "PUBLICPORT",
"ExposedPorts": [
{
"Protocol": "tcp",
"Port": 6379
}
]
}
},
"Endpoint": {
"Spec": {},
"ExposedPorts": [
{
"Protocol": "tcp",
"Port": 6379,
"PublicPort": 30001
}
],
"VirtualIPs": [
{
"NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
"Addr": "10.255.0.4/16"
}
]
}
}

Status codes:

  • 200 – no error
  • 404 – no such service
  • 500 – server error

Update a service

POST /services/(id or name)/update

Update the service id.

Example request:

POST /services/1cb4dnqcyx6m66g2t538x3rxha/update HTTP/1.1

{
"Name": "top",
"TaskTemplate": {
"ContainerSpec": {
"Image": "busybox",
"Args": [
"top"
]
},
"Resources": {
"Limits": {},
"Reservations": {}
},
"RestartPolicy": {
"Condition": "any",
"MaxAttempts": 0
},
"Placement": {}
},
"Mode": {
"Replicated": {
"Replicas": 1
}
},
"UpdateConfig": {
"Parallelism": 1
},
"EndpointSpec": {
"Mode": "vip"
}
}

Example response:

  HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8

JSON Parameters:

  • Annotations – Optional medata to associate with the service.

    • Name – User-defined name for the service.
    • Labels – A map of labels to associate with the service (e.g., {"key":"value"[,"key2":"value2"]}).
  • TaskTemplate – Specification of the tasks to start as part of the new service.
    • ContainerSpec - Container settings for containers started as part of this task.

      • Image – A string specifying the image name to use for the container.
      • Command – The command to be run in the image.
      • Args – Arguments to the command.
      • Env – A list of environment variables in the form of ["VAR=value"[,"VAR2=value2"]].
      • Dir – A string specifying the working directory for commands to run in.
      • User – A string value specifying the user inside the container.
      • Labels – A map of labels to associate with the service (e.g., {"key":"value"[,"key2":"value2"]}).
      • Mounts – Specification for mounts to be added to containers created as part of the new service.
        • Target – Container path.
        • Source – Mount source (e.g. a volume name, a host path).
        • Type – The mount type (bind, or volume).
        • ReadOnly – A boolean indicating whether the mount should be read-only.
        • BindOptions - Optional configuration for the bind type
          • Propagation – A propagation mode with the value [r]private[r]shared, or [r]slave.
        • VolumeOptions – Optional configuration for the volume type.
          • NoCopy – A boolean indicating if volume should be populated with the data from the target. (Default false)
          • Labels – User-defined name and labels for the volume.
          • DriverConfig – Map of driver-specific options.
            • Name - Name of the driver to use to create the volume
            • Options - key/value map of driver specific options
      • StopGracePeriod – Amount of time to wait for the container to terminate before forcefully killing it.
    • Resources – Resource requirements which apply to each individual container created as part of the service.
      • Limits – Define resources limits.

        • CPU – CPU limit
        • Memory – Memory limit
      • Reservation – Define resources reservation.
        • CPU – CPU reservation
        • Memory – Memory reservation
    • RestartPolicy – Specification for the restart policy which applies to containers created as part of this service.
      • Condition – Condition for restart (noneon-failure, or any).
      • Delay – Delay between restart attempts.
      • Attempts – Maximum attempts to restart a given container before giving up (default value is 0, which is ignored).
      • Window – Windows is the time window used to evaluate the restart policy (default value is 0, which is unbounded).
    • Placement – An array of constraints.
  • Mode – Scheduling mode for the service (replicated or global, defaults to replicated).
  • UpdateConfig – Specification for the update strategy of the service.
    • Parallelism – Maximum number of tasks to be updated in one iteration (0 means unlimited parallelism).
    • Delay – Amount of time between updates.
  • Networks – Array of network names or IDs to attach the service to.
  • Endpoint – Properties that can be configured to access and load balance a service.
    • Spec –

      • Mode – The mode of resolution to use for internal load balancing between tasks (vip or dnsrr).
      • Ports – Exposed ports that this service is accessible on from the outside, in the form of: "Ports": { "<port>/<tcp|udp>: {}" }
    • VirtualIPs

Query parameters:

  • version – The version number of the service object being updated. This is required to avoid conflicting writes.

Status codes:

  • 200 – no error
  • 404 – no such service
  • 500 – server error

3.9 Tasks

Note: Tasks operations require to first be part of a Swarm.

