Docker MCP Server

A Model Context Protocol (MCP) server that runs entirely inside a Docker container, providing secure command execution and file operations through HTTP with bearer token authentication.

🚀 Features

• Containerized MCP Server: Runs entirely inside Docker with no host dependencies

• HTTP Transport: Network-based communication with bearer token authentication

• Secure Command Execution: Run shell commands in isolated container environment

• File Operations: Read, write, edit, and search files within container workspace

• Process Management: Track long-running processes with unique IDs

• Interactive Input: Send input to running processes

• Smart Timeouts: Intelligent process timeout handling based on output activity

Related MCP server: Shell Command MCP Server

🏗️ Architecture

The MCP server runs inside a Docker container and communicates with clients over HTTP:

MCP Client (via HTTP) ↔ Docker Container (Port 3000)
                              ↓
                        MCP Server (Node.js)
                              ↓
                    Workspace (/app/workspace)
                              ↓
                    Host ./tmp directory (mounted)

Core Components

• Containerized MCP Server - TypeScript server using @modelcontextprotocol/sdk with StreamableHTTPServerTransport

• HTTP API - Network-based communication on port 3000

• Bearer Token Auth - Secure authentication for all requests

• Docker Container - Debian-based with Node.js, Playwright, and development tools

• Workspace Mount - Host ./tmp directory mounted to /app/workspace

• Process Tracking - Background process management with unique IDs

Key Differences from Traditional MCP Servers

• No Host Installation: Server runs entirely in container

• Network Access: HTTP-based instead of stdio transport

• Authentication Required: Bearer token for all requests

• Self-Contained: All dependencies bundled in container image

• Direct Execution: No docker exec overhead

📋 Prerequisites

• Docker installed and running

• Docker Compose for container management

• Node.js (v18 or higher) for local development only

🚀 Quick Start

1. Clone and Setup

git clone <your-repository-url>
cd docker-mcp

2. Start the Server

# Quick start: reset environment and start server
./reset-docker.sh

# Or manually:
npm run docker:build    # Build container with server code
npm run docker:up       # Start container
npm run docker:logs     # View logs and get auth token

3. Get Connection Info

The server logs display the authentication token and connection details:

npm run docker:logs

Look for output like:

============================================================
Docker MCP Server Starting
============================================================
Port: 3000
Auth Token: abc123-def456-ghi789
============================================================

4. Test Connection

# Test with curl
curl -H "Authorization: Bearer YOUR_TOKEN_HERE" \
     http://localhost:3000

# View server logs
npm run docker:logs

🔧 Development Commands

Docker Operations

# Build the container image with server code
npm run docker:build

# Start the containerized MCP server
npm run docker:up

# Stop the container
npm run docker:down

# View server logs (includes auth token)
npm run docker:logs

# Rebuild and restart (after code changes)
npm run docker:restart

# Open bash shell in container
npm run docker:shell

# Complete reset (clean workspace and rebuild)
./reset-docker.sh

Local Development

# Build TypeScript (for development/testing only)
npm run build

# Install/update dependencies
npm install

⚙️ MCP Client Configuration

Configuration Format

MCP clients need to connect via HTTP with bearer token authentication:

{
  "url": "http://localhost:3000",
  "headers": {
    "Authorization": "Bearer YOUR_TOKEN_FROM_LOGS"
  }
}

Important:

• Get the auth token from container logs: npm run docker:logs

• Token is auto-generated on each container start

• Token must be included in the Authorization header with Bearer prefix

Claude Desktop Configuration

Add to your Claude Desktop configuration file:

Location:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

• Windows: %APPDATA%/Claude/claude_desktop_config.json

Configuration:

{
  "mcpServers": {
    "docker-mcp": {
      "url": "http://localhost:3000",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN_FROM_LOGS"
      }
    }
  }
}

Note: Replace YOUR_TOKEN_FROM_LOGS with the actual token from npm run docker:logs

Getting Your Authentication Token

1. Start the server: npm run docker:up

2. View logs: npm run docker:logs

3. Copy the token from the output

4. Update your client configuration with the token

5. Restart your MCP client

Verification

After configuration:

1. Restart your MCP client (e.g., Claude Desktop)

2. Check that the Docker MCP server shows as connected

3. Verify access to all available tools

🛠️ Available MCP Tools

🚀 Command Execution

execute_command

Execute shell commands inside the container

Execute any shell command within the container environment with intelligent process tracking.

