Integrations

Docker

Connect Conductor to Docker for container, image, volume, network, and Compose management. Covers Docker Desktop, Linux socket permissions, remote hosts, TLS, and all available tools.

Docker Desktop vs Docker Engine

Docker Desktop (Mac and Windows) — bundles the Docker Engine inside a Linux VM. The socket is exposed at /var/run/docker.sock on Mac and npipe:////./pipe/docker_engine on Windows. Must be started manually via the GUI or open /Applications/Docker.app.

Docker Engine (Linux) — runs as a system daemon. Socket is at /var/run/docker.sock and is owned by root/docker group. Starts on boot with systemd.

Platform	Socket path
macOS (Docker Desktop)	/var/run/docker.sock
Linux (Docker Engine)	/var/run/docker.sock
Windows (Docker Desktop)	//./pipe/docker_engine
Remote host (TCP)	tcp://host:2376
Rootless Docker (Linux)	/run/user/1000/docker.sock

Linux socket permissions

On Linux, the Docker socket is owned by root and the docker group. By default, only root can access it. Add your user to the docker group to use Docker without sudo.

linux — grant socket access

# Option 1: Add your user to the docker group (persistent)
sudo usermod -aG docker $USER
# Log out and back in, or run:
newgrp docker

# Option 2: Change socket permissions (not recommended for production)
sudo chmod 666 /var/run/docker.sock

# Verify
docker ps

Members of the docker group have root-equivalent access to the Docker daemon. Only add trusted users to this group.

Remote Docker host

Conductor can connect to a Docker daemon on a remote machine over TCP. Always use TLS when exposing Docker over TCP on a network — an unauthenticated Docker TCP port gives full root access to the host machine.

DOCKER_HOST environment variable

# Set DOCKER_HOST for the current session
export DOCKER_HOST=tcp://192.168.1.100:2376

# With TLS (recommended for remote hosts)
export DOCKER_HOST=tcp://192.168.1.100:2376
export DOCKER_TLS_VERIFY=1
export DOCKER_CERT_PATH=~/.docker/certs/my-remote-host

Docker context

Docker contexts let you save and switch between multiple Docker endpoints. Conductor respects the active Docker context, or you can pin a specific context in the config.

docker context setup

# Create a Docker context for a remote host
docker context create remote-server \
  --docker "host=tcp://192.168.1.100:2376,ca=/path/to/ca.pem,cert=/path/to/cert.pem,key=/path/to/key.pem"

# Use the context
docker context use remote-server

# Conductor picks up the active Docker context automatically
# Or specify explicitly in config with the "context" field:
{
  "plugins": {
    "docker": {
      "context": "remote-server"
    }
  }
}

Conductor config

macOS / Linux

conductor.config.json

{
  "plugins": {
    "docker": {
      "socketPath": "/var/run/docker.sock"
    }
  }
}

Windows

conductor.config.json — windows

{
  "plugins": {
    "docker": {
      "socketPath": "//./pipe/docker_engine"
    }
  }
}

Remote host (TCP + TLS)

conductor.config.json — remote

{
  "plugins": {
    "docker": {
      "host": "tcp://192.168.1.100:2376",
      "tlsCertPath": "/path/to/certs"
    }
  }
}

Available tools

Tool	Description
docker.container.list	List all containers (running and stopped) with status, ports, and image.
docker.container.start	Start a stopped container by container ID or name.
docker.container.stop	Stop a running container. Sends SIGTERM then SIGKILL after timeout.
docker.container.remove	Remove a container. Pass force: true to remove running containers.
docker.container.logs	Stream or fetch recent logs from a container. Supports tail and since filters.
docker.container.exec	Execute a command inside a running container. Returns stdout and stderr.
docker.image.list	List all locally pulled images with ID, tags, and size.
docker.image.pull	Pull an image from a registry by name and optional tag.
docker.image.remove	Remove a local image by ID or name. Pass force: true to remove in-use images.
docker.image.build	Build an image from a Dockerfile path. Streams build output.
docker.volume.list	List all Docker volumes with name, driver, and mount point.
docker.network.list	List all Docker networks with name, driver, and attached containers.
docker.compose.up	Start services defined in a docker-compose.yml file. Equivalent to docker compose up -d.
docker.compose.down	Stop and remove services from a Compose project. Optionally remove volumes.
docker.compose.ps	List status of services in a Compose project.

Running Conductor inside Docker

You can run Conductor itself as a Docker container. Mount the host Docker socket into the container so Conductor can manage the host's Docker daemon. This is sometimes called "Docker-in-Docker" but is actually Docker-outside-Docker — the container uses the host daemon.

docker run — socket mount

# Run Conductor inside Docker, mounting the host Docker socket
docker run -d \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v ~/.conductor:/root/.conductor \
  -p 3000:3000 \
  useconductor/conductor:latest

# The mounted socket lets Conductor control the host's Docker daemon.
# Note: this grants significant privilege — treat it like root access.

Resource constraints

The docker.container.exec tool runs commands inside existing containers and inherits that container's resource limits. The docker.image.build tool streams build output and may take significant time for large images. Conductor does not impose additional CPU or memory limits — those are set in Docker Desktop settings (Mac/Windows) or via cgroup limits on Linux. Set --memory and --cpus flags when creating containers if you need hard limits.

Common errors

Error	Cause	Fix
Cannot connect to Docker daemon	Docker Desktop is not running, or the socket path is wrong.	Start Docker Desktop (Mac/Windows) or start the Docker service (Linux: sudo systemctl start docker). Verify the socket path in config.
permission denied on /var/run/docker.sock	Your user does not have permission to access the Docker socket on Linux.	Add your user to the docker group: sudo usermod -aG docker $USER. Log out and back in.
container already started	Tried to start a container that is already running.	Check container state with docker.container.list before calling start.
no such image	The image name or tag does not exist locally.	Pull the image first with docker.image.pull, or verify the exact name:tag.
port already allocated	Another container or process is already using the host port.	Stop the conflicting container or change the host port mapping.
network not found	The specified Docker network does not exist.	List networks with docker.network.list to find the correct name. Create the network if needed.
No such container	Container ID or name does not exist.	Use docker.container.list to verify the container exists. IDs can be partial (first 12 chars).

All integrations