docker-mcp
Provides tools for managing Docker containers, images, volumes, networks, and Compose projects via the Docker Engine API.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@docker-mcplist all running containers"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
docker-mcp
MCP (Model Context Protocol) server wrapping the Docker Engine API. Exposes Docker operations as typed MCP tools, reducing token consumption versus generating CLI commands.
Quick Start
npx docker-mcpOr add to your MCP client config (OpenCode, Claude Desktop, etc.):
{
"mcpServers": {
"docker": {
"command": "npx",
"args": ["docker-mcp"]
}
}
}Related MCP server: MCP Docker Server
Configuration
Configure via environment variables, matching Docker CLI conventions:
Variable | Purpose | Example |
| Docker daemon address |
|
| Enable TLS |
|
| TLS cert directory |
|
Default: Connects to local Docker socket (/var/run/docker.sock).
Connection methods (recommended order)
SSH (preferred):
DOCKER_HOST=ssh://user@host— dockerode handles SSH natively. Pre-populate~/.ssh/known_hoststo avoid host key prompts.TCP + TLS:
DOCKER_HOST=tcp://host:2376withDOCKER_TLS_VERIFY=1andDOCKER_CERT_PATH.Plain TCP:
DOCKER_HOST=tcp://host:2375— warning: unencrypted TCP grants root access to anyone on the network. Only use on trusted LANs.
Authentication
For private registries, prefer pre-configuring credentials:
docker login myregistry.iodockerode reads ~/.docker/config.json automatically. Inline auth parameters are also supported on image_action pull/push, but note that credentials transit the MCP protocol (stdin/stdout).
Tools (17 total)
Container tools
Tool | Description |
| List or inspect containers. Supports filters (status, label), limit, field selection, verbose mode. |
| Start, stop, restart, pause, unpause, or remove containers. |
| Create a container from an image with env, ports, volumes. |
| Get container logs with tail limit (default 100, max 10,000) and timestamps. ANSI codes stripped. |
| Run a command inside a running container. Output capped at 10KB/200 lines. |
Image tools
Tool | Description |
| List or inspect images. Supports dangling filter, field selection. |
| Pull, remove, tag, or push images. Supports registry auth. |
| Build an image from a Dockerfile. |
Volume tools
Tool | Description |
| List or inspect volumes. |
| Create or remove volumes. |
Network tools
Tool | Description |
| List or inspect networks. |
| Create, remove, connect, or disconnect networks. |
Compose tools
Tool | Description |
| Up, down, pull, or stop Compose projects. Fire-and-forget for up (check with |
| List services (ps), validate config, or get logs. |
System tools
Tool | Description |
| Docker disk usage breakdown. |
| Prune unused resources by scope (all, containers, images, volumes, networks, builder). |
Health
Tool | Description |
| Check Docker daemon connectivity and return version info. |
Token Optimization
This server is designed to minimize token consumption:
Default summaries: Query tools return curated fields by default. Use
verbose: truefor full payloads.Field selection: Pass
fields: ["Id", "State.Status"]to get only the data you need.Pagination: Use
limiton list tools to cap result size.Log capping: Logs default to 100 lines (max 10,000). Exec output capped at 10KB/200 lines.
Compact IDs: 12-character IDs by default. Use
fullId: truefor full 64-char IDs.ANSI stripping: All output has ANSI codes stripped server-side.
Tool consolidation: Related operations merged into 17 tools via action enums instead of 35 individual tools.
Security Notes
container_execallows arbitrary command execution in any container — equivalent todocker exec.image_buildaccepts acontextpath — ensure it points to a project directory, not/or/etc.Inline
authcredentials onimage_actiontransit the MCP protocol (stdio). Preferdocker login.Plain TCP Docker sockets grant root access without authentication. Use SSH or TLS when accessing remote hosts.
Development
# Install
npm install
# Dev server with hot reload
npm run dev
# Build
npm run build
# Test
npm test # Unit tests (no Docker needed)
npm run test:integration # Integration tests (requires Docker)
npm run lint # Lint
npm run typecheck # TypeScript check
# Format
npm run formatArchitecture
src/
index.ts — Entrypoint, DI wiring, stdio transport
config.ts — Docker client factory (reads DOCKER_HOST env vars)
error.ts — Centralized error handler with status-code mapper
utils/
compose.ts — Compose arg builder + JSON output parser (pure)
summarize.ts — Token optimization utilities (field projection, ID truncation, ANSI stripping, output capping)
tools/
types.ts — Shared types + tool registration helpers
health.ts — docker_ping (validates pipeline)
containers.ts — 5 container tools
images.ts — 3 image tools
volumes.ts — 2 volume tools
networks.ts — 2 network tools
compose.ts — 2 compose tools
system.ts — 2 system toolsLicense
MIT
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mpgharris/docker-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server