Parameters:

• command (string) - The shell command to execute

• rationale (string) - Explanation of why this command is being executed

• maxWaitTime (number, optional) - Maximum seconds to wait before returning (default: 20)

Features:

• Automatic backgrounding for long-running processes

• Smart timeout based on output activity

• Process ID returned for monitoring

• Real-time output capture

check_process

Monitor background processes by ID

Check the status and output of background processes started by execute_command.

Parameters:

• processId (string) - The process ID returned by a long-running command

• rationale (string) - Explanation of why you need to check this process

Returns:

• Process status (running/completed)

• Current output (stdout/stderr)

• Exit code (if completed)

• Runtime duration

send_input

Send input to running background processes

Send input data to interactive processes waiting for user input.

Parameters:

• processId (string) - The process ID of the running process

• input (string) - The input to send to the process

• rationale (string) - Explanation of why you need to send input

• autoNewline (boolean, optional) - Auto-add newline (default: true)

📁 File Operations

All file operations work within /app/workspace which is mounted from host ./tmp.

file_read

Read files from container filesystem

Read file contents with support for large files through pagination.

Parameters:

• filePath (string) - Path relative to /app/workspace

• rationale (string) - Explanation of why you need to read this file

• offset (number, optional) - Starting line number (default: 0)

• limit (number, optional) - Maximum lines to read (default: 2000)

file_write

Create or overwrite files

Write content to files with automatic directory creation.

Parameters:

• filePath (string) - Path relative to /app/workspace

• content (string) - The content to write

• rationale (string) - Explanation of why you need to write this file

Important: Use file_read first to understand current state.

file_edit

Perform exact string replacements

Edit files using precise string matching with backup protection.

Parameters:

• filePath (string) - Path relative to /app/workspace

• oldString (string) - The exact text to replace

• newString (string) - The replacement text

• rationale (string) - Explanation of why you need to edit this file

• replaceAll (boolean, optional) - Replace all occurrences (default: false)

Important: Use file_read first to get the exact text to match.

file_ls

List directory contents

List files and directories with intelligent filtering.

Parameters:

• path (string, optional) - Directory path (default: current directory)

• rationale (string) - Explanation of why you need to list this directory

• ignore (array, optional) - Glob patterns to ignore

file_grep

Search file contents

Search for patterns in files using grep with regex support.

Parameters:

• pattern (string) - Search pattern (supports regex)

• rationale (string) - Explanation of why you need to search

• path (string, optional) - Directory to search (default: current)

• include (string, optional) - File pattern filter (e.g., '*.js')

• caseInsensitive (boolean, optional) - Case insensitive (default: false)

• maxResults (number, optional) - Result limit (default: 100)

📊 Process Management

Commands run with intelligent timeout handling:

• Default timeout: 20 seconds of inactivity before backgrounding

• Maximum timeout: 10 minutes absolute limit

• Process tracking: Background processes get unique IDs for monitoring

• Smart waiting: Based on output activity, not fixed intervals

Example Process Flow

// Long-running command gets backgrounded automatically
const result1 = execute_command({
  command: "npm install",
  rationale: "Installing dependencies"
});
// Returns process ID if backgrounded

// Check status later
const result2 = check_process({
  processId: result1.processId,
  rationale: "Checking installation progress"
});

// Send input to interactive processes
send_input({
  processId: result1.processId,
  input: "y",
  rationale: "Confirming prompt"
});

🔒 Security Considerations

Authentication

• Bearer Token Required: All requests must include valid bearer token

• Auto-Generated Token: New token generated on each container start

• Token Rotation: Restart container to generate new token

• CORS Enabled: Allows cross-origin requests (consider restricting in production)

