Is there a good way to expose the Docker daemon socket? Read-only would be fine, and in fact preferred. As would TLS-only. It seems like /etc/docker/daemon.json gets overwritten on boot, and that’s the main way I know to expose it. I’m trying to get Uptime Kuma to monitor the health of my containers, where Kuma is running on another device in my network.
Oftentimes, containers will expose a health check endpoint. Uptime kuma can then http check this endpoint.
I generally just check the UI index page of o don’t know the health check endpoint.
Yeah, I’m hitting the web-ui for the ones that have one for now. Tailscaled doesn’t, but I can check if I can ping the tailscale hostname for the machine. Still, it’d be nice if I could be consistent with how I check local services vs remote ones. Plus there’s a minor concern that a service’s web UI could be up, but the container could still be unhealthy (i.e. a not fatal issue). That might be ignorable in practice, though.