diff --git a/.github/DOCKER_CLI_TEST.md b/.github/DOCKER_CLI_TEST.md
index 01179c4..f4f3bf8 100644
--- a/.github/DOCKER_CLI_TEST.md
+++ b/.github/DOCKER_CLI_TEST.md
@@ -1,6 +1,6 @@
-# Docker CLI Installation Test Procedure
+# Docker Engine Installation Test Procedure
-This document describes how to test the Docker CLI installation feature added with the `INSTALL_EXT=true` build argument.
+This document describes how to test the Docker Engine installation feature added with the `INSTALL_EXT=true` build argument.
## Test 1: Build with INSTALL_EXT=false (default)
@@ -12,7 +12,7 @@ docker build -t mcphub:base .
docker run --rm mcphub:base docker --version
```
-**Expected Result**: `docker: not found` error (Docker CLI is NOT installed)
+**Expected Result**: `docker: not found` error (Docker is NOT installed)
## Test 2: Build with INSTALL_EXT=true
@@ -26,13 +26,44 @@ docker run --rm mcphub:extended docker --version
**Expected Result**: Docker version output (e.g., `Docker version 27.x.x, build xxxxx`)
-## Test 3: Docker-in-Docker Workflow
+## Test 3: Docker-in-Docker with Auto-start Daemon
```bash
# Build with extended features
docker build --build-arg INSTALL_EXT=true -t mcphub:extended .
-# Run with Docker socket mounted
+# Run with privileged mode (allows Docker daemon to start)
+docker run -d \
+ --name mcphub-test \
+ --privileged \
+ -p 3000:3000 \
+ mcphub:extended
+
+# Wait a few seconds for daemon to start
+sleep 5
+
+# Test Docker commands from inside the container
+docker exec mcphub-test docker ps
+docker exec mcphub-test docker images
+docker exec mcphub-test docker info
+
+# Cleanup
+docker stop mcphub-test
+docker rm mcphub-test
+```
+
+**Expected Result**:
+- Docker daemon should auto-start inside the container
+- Docker commands should work without mounting the host's Docker socket
+- `docker info` should show the container's own Docker daemon
+
+## Test 4: Docker-in-Docker with Host Socket (Alternative)
+
+```bash
+# Build with extended features
+docker build --build-arg INSTALL_EXT=true -t mcphub:extended .
+
+# Run with Docker socket mounted (uses host's daemon)
docker run -d \
--name mcphub-test \
-p 3000:3000 \
@@ -48,9 +79,11 @@ docker stop mcphub-test
docker rm mcphub-test
```
-**Expected Result**: Docker commands should work and show the host's containers and images
+**Expected Result**:
+- Docker daemon should NOT auto-start (socket already exists from host)
+- Docker commands should work and show the host's containers and images
-## Test 4: Verify Image Size
+## Test 5: Verify Image Size
```bash
# Build both versions
@@ -63,9 +96,9 @@ docker images mcphub:*
**Expected Result**:
- The `extended` image should be larger than the `base` image
-- The size difference should be reasonable (Docker CLI adds ~60-80MB)
+- The size difference should be reasonable (Docker Engine adds ~100-150MB)
-## Test 5: Architecture Support
+## Test 6: Architecture Support
```bash
# On AMD64/x86_64
@@ -77,12 +110,15 @@ docker build --build-arg INSTALL_EXT=true --platform linux/arm64 -t mcphub:exten
**Expected Result**:
- Both builds should succeed
-- AMD64 includes Chrome/Playwright + Docker CLI
-- ARM64 includes Docker CLI only (Chrome installation is skipped)
+- AMD64 includes Chrome/Playwright + Docker Engine
+- ARM64 includes Docker Engine only (Chrome installation is skipped)
## Notes
-- The Docker CLI installation follows the official Docker documentation
+- The Docker Engine installation follows the official Docker documentation
+- Includes full Docker daemon (`dockerd`), CLI (`docker`), and containerd
+- The daemon auto-starts when running in privileged mode
- The installation uses the Debian Bookworm repository
- All temporary files are cleaned up to minimize image size
