Many people don't realize this, but Docker has a pretty good, and very simple JSON API.
Not only can you connect from anywhere with the docker client, but you can also use any other HTTP(s) speaking tool including curl or even your browser directly.
TLS certificate authentication is supported by the docker daemon by default (it's a flag away), and using that is a lot more secure than using an unauthenticated web UI like this, which is dangerously close to giving root access to your server to anyone who can route to your port.
> which is dangerously close to giving root access to your server to anyone who can route to your port
Part of the reason CoreOS says: "From a security and composability perspective, the Docker process model - where everything runs through a central daemon - is fundamentally flawed ... [Docker is] all compiled into one monolithic binary running primarily as root on your server"[1]
That makes no sense whatsoever. By default the Docker daemon listens only on a local unix socket only accessible to root (and in some distros a separate root-equivalent group).
The CoreOS model relies on running all containers via another centralized daemon: systemd. Feel free to expose an unauthenticated web UI to manage systemd, and see what happens security-wise.
Note: full disclosure, I also downvoted you, not because I disagree with you (that's what the above rebuttal is for), but because based on your prior comments on this topic, you are being deliberately obtuse and aggressive, and no amount of reasonable debate or explanation seems to change that. I look forward to your response (or seeing this comment and all others by me downvoted exactly once) which will probably demonstrate my point.
The beef between us right now is purely over the tactics you choose to employ on HN to perpetuate your product.
We've covered them over and over in other posts, as have others. Yet, you continue to blaze ahead with no change.
You've made no fewer than 3 posts and 1 submission today about Docker, one of which you felt the title and actual content didn't suffice to the extent that you followed it up with a comment "clarifying" the content. Scrolling back through your account, I find it difficult to locate a single conversation you have participated in that is not container and/or Docker related.
Here's a short list of things that bother me regarding your aggressive and often disingenuous tactics:
1) You double speak a lot - You routinely are caught telling people Docker is or is not something today based on future promises that are not realized yet.
2) Your comments are often belittling - Just like your comment above about "that makes no sense whatsoever" -- "and see what happens security-wise", you routinely belittle your users when they disagree with you about anything.
3) Your comments are often backhandedly condescending - You far too often backhandedly make comments that users should commit fixes or shut-up/stop-complaining. As I've pointed out before, not all of your users are engineers -- that does not mean you should ignore and completely disregard their input. In fact, if you had listened to their input, you would have seen CoreOS' announcement coming from a mile away.
4) You inject yourself into every single conversation about containers and Docker - Sometimes it's best to let the community just discuss things. I feel you inject yourself (and often other Docker employees) into the conversation in attempt to take control and steer the conversation into a Docker-beneficial direction. This is both manipulative and disingenuous.
These are just the things off the top of my head. Anyone looking for explicit examples of each should have no problem doing so by browsing through previous comments... they are prevalent.
I must say I expected a less elaborate response, so thanks for that.
EDIT: I initially left a long response that explained why I think your accusations are unfounded. But, on second thought, I think we should spare everyone else and discuss this 1-on-1. My email is s@docker.com, if you contact me I will send you my comment there and we can discuss.
I will simply note here that you have not addressed my initial comment: specifically, that your comment doesn't make sense, and contradicts the technical reality of how Docker and CoreOS work.
Everything you say is true, but it doesn't mean this web ui is not useful, or a bad idea. It just means that it should add authentication :)
Since we are developing Docker's identity and authentication primitives separately from the main binary (https://github.com/docker/libtrust), it would be a cool experiment to try using that in Seagul.
Personally I think this is a cool project, and look forward to seeing it evolve!
I'm the author of seagull. Thanks for all your attention.
Seagull is kind of for developers now and it's insecure at all. We're glad to know more about libtrust and try to add authentication for all kinds of users.
The issue is open and anyone who is interested in it could help to improve it.
Not only can you connect from anywhere with the docker client, but you can also use any other HTTP(s) speaking tool including curl or even your browser directly.
TLS certificate authentication is supported by the docker daemon by default (it's a flag away), and using that is a lot more secure than using an unauthenticated web UI like this, which is dangerously close to giving root access to your server to anyone who can route to your port.