Support connecting to docker host via ssh

[Gibby]

Per https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option starting in Docker version 18.09 the following can be used to connect to a remote docker host:

$ docker -H ssh://me@example.com:22 ps
$ docker -H ssh://me@example.com ps
$ docker -H ssh://example.com ps

When I tried to specify ssh://me@example.com in the URL, I get the following error:

2020-10-07 12:33:25 ERROR (Thread-6) [custom_components.monitor_docker.helpers] Can not connect to Docker API (Missing protocol scheme in docker_host.)                                                       
Traceback (most recent call last):
  File "/config/custom_components/monitor_docker/helpers.py", line 140, in __init__                    
    self._api = aiodocker.Docker(url=url)
  File "/usr/local/lib/python3.8/site-packages/aiodocker/docker.py", line 125, in __init__             
    raise ValueError("Missing protocol scheme in docker_host.")                                        
ValueError: Missing protocol scheme in docker_host. 

[ualex73]

The underlying library used for the Docker API doesn't support the "ssh://" option, sorry. You need to use tcp with certificates for security.

[Garulf]

I was able to work around this limitation using socat over SSH.

Instructions here: https://serverfault.com/a/362833

Just incase anyone else is in a similar situation

[SciLor]

For a bit more convenience, I created a systemd daemon

Do everything as root. location: /etc/systemd/system/docker-remote-sock@.service

Description=Setup a secure tunnel for docker.sock to %i
After=network.target

[Service]
Group=docker
ExecStart=ssh -o StreamLocalBindUnlink=yes -o StreamLocalBindMask=0117 -nNT -L /var/run/docker.%i.sock:/var/run/docker.sock %i

RestartSec=30
Restart=always

[Install]
WantedBy=multi-user.target

Enable it on boot with systemctl enable docker-remote-sock@server Be sure you have placed the id_rsa.pub into the authorized_keys file for the root of the other server, so no login is needed.