- The feature is opt-in via the `INSTALL_EXT` build argument
+- `iptables` is installed as it's required for Docker networking
diff --git a/Dockerfile b/Dockerfile
index b898406..0d89081 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,15 +22,15 @@ RUN if [ "$INSTALL_EXT" = "true" ]; then \
else \
echo "Skipping Chrome installation on non-amd64 architecture: $ARCH"; \
fi; \
- # Install Docker CLI \
+ # Install Docker Engine (includes CLI and daemon) \
apt-get update && \
- apt-get install -y ca-certificates curl && \
+ apt-get install -y ca-certificates curl iptables && \
install -m 0755 -d /etc/apt/keyrings && \
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && \
chmod a+r /etc/apt/keyrings/docker.asc && \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \
apt-get update && \
- apt-get install -y docker-ce-cli && \
+ apt-get install -y docker-ce docker-ce-cli containerd.io && \
apt-get clean && rm -rf /var/lib/apt/lists/*; \
fi
diff --git a/docs/configuration/docker-setup.mdx b/docs/configuration/docker-setup.mdx
index c33605f..d01e90e 100644
--- a/docs/configuration/docker-setup.mdx
+++ b/docs/configuration/docker-setup.mdx
@@ -46,10 +46,18 @@ docker run -d \
The Docker image supports an `INSTALL_EXT` build argument to include additional tools:
```bash
-# Build with extended features (includes Docker CLI, Chrome/Playwright)
+# Build with extended features (includes Docker Engine, Chrome/Playwright)
docker build --build-arg INSTALL_EXT=true -t mcphub:extended .
-# Run the container with Docker socket mounted (for Docker-in-Docker workflows)
+# Option 1: Run with automatic Docker-in-Docker (requires privileged mode)
+docker run -d \
+ --name mcphub \
+ --privileged \
+ -p 3000:3000 \
+ -v $(pwd)/mcp_settings.json:/app/mcp_settings.json \
+ mcphub:extended
+
+# Option 2: Run with Docker socket mounted (use host's Docker daemon)
docker run -d \
--name mcphub \
-p 3000:3000 \
@@ -57,20 +65,24 @@ docker run -d \
-v /var/run/docker.sock:/var/run/docker.sock \
mcphub:extended
-# Verify Docker CLI is available
+# Verify Docker is available
docker exec mcphub docker --version
+docker exec mcphub docker ps
```
**What's included with INSTALL_EXT=true:**
- - **Docker CLI**: For container management and Docker-based workflows
+ - **Docker Engine**: Full Docker daemon with CLI for container management. The daemon auto-starts when the container runs in privileged mode.
- **Chrome/Playwright** (amd64 only): For browser automation tasks
The extended image is larger but provides additional capabilities for advanced use cases.
- When mounting the Docker socket (`/var/run/docker.sock`), the container gains access to the host's Docker daemon. Only use this in trusted environments.
+ **Docker-in-Docker Security Considerations:**
+ - **Privileged mode** (`--privileged`): Required for the Docker daemon to start inside the container. This gives the container elevated permissions on the host.
+ - **Docker socket mounting** (`/var/run/docker.sock`): Gives the container access to the host's Docker daemon. Both approaches should only be used in trusted environments.
+ - For production, consider using Docker socket mounting instead of privileged mode for better security.
## Docker Compose Setup
diff --git a/docs/zh/configuration/docker-setup.mdx b/docs/zh/configuration/docker-setup.mdx
index 584be04..8d90997 100644
--- a/docs/zh/configuration/docker-setup.mdx
+++ b/docs/zh/configuration/docker-setup.mdx
@@ -46,10 +46,18 @@ docker run -d \
Docker 镜像支持 `INSTALL_EXT` 构建参数以包含额外工具:
```bash
-# 构建扩展功能版本(包含 Docker CLI、Chrome/Playwright)
+# 构建扩展功能版本(包含 Docker 引擎、Chrome/Playwright)
docker build --build-arg INSTALL_EXT=true -t mcphub:extended .
