AI Client → http://your-server:8811/sse → docker-mcp gateway → MCP containers
AI Client → http://your-server:8811/sse → docker-mcp gateway → MCP containers
AI Client → http://your-server:8811/sse → docker-mcp gateway → MCP containers
# Create the CLI plugins directory
sudo mkdir -p /usr/local/lib/docker/cli-plugins # Download the binary for your architecture
# arm64 (Raspberry Pi 4/5, Apple Silicon VMs):
sudo curl -fsSL \ https://github.com/docker/mcp-gateway/releases/download/v0.41.0/docker-mcp-linux-arm64.tar.gz \ | sudo tar -xz -C /usr/local/lib/docker/cli-plugins/ # amd64 (regular x86 server):
sudo curl -fsSL \ https://github.com/docker/mcp-gateway/releases/download/v0.41.0/docker-mcp-linux-amd64.tar.gz \ | sudo tar -xz -C /usr/local/lib/docker/cli-plugins/ sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-mcp # Verify
docker mcp --version
# Create the CLI plugins directory
sudo mkdir -p /usr/local/lib/docker/cli-plugins # Download the binary for your architecture
# arm64 (Raspberry Pi 4/5, Apple Silicon VMs):
sudo curl -fsSL \ https://github.com/docker/mcp-gateway/releases/download/v0.41.0/docker-mcp-linux-arm64.tar.gz \ | sudo tar -xz -C /usr/local/lib/docker/cli-plugins/ # amd64 (regular x86 server):
sudo curl -fsSL \ https://github.com/docker/mcp-gateway/releases/download/v0.41.0/docker-mcp-linux-amd64.tar.gz \ | sudo tar -xz -C /usr/local/lib/docker/cli-plugins/ sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-mcp # Verify
docker mcp --version
# Create the CLI plugins directory
sudo mkdir -p /usr/local/lib/docker/cli-plugins # Download the binary for your architecture
# arm64 (Raspberry Pi 4/5, Apple Silicon VMs):
sudo curl -fsSL \ https://github.com/docker/mcp-gateway/releases/download/v0.41.0/docker-mcp-linux-arm64.tar.gz \ | sudo tar -xz -C /usr/local/lib/docker/cli-plugins/ # amd64 (regular x86 server):
sudo curl -fsSL \ https://github.com/docker/mcp-gateway/releases/download/v0.41.0/docker-mcp-linux-amd64.tar.gz \ | sudo tar -xz -C /usr/local/lib/docker/cli-plugins/ sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-mcp # Verify
docker mcp --version
docker pass has not been installed
docker pass has not been installed
docker pass has not been installed
# arm64:
sudo curl -fsSL \ https://github.com/docker/docker-credential-helpers/releases/download/v0.9.5/docker-credential-pass-v0.9.5.linux-arm64 \ -o /usr/local/bin/docker-credential-pass # amd64:
sudo curl -fsSL \ https://github.com/docker/docker-credential-helpers/releases/download/v0.9.5/docker-credential-pass-v0.9.5.linux-amd64 \ -o /usr/local/bin/docker-credential-pass sudo chmod +x /usr/local/bin/docker-credential-pass
# arm64:
sudo curl -fsSL \ https://github.com/docker/docker-credential-helpers/releases/download/v0.9.5/docker-credential-pass-v0.9.5.linux-arm64 \ -o /usr/local/bin/docker-credential-pass # amd64:
sudo curl -fsSL \ https://github.com/docker/docker-credential-helpers/releases/download/v0.9.5/docker-credential-pass-v0.9.5.linux-amd64 \ -o /usr/local/bin/docker-credential-pass sudo chmod +x /usr/local/bin/docker-credential-pass
# arm64:
sudo curl -fsSL \ https://github.com/docker/docker-credential-helpers/releases/download/v0.9.5/docker-credential-pass-v0.9.5.linux-arm64 \ -o /usr/local/bin/docker-credential-pass # amd64:
sudo curl -fsSL \ https://github.com/docker/docker-credential-helpers/releases/download/v0.9.5/docker-credential-pass-v0.9.5.linux-amd64 \ -o /usr/local/bin/docker-credential-pass sudo chmod +x /usr/local/bin/docker-credential-pass
sudo tee /usr/local/lib/docker/cli-plugins/docker-pass > /dev/null << 'EOF'