List tasks

GET /tasks

List tasks

Example request:

GET /tasks HTTP/1.1

Example response:

[
{
"ID": "0kzzo1i0y4jz6027t0k7aezc7",
"Version": {
"Index": 71
},
"CreatedAt": "2016-06-07T21:07:31.171892745Z",
"UpdatedAt": "2016-06-07T21:07:31.376370513Z",
"Name": "hopeful_cori",
"Spec": {
"ContainerSpec": {
"Image": "redis"
},
"Resources": {
"Limits": {},
"Reservations": {}
},
"RestartPolicy": {
"Condition": "ANY"
},
"Placement": {}
},
"ServiceID": "9mnpnzenvg8p8tdbtq4wvbkcz",
"Instance": 1,
"NodeID": "24ifsmvkjbyhk",
"ServiceAnnotations": {},
"Status": {
"Timestamp": "2016-06-07T21:07:31.290032978Z",
"State": "FAILED",
"Message": "execution failed",
"ContainerStatus": {}
},
"DesiredState": "SHUTDOWN",
"NetworksAttachments": [
{
"Network": {
"ID": "4qvuz4ko70xaltuqbt8956gd1",
"Version": {
"Index": 18
},
"CreatedAt": "2016-06-07T20:31:11.912919752Z",
"UpdatedAt": "2016-06-07T21:07:29.955277358Z",
"Spec": {
"Name": "ingress",
"Labels": {
"com.docker.swarm.internal": "true"
},
"DriverConfiguration": {},
"IPAM": {
"Driver": {},
"Configs": [
{
"Family": "UNKNOWN",
"Subnet": "10.255.0.0/16"
}
]
}
},
"DriverState": {
"Name": "overlay",
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "256"
}
},
"IPAM": {
"Driver": {
"Name": "default"
},
"Configs": [
{
"Family": "UNKNOWN",
"Subnet": "10.255.0.0/16"
}
]
}
},
"Addresses": [
"10.255.0.10/16"
]
}
],
"Endpoint": {
"Spec": {},
"ExposedPorts": [
{
"Protocol": "tcp",
"Port": 6379,
"PublicPort": 30000
}
],
"VirtualIPs": [
{
"NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
"Addr": "10.255.0.2/16"
},
{
"NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
"Addr": "10.255.0.3/16"
}
]
}
},
{
"ID": "1yljwbmlr8er2waf8orvqpwms",
"Version": {
"Index": 30
},
"CreatedAt": "2016-06-07T21:07:30.019104782Z",
"UpdatedAt": "2016-06-07T21:07:30.231958098Z",
"Name": "hopeful_cori",
"Spec": {
"ContainerSpec": {
"Image": "redis"
},
"Resources": {
"Limits": {},
"Reservations": {}
},
"RestartPolicy": {
"Condition": "ANY"
},
"Placement": {}
},
"ServiceID": "9mnpnzenvg8p8tdbtq4wvbkcz",
"Instance": 1,
"NodeID": "24ifsmvkjbyhk",
"ServiceAnnotations": {},
"Status": {
"Timestamp": "2016-06-07T21:07:30.202183143Z",
"State": "FAILED",
"Message": "execution failed",
"ContainerStatus": {}
},
"DesiredState": "SHUTDOWN",
"NetworksAttachments": [
{
"Network": {
"ID": "4qvuz4ko70xaltuqbt8956gd1",
"Version": {
"Index": 18
},
"CreatedAt": "2016-06-07T20:31:11.912919752Z",
"UpdatedAt": "2016-06-07T21:07:29.955277358Z",
"Spec": {
"Name": "ingress",
"Labels": {
"com.docker.swarm.internal": "true"
},
"DriverConfiguration": {},
"IPAM": {
"Driver": {},
"Configs": [
{
"Family": "UNKNOWN",
"Subnet": "10.255.0.0/16"
}
]
}
},
"DriverState": {
"Name": "overlay",
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "256"
}
},
"IPAM": {
"Driver": {
"Name": "default"
},
"Configs": [
{
"Family": "UNKNOWN",
"Subnet": "10.255.0.0/16"
}
]
}
},
"Addresses": [
"10.255.0.5/16"
]
}
],
"Endpoint": {
"Spec": {},
"ExposedPorts": [
{
"Protocol": "tcp",
"Port": 6379,
"PublicPort": 30000
}
],
"VirtualIPs": [
{
"NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
"Addr": "10.255.0.2/16"
},
{
"NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
"Addr": "10.255.0.3/16"
}
]
}
}
]

Query parameters:

  • filters – a JSON encoded value of the filters (a map[string][]string) to process on the services list. Available filters:

    • id=<task id>
    • name=<task name>
    • service=<service name>

Status codes:

  • 200 – no error
  • 500 – server error

Inspect a task

GET /tasks/(task id)

Get details on a task

Example request:

GET /tasks/0kzzo1i0y4jz6027t0k7aezc7 HTTP/1.1

Example response:

{
"ID": "0kzzo1i0y4jz6027t0k7aezc7",
"Version": {
"Index": 71
},
"CreatedAt": "2016-06-07T21:07:31.171892745Z",
"UpdatedAt": "2016-06-07T21:07:31.376370513Z",
"Name": "hopeful_cori",
"Spec": {
"ContainerSpec": {
"Image": "redis"
},
"Resources": {
"Limits": {},
"Reservations": {}
},
"RestartPolicy": {
"Condition": "ANY"
},
"Placement": {}
},
"ServiceID": "9mnpnzenvg8p8tdbtq4wvbkcz",
"Instance": 1,
"NodeID": "24ifsmvkjbyhk",
"ServiceAnnotations": {},
"Status": {
"Timestamp": "2016-06-07T21:07:31.290032978Z",
"State": "FAILED",
"Message": "execution failed",
"ContainerStatus": {}
},
"DesiredState": "SHUTDOWN",
"NetworksAttachments": [
{
"Network": {
"ID": "4qvuz4ko70xaltuqbt8956gd1",
"Version": {
"Index": 18
},
"CreatedAt": "2016-06-07T20:31:11.912919752Z",
"UpdatedAt": "2016-06-07T21:07:29.955277358Z",
"Spec": {
"Name": "ingress",
"Labels": {
"com.docker.swarm.internal": "true"
},
"DriverConfiguration": {},
"IPAM": {
"Driver": {},
"Configs": [
{
"Family": "UNKNOWN",
"Subnet": "10.255.0.0/16"
}
]
}
},
"DriverState": {
"Name": "overlay",
"Options": {
"com.docker.network.driver.overlay.vxlanid_list": "256"
}
},
"IPAM": {
"Driver": {
"Name": "default"
},
"Configs": [
{
"Family": "UNKNOWN",
"Subnet": "10.255.0.0/16"
}
]
}
},
"Addresses": [
"10.255.0.10/16"
]
}
],
"Endpoint": {
"Spec": {},
"ExposedPorts": [
{
"Protocol": "tcp",
"Port": 6379,
"PublicPort": 30000
}
],
"VirtualIPs": [
{
"NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
"Addr": "10.255.0.2/16"
},
{
"NetworkID": "4qvuz4ko70xaltuqbt8956gd1",
"Addr": "10.255.0.3/16"
}
]
}
}

Status codes:

  • 200 – no error
  • 404 – unknown task
  • 500 – server error

4. Going further

4.1 Inside docker run

As an example, the docker run command line makes the following API calls:

  • Create the container

  • If the status code is 404, it means the image doesn’t exist:

    • Try to pull it.
    • Then, retry to create the container.
  • Start the container.

  • If you are not in detached mode:

  • Attach to the container, using logs=1 (to have stdout and stderr from the container’s start) and stream=1

  • If in detached mode or only stdin is attached, display the container’s id.

4.2 Hijacking

In this version of the API, /attach, uses hijacking to transport stdinstdout, and stderr on the same socket.

To hint potential proxies about connection hijacking, Docker client sends connection upgrade headers similarly to websocket.

Upgrade: tcp
Connection: Upgrade

When Docker daemon detects the Upgrade header, it switches its status code from 200 OK to 101 UPGRADED and resends the same headers.

4.3 CORS Requests

To set cross origin requests to the remote api please give values to --api-cors-header when running Docker in daemon mode. Set * (asterisk) allows all, default or blank means CORS disabled

$ dockerd -H="192.168.1.9:2375" --api-cors-header="http://foo.bar"

Docker Remote API v1.24的更多相关文章

  1. 关于docker remote api未授权访问漏洞的学习与研究

    漏洞介绍: 该未授权访问漏洞是因为docker remote api可以执行docker命令,从官方文档可以看出,该接口是目的是取代docker 命令界面,通过url操作docker. docker ...

  2. [Shell]Docker remote api未授权访问漏洞(Port=2375)

    0x01 简介 该未授权访问漏洞是因为docker remote api可以执行docker命令,从官方文档可以看出,该接口是目的是取代docker 命令界面,通过url操作docker. Docke ...