-# 运行容器并挂载 Docker socket(用于 Docker-in-Docker 工作流)
+# 方式 1: 使用自动 Docker-in-Docker(需要特权模式)
+docker run -d \
+ --name mcphub \
+ --privileged \
+ -p 3000:3000 \
+ -v $(pwd)/mcp_settings.json:/app/mcp_settings.json \
+ mcphub:extended
+
+# 方式 2: 挂载 Docker socket(使用宿主机的 Docker 守护进程)
docker run -d \
--name mcphub \
-p 3000:3000 \
@@ -57,20 +65,24 @@ docker run -d \
-v /var/run/docker.sock:/var/run/docker.sock \
mcphub:extended
-# 验证 Docker CLI 可用
+# 验证 Docker 可用
docker exec mcphub docker --version
+docker exec mcphub docker ps
```
**INSTALL_EXT=true 包含的功能:**
- - **Docker CLI**:用于容器管理和基于 Docker 的工作流
+ - **Docker 引擎**:完整的 Docker 守护进程和 CLI,用于容器管理。在特权模式下运行时,守护进程会自动启动。
- **Chrome/Playwright**(仅 amd64):用于浏览器自动化任务
扩展镜像较大,但为高级用例提供了额外功能。
- 挂载 Docker socket(`/var/run/docker.sock`)时,容器将获得访问主机 Docker 守护进程的权限。仅在可信环境中使用此功能。
+ **Docker-in-Docker 安全注意事项:**
+ - **特权模式**(`--privileged`):容器内启动 Docker 守护进程需要此权限。这会授予容器在宿主机上的提升权限。
+ - **Docker socket 挂载**(`/var/run/docker.sock`):使容器可以访问宿主机的 Docker 守护进程。两种方式都应仅在可信环境中使用。
+ - 生产环境建议使用 Docker socket 挂载而非特权模式,以提高安全性。
## Docker Compose 设置
diff --git a/entrypoint.sh b/entrypoint.sh
index 03f3d71..d4f7382 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -4,7 +4,7 @@ NPM_REGISTRY=${NPM_REGISTRY:-https://registry.npmjs.org/}
echo "Setting npm registry to ${NPM_REGISTRY}"
npm config set registry "$NPM_REGISTRY"
-# 处理 HTTP_PROXY 和 HTTPS_PROXY 环境变量
+# Handle HTTP_PROXY and HTTPS_PROXY environment variables
if [ -n "$HTTP_PROXY" ]; then
echo "Setting HTTP proxy to ${HTTP_PROXY}"
npm config set proxy "$HTTP_PROXY"
@@ -19,4 +19,33 @@ fi
echo "Using REQUEST_TIMEOUT: $REQUEST_TIMEOUT"
+# Auto-start Docker daemon if Docker is installed
+if command -v dockerd >/dev/null 2>&1; then
+ echo "Docker daemon detected, starting dockerd..."
+
+ # Create docker directory if it doesn't exist
+ mkdir -p /var/lib/docker
+
+ # Start dockerd in the background
+ dockerd --host=unix:///var/run/docker.sock --storage-driver=vfs > /var/log/dockerd.log 2>&1 &
+
+ # Wait for Docker daemon to be ready
+ echo "Waiting for Docker daemon to be ready..."
+ TIMEOUT=15
+ ELAPSED=0
+ while ! docker info >/dev/null 2>&1; do
+ if [ $ELAPSED -ge $TIMEOUT ]; then
+ echo "WARNING: Docker daemon failed to start within ${TIMEOUT} seconds"
+ echo "Check /var/log/dockerd.log for details"
+ break
+ fi
+ sleep 1
+ ELAPSED=$((ELAPSED + 1))
+ done
+
+ if docker info >/dev/null 2>&1; then
+ echo "Docker daemon started successfully"
+ fi
+fi
+
exec "$@"