Docker (TLS)
What is Port 2376?
Port 2376 is the default port for the Docker daemon API with TLS encryption and mutual authentication. When Docker is configured with --tlsverify, both the client and server must present valid TLS certificates to establish a connection. This provides encrypted communication and ensures only authorized clients can manage Docker resources. Port 2376 is the recommended way to expose the Docker daemon for remote management. Docker Machine, Docker contexts, and CI/CD systems can be configured to use TLS-authenticated connections on this port. The TLS setup requires generating CA, server, and client certificates.
Common Uses
- Secure remote Docker daemon management
- Docker Swarm manager communication
- CI/CD pipeline secure Docker access
- Container orchestration with mutual TLS
Technical Details
Copy-paste commands to check port 2376 (Docker (TLS)) from your terminal
Test connectivity
nc -zv example.com 2376
curl -v --max-time 5 http://example.com:2376/
telnet example.com 2376
nmap -p 2376 -sV example.com
(echo > /dev/tcp/example.com/2376) 2>/dev/null && echo "open" || echo "closed"
Open port in firewall
sudo ufw allow 2376/tcp
sudo iptables -A INPUT -p tcp --dport 2376 -j ACCEPT
sudo firewall-cmd --permanent --add-port=2376/tcp && sudo firewall-cmd --reload
Security Considerations
While much safer than port 2375, TLS Docker access still provides full control over the host via container operations. Use strong certificates, short-lived client certificates, and certificate revocation. Restrict access via firewall rules to known management IPs. Monitor Docker daemon logs for unauthorized access attempts. Consider Kubernetes RBAC for finer-grained access control.
Popular Ports Reference
The most commonly used and referenced network ports