--api-cors-header | CORS header information for enabling remote API calling. This interface supports the secondary development of upper-layer applications, which sets the CORS header for a remote API. |
--authorization-plugin=[] | Authentication plug-in. |
-b, --bridge="" | Existing bridge device mounting to the docker container. Note: none can be used to disable the network in the container. |
--bip="" | Bridge IP address, which is automatically created using the CIDR address. Note: this parameter cannot be used with -b . |
--cgroup-parent | cgroup parent directory configured for all containers. |
--config-file=/etc/docker/daemon.json | Configuration file for starting Docker daemon. |
--containerd | Socket path of containerd. |
-D, --debug=false | Specifies whether to enable the debugging mode. |
--default-gateway | Default gateway of the container IPv4 address. |
--default-gateway-v6 | Default gateway of the container IPv6 address. |
--default-ulimit=[] | Default ulimit value of the container. |
--disable-legacy-registry | Disables the original registry. |
--dns=[] | DNS server of the forcibly used container. Example: --dns 8.8.x.x |
--dns-opt=[] | DNS option. |
--dns-search=[] | Forcibly searches DNS search domain name used by a container. Example: --dns-search example.com |
--exec-opt=[] | Parameter to be executed when a container is started. For example, set the native.umask parameter. #The umask value of the started container is 0022.--exec-opt native.umask=normal
# The umask value of the started container is 0027 (default value).
--exec-opt native.umask=secure Note: If native.umask is also configured in docker create or docker run command, the configuration in command is used. |
--exec-root=/var/run/docker | Root directory for storing the execution status file. |
--fixed-cidr="" | Fixed IP address (for example, 10.20.0.0/16) of the subnet. The IP address of the subnet must belong to the network bridge. |
--fixed-cidr-v6 | Fixed IPv6 address. |
-G, --group="docker" | Group assigned to the corresponding Unix socket in the background running mode. Note: When an empty string is configured for this parameter, the group information is removed. |
-g, --graph="/var/lib/docker" | The root directory for running docker. |
-H, --host=[] | Socket bound in background mode. One or more sockets can be configured using tcp://host:port, unix:///path to socket, fd://* or fd://socketfd. Example: $ dockerd -H tcp://0.0.0.0:2375 or $ export DOCKER_HOST="tcp://0.0.0.0:2375" |
--insecure-registry=[] | Registry for insecure connections. By default, the Docker uses TLS certificates to ensure security for all connections. If the registry does not support HTTPS connections or the certificate is issued by an unknown certificate authority of the Docker daemon, you need to configure --insecure-registry=192.168.1.110:5000 when starting the daemon. This parameter needs to be configured if a private registry is used. |
--image-layer-check=true | Image layer integrity check. To enable the function, set this parameter to true. Otherwise, set this parameter to false. If this parameter is not configured, the function is disabled by default. When Docker is started, the image layer integrity is checked. If the image layer is damaged, the related images are unavailable. Docker cannot verify empty files, directories, or link files. Therefore, if the preceding files are lost due to a power failure, the integrity check of Docker image data may fail. When the Docker version changes, check whether the parameter is supported. If not supported, delete it from the configuration file. |
--icc=true | Enables communication between containers. |
--ip="0.0.0.0" | Default IP address used when a container is bound to a port. |
--ip-forward=true | Starts the net.ipv4.ip_forward process of the container. |
--ip-masq=true | Enables IP spoofing. |
--iptables=true | Starts the iptables rules defined by the Docker container. |
-l, --log-level=info | Log level. |
--label=[] | Daemon label, in key=value format. |
--log-driver=json-file | Default log driver of container logs. |
--log-opt=map[] | Log drive parameters. |
--mtu=0 | MTU value of the container network. If this parameter is not configured, value of route MTU is used by default. If the default route is not configured, set this parameter to the constant value 1500. |
-p, --pidfile="/var/run/docker.pid" | PID file path of the background process. |
--raw-logs | Logs with all timestamps and without the ANSI color scheme. |
--registry-mirror=[] | Image registry preferentially used by the dockerd. |
-s, --storage-driver="" | Storage driver used when a container is forcibly run. |
--selinux-enabled=false | Enables SELinux. If the kernel version is 3.10.0-862.14 or later, this parameter cannot be set to true. |
--storage-opt=[] | Storage driver parameter. This parameter is valid only when the storage driver is devicemapper. Example: dockerd --storage-opt dm.blocksize=512K |
--tls=false | Enables the TLS authentication. |
--tlscacert="/root/.docker/ca.pem" | Certificate file path that has been authenticated by the CA. |
--tlscert="/root/.docker/cert.pem" | File path of the TLS certificates. |
--tlskey="/root/.docker/key.pem" | File path of TLS keys. |
--tlsverify=false | Verifies the communication between the background processes and the client using TLS. |
--insecure-skip-verify-enforce | Whether to forcibly skip the verification of the certificate host or domain name. The default value is false. |
--use-decrypted-key=true | Whether to use the decryption private key. |
--userland-proxy=true | Whether to use the userland proxy for the container LO device. |
--userns-remap | User namespace-based user mapping table in the container. NOTE: This parameter is not supported in the current version. |