#!/bin/bash
if [[ "$1" == "docker-cli-plugin-metadata" ]]; then echo '{"SchemaVersion":"0.1.0","Vendor":"Docker","Version":"v1.0.0","ShortDescription":"Docker Pass secrets helper"}' exit 0
fi
exec docker-credential-pass "$@"
EOF sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-pass
sudo tee /usr/local/lib/docker/cli-plugins/docker-pass > /dev/null << 'EOF'
#!/bin/bash
if [[ "$1" == "docker-cli-plugin-metadata" ]]; then echo '{"SchemaVersion":"0.1.0","Vendor":"Docker","Version":"v1.0.0","ShortDescription":"Docker Pass secrets helper"}' exit 0
fi
exec docker-credential-pass "$@"
EOF sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-pass
sudo tee /usr/local/lib/docker/cli-plugins/docker-pass > /dev/null << 'EOF'
#!/bin/bash
if [[ "$1" == "docker-cli-plugin-metadata" ]]; then echo '{"SchemaVersion":"0.1.0","Vendor":"Docker","Version":"v1.0.0","ShortDescription":"Docker Pass secrets helper"}' exit 0
fi
exec docker-credential-pass "$@"
EOF sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-pass
docker info --format '{{.ClientInfo.Plugins}}' | tr ',' '\n' | grep pass
# Should show: ...pass /usr/local/lib/docker/cli-plugins/docker-pass...
docker info --format '{{.ClientInfo.Plugins}}' | tr ',' '\n' | grep pass
# Should show: ...pass /usr/local/lib/docker/cli-plugins/docker-pass...
docker info --format '{{.ClientInfo.Plugins}}' | tr ',' '\n' | grep pass
# Should show: ...pass /usr/local/lib/docker/cli-plugins/docker-pass...
docker pull mcp/playwright:latest
docker pull mcp/playwright:latest
docker pull mcp/playwright:latest
# On the source machine:
docker save mcp/my-server:latest | ssh your-linux-host "docker load"
# On the source machine:
docker save mcp/my-server:latest | ssh your-linux-host "docker load"
# On the source machine:
docker save mcp/my-server:latest | ssh your-linux-host "docker load"
mkdir -p ~/.docker/mcp/catalogs
mkdir -p ~/.docker/mcp/catalogs
mkdir -p ~/.docker/mcp/catalogs
cat > ~/.docker/mcp/registry.yaml << 'EOF'
registry: playwright: ref: "" my-server: ref: ""
EOF
cat > ~/.docker/mcp/registry.yaml << 'EOF'
registry: playwright: ref: "" my-server: ref: ""
EOF
cat > ~/.docker/mcp/registry.yaml << 'EOF'
registry: playwright: ref: "" my-server: ref: ""
EOF
cat > ~/.docker/mcp/catalog.json << 'EOF'
{ "catalogs": { "docker-mcp": { "displayName": "Docker MCP Catalog", "url": "https://desktop.docker.com/mcp/catalog/v2/catalog.yaml" }, "my-catalog": { "displayName": "My Custom Servers", "url": "/home/youruser/.docker/mcp/catalogs/my-catalog.yaml" } }
}
EOF
cat > ~/.docker/mcp/catalog.json << 'EOF'
{ "catalogs": { "docker-mcp": { "displayName": "Docker MCP Catalog", "url": "https://desktop.docker.com/mcp/catalog/v2/catalog.yaml" }, "my-catalog": { "displayName": "My Custom Servers", "url": "/home/youruser/.docker/mcp/catalogs/my-catalog.yaml" } }
}
EOF
cat > ~/.docker/mcp/catalog.json << 'EOF'
{ "catalogs": { "docker-mcp": { "displayName": "Docker MCP Catalog", "url": "https://desktop.docker.com/mcp/catalog/v2/catalog.yaml" }, "my-catalog": { "displayName": "My Custom Servers", "url": "/home/youruser/.docker/mcp/catalogs/my-catalog.yaml" } }
}
EOF
registry: my-server: title: My MCP Server description: Does something useful image: mcp/my-server:latest type: server tools: [] secrets: - name: my-server.api_key env: API_KEY description: API key for the service - name: my-server.username env: USERNAME description: Your username
name: my-catalog
displayName: My Catalog