Container Isolation

• Network Isolation: Container exposed only on port 3000

• Workspace Mount: Only ./tmp directory accessible from host

• User Permissions: Commands run with container-level permissions

• No Host Access: Server cannot access host filesystem outside mount

Recommended Security Practices

1. Token Management: Keep authentication tokens secure and private

2. Network Restrictions: Use firewall rules to limit access to port 3000

3. Workspace Isolation: Regularly audit ./tmp directory contents

4. Resource Limits: Add CPU and memory constraints in docker-compose.yml

5. Access Logs: Monitor container logs for suspicious activity

🚨 Troubleshooting

Server Won't Start

# Check Docker is running
docker info

# View container logs for errors
npm run docker:logs

# Verify port 3000 is available
lsof -i :3000  # macOS/Linux
netstat -ano | findstr :3000  # Windows

# Complete reset
npm run docker:down
./reset-docker.sh

Can't Connect to Server

# Verify container is running
docker ps | grep mcp-container

# Check server logs for auth token
npm run docker:logs

# Ensure correct URL
curl -H "Authorization: Bearer YOUR_TOKEN" http://localhost:3000

# Restart container
npm run docker:restart

Code Changes Not Reflected

# Remember: server code is built into container image
# After changing TypeScript code, you MUST rebuild:
npm run docker:restart

# Or manually:
npm run docker:down
npm run docker:build
npm run docker:up

Authentication Failed

# Get current auth token from logs
npm run docker:logs

# Verify token format in client config
# Must be: "Bearer YOUR_TOKEN" (with "Bearer " prefix)

# Token changes on restart - update client config

Permission Errors in Workspace

# Ensure tmp directory exists and is writable
mkdir -p tmp
chmod 755 tmp

# Reset workspace
rm -rf tmp && mkdir tmp

Process Timeout Issues

• Increase maxWaitTime parameter in execute_command

• Use check_process to monitor long-running operations

• Break complex operations into smaller steps

• Check container resources: docker stats mcp-container

🤝 Contributing

1. Fork the repository

2. Create a feature branch (git checkout -b feature/amazing-feature)

3. Make your changes in src/

4. Test with npm run docker:restart

5. Commit your changes (git commit -m 'Add amazing feature')

6. Push to the branch (git push origin feature/amazing-feature)

7. Open a Pull Request

Development Guidelines

• Follow TypeScript best practices

• Add comprehensive error handling

• Include rationale parameters for all tool operations

• Test with both quick and long-running commands

• Document any new MCP tools or capabilities

• Test authentication and security features

📦 Deployment

Local Deployment

# Production deployment
docker-compose up -d

# View production logs
docker-compose logs -f mcp-container

# Auto-restart on failure
# (already configured with restart: unless-stopped)

Custom Configuration

# docker-compose.yml
services:
  mcp-container:
    environment:
      - NODE_ENV=production
      - AUTH_TOKEN=your-custom-token  # Optional: set custom token
    ports:
      - "3000:3000"  # Change port mapping if needed
    volumes:
      - ./custom-workspace:/app/workspace

Environment Variables

• NODE_ENV: Set to production for production deployment

• Port: Configure via CLI flag --port 3000

• Token: Set via CLI flag --token your-token (auto-generated if not set)

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙋‍♂️ Support

• 🐛 Bug Reports: Open an issue with detailed reproduction steps

• 💡 Feature Requests: Open an issue with your use case

• 📖 Documentation: Check CLAUDE.md for AI assistant specific guidance

• 💬 Questions: Open a discussion for general questions

📚 Additional Resources

• Model Context Protocol Documentation

• MCP TypeScript SDK

• Docker Documentation

Built for the Model Context Protocol ecosystem 🤖

Features:

• ✅ HTTP Transport with Bearer Token Auth

• ✅ Containerized Architecture

• ✅ Process Management

• ✅ File Operations

• ✅ Network Accessible

• ✅ Production Ready