  3. Docker入门教程(八)Docker Remote API

    Docker入门教程(八)Docker Remote API [编者的话]DockerOne组织翻译了Flux7的Docker入门教程,本文是系列入门教程的第八篇,重点介绍了Docker Remote ...

  4. 【转+自己研究】新姿势之Docker Remote API未授权访问漏洞分析和利用

    0x00 概述 最近提交了一些关于 docker remote api 未授权访问导致代码泄露.获取服务器root权限的漏洞,造成的影响都比较严重,比如 新姿势之获取果壳全站代码和多台机器root权限 ...

  5. Docker remote API简单配置使用

    1.启动docker remote API的方式如下: docker -d -H uninx:///var/run/docker.sock -H tcp://0.0.0.0:5678 2.但是为了伴随 ...

  6. Docker remote API

    Docker remote API 该教程基于Ubuntu或Debian环境,如果不是,请略过本文 Docker API 在Docker生态系统中一共有三种API Registry API:提供了与来 ...

  7. docker remote api enable in ubuntu

    现在使用docker作为开发环境,操作系统是ubuntu16.10,pycharm中使用remote interpreter,需要用到remote api,结果发现自己的原答案是针对ubuntu 14 ...

  8. docker remote api 的安全隐患

    开启docker的api,首先要知道docker的守护进程daemon,在下认为daemon作为Client和service连接的一个桥梁,负责代替将client的请求传递给service端. 默认情 ...

  9. [开源夏令营][四] Docker remote API 之 镜像篇

    列出镜像 列出镜像,有两个可选參数,一个是all,一个是filter,all可选值有,0/False/false,1/True/true,默觉得0:filter是一个包括一个过滤对象的json,形式如 ...

随机推荐

  1. Vue教程:过滤器filters(五)

    Vue.js 允许你自定义过滤器,可被用于一些常见的文本格式化.过滤器可以用在两个地方:双花括号插值和 v-bind 表达式 (后者从 2.1.0+ 开始支持).过滤器应该被添加在 JavaScrip ...

  2. 阿里云云服务器Windows Server 2012 R2无法安装IIS等组件的解决办法

    Windows Server2012 R2数据中心版 不管安装什么组件,都显示存储空间不足,无法应用命令,错误代码0x80070008. 最终确认是服务器配置过低的原因,因为这个型号是低级别的配置,1 ...

  3. 手写redis客户端

    一.RESP通信协议 Redis Serialization Protocol (Redis序列化协议). 特点:容易实现.解析快.可读性强 以\r\n分割数据. 二.撸代码 package com. ...

  4. SQL SERVER 对权限的授予GRANT、拒绝DENY、收回REVOKE

    -----对用户member授权,允许其具有对数据表person的更新和删除的操作权限:GRANT UPDATE,DELETE ON personTO member WITH GRANT OPTION ...

  5. 【oracle使用笔记1】SQL报的常见错误

    项目中使用最多的就是oracle数据库了,在实际的开发中书写SQL时遇到过许多错误,趁着现在不太忙,把之前遇到的总结一下,以后遇到的会持续更新总结. 1. ORA-00001:违反唯一约束条件 [原因 ...

  6. Layered Architecture 分层架构

    分层的价值在于每一层都只代表程序中的某一特定方面.这种限制使每个方面的设计都更具有内聚性,更容易解释. 大多数成功的架构使用的都是包括下面这四个概念层的某个版本

  7. 类似"音速启动"的原创工具简码"万能助手"在线用户数终于突破100了!

    原本只是开发出来方便自己的一个小工具,看到群友也喜欢,就随手分享了, 经过1个多月的自然积累,在线用户数终于突破100了,这增长速度实在让人泪奔~ 博客园的朋友如果看到,喜欢的话就拿去用吧, 万能助手 ...

  8. mysql 一看就会 基本语法

    创建表 create table <表名>( <字段名>  类型(长度) not null primary key auto_increment, **主键 name char ...

  9. 离不开的微服务架构,脱不开的RPC细节(值得收藏)!!!

    服务化有什么好处? 服务化的一个好处就是,不限定服务的提供方使用什么技术选型,能够实现大公司跨团队的技术解耦,如下图所示: 服务A:欧洲团队维护,技术背景是Java 服务B:美洲团队维护,用C++实现 ...

  10. 剑指Offer-二维数组查找

    题目:在一个二维数组中(每个一维数组的长度相同),每一行都按照从左到右递增的顺序排序,每一列都按照从上到下递增的顺序排序.请完成一个函数,输入这样的一个二维数组和一个整数,判断数组中是否含有该整数. ...