registry: my-server: title: My MCP Server description: Does something useful image: mcp/my-server:latest type: server tools: [] secrets: - name: my-server.api_key env: API_KEY description: API key for the service - name: my-server.username env: USERNAME description: Your username
name: my-catalog
displayName: My Catalog
registry: my-server: title: My MCP Server description: Does something useful image: mcp/my-server:latest type: server tools: [] secrets: - name: my-server.api_key env: API_KEY description: API key for the service - name: my-server.username env: USERNAME description: Your username
name: my-catalog
displayName: My Catalog
# Create the secrets file
cat > ~/.docker/mcp/secrets.env << 'EOF'
my-server.api_key=your-api-key-here
my-server.username=your-username
EOF # Restrict permissions — only your user can read it
chmod 600 ~/.docker/mcp/secrets.env
# Create the secrets file
cat > ~/.docker/mcp/secrets.env << 'EOF'
my-server.api_key=your-api-key-here
my-server.username=your-username
EOF # Restrict permissions — only your user can read it
chmod 600 ~/.docker/mcp/secrets.env
# Create the secrets file
cat > ~/.docker/mcp/secrets.env << 'EOF'
my-server.api_key=your-api-key-here
my-server.username=your-username
EOF # Restrict permissions — only your user can read it
chmod 600 ~/.docker/mcp/secrets.env
docker mcp gateway run \ --dry-run \ --verbose \ --secrets ~/.docker/mcp/secrets.env \ 2>&1
docker mcp gateway run \ --dry-run \ --verbose \ --secrets ~/.docker/mcp/secrets.env \ 2>&1
docker mcp gateway run \ --dry-run \ --verbose \ --secrets ~/.docker/mcp/secrets.env \ 2>&1
docker mcp gateway run \ --transport sse \ --port 8811 \ --secrets ~/.docker/mcp/secrets.env
docker mcp gateway run \ --transport sse \ --port 8811 \ --secrets ~/.docker/mcp/secrets.env
docker mcp gateway run \ --transport sse \ --port 8811 \ --secrets ~/.docker/mcp/secrets.env
sudo tee /etc/systemd/system/mcp-gateway.service > /dev/null << EOF
[Unit]
Description=Docker MCP Gateway
Requires=docker.service
After=docker.service network-online.target
Wants=network-online.target [Service]
Type=simple
User=$(whoami)
Environment=HOME=$HOME
ExecStart=/usr/local/lib/docker/cli-plugins/docker-mcp gateway run \\ --transport sse \\ --port 8811 \\ --secrets $HOME/.docker/mcp/secrets.env
Restart=on-failure
RestartSec=10 [Install]
WantedBy=multi-user.target
EOF
sudo tee /etc/systemd/system/mcp-gateway.service > /dev/null << EOF
[Unit]
Description=Docker MCP Gateway
Requires=docker.service
After=docker.service network-online.target
Wants=network-online.target [Service]
Type=simple
User=$(whoami)
Environment=HOME=$HOME
ExecStart=/usr/local/lib/docker/cli-plugins/docker-mcp gateway run \\ --transport sse \\ --port 8811 \\ --secrets $HOME/.docker/mcp/secrets.env
Restart=on-failure
RestartSec=10 [Install]
WantedBy=multi-user.target
EOF
sudo tee /etc/systemd/system/mcp-gateway.service > /dev/null << EOF
[Unit]
Description=Docker MCP Gateway
Requires=docker.service
After=docker.service network-online.target
Wants=network-online.target [Service]
Type=simple
User=$(whoami)
Environment=HOME=$HOME
ExecStart=/usr/local/lib/docker/cli-plugins/docker-mcp gateway run \\ --transport sse \\ --port 8811 \\ --secrets $HOME/.docker/mcp/secrets.env
Restart=on-failure
RestartSec=10 [Install]
WantedBy=multi-user.target
EOF
sudo mkdir -p /etc/systemd/system/mcp-gateway.service.d TOKEN=$(openssl rand -hex 32)
echo "Save this token: $TOKEN" sudo tee /etc/systemd/system/mcp-gateway.service.d/token.conf > /dev/null << EOF
[Service]
Environment=MCP_GATEWAY_AUTH_TOKEN=$TOKEN
EOF
sudo mkdir -p /etc/systemd/system/mcp-gateway.service.d TOKEN=$(openssl rand -hex 32)
echo "Save this token: $TOKEN" sudo tee /etc/systemd