From 65c2a7c3da99ebd57ecb76d3beb9fcc0f190e13b Mon Sep 17 00:00:00 2001
From: Justin Tyberg <jtyberg@us.ibm.com>
Date: Mon, 9 May 2016 19:59:26 -0400
Subject: [PATCH] Connect to Docker daemon on host through Unix socket.

Use Unix socket on host to communicate with daemon instead of
setting DOCKER_HOST and connecting using TLS over public IP.

(c) Copyright IBM Corp. 2016
---
 docker-compose.yml   | 11 +++--------
 jupyterhub_config.py |  4 ----
 2 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 5930d2cc..611eb6e7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,19 +15,14 @@ services:
       # Bind Docker binary from host machine so we can invoke Docker commands
       # from inside container
       - "/usr/local/bin/docker:/usr/local/bin/docker:ro"
-      # Bind Docker TLS certs from host machine so we can authenticate with the
-      # daemon on the host (DOCKER_HOST should be set to host's IP)
-      - "/etc/docker:/etc/docker:ro"
+      # Bind Docker socket on the host so we can connect to the daemon from
+      # within the container
+      - "/var/run/docker.sock:/var/run/docker.sock:rw"
       # Bind Docker volume on host for JupyterHub database and cookie secrets
       - "data:${DATA_VOLUME_CONTAINER}"
     ports:
       - "443:443"
     environment:
-      # Pass DOCKER_HOST to container to allow it to connect to daemon on host
-      DOCKER_HOST: ${DOCKER_HOST}
-      # Locations of TLS certificate and key needed to auth with daemon on host
-      DOCKER_TLS_CERT: "/etc/docker/server.pem"
-      DOCKER_TLS_KEY: "/etc/docker/server-key.pem"
       # All containers will join this network
       DOCKER_NETWORK_NAME: ${DOCKER_NETWORK_NAME}
       # JupyterHub will spawn this Notebook image for users
diff --git a/jupyterhub_config.py b/jupyterhub_config.py
index 8591aacf..982d843f 100644
--- a/jupyterhub_config.py
+++ b/jupyterhub_config.py
@@ -39,10 +39,6 @@
 c.DockerSpawner.extra_create_kwargs.update({ 'volume_driver': 'local' })
 # Remove containers once they are stopped
 c.DockerSpawner.remove_containers = True
-# Specify paths to TLS certificate and key used to authenticate to Docker
-# daemon at DOCKER_HOST
-c.DockerSpawner.tls_cert = os.environ['DOCKER_TLS_CERT']
-c.DockerSpawner.tls_key = os.environ['DOCKER_TLS_KEY']
 # For debugging arguments passed to spawned containers
 c.DockerSpawner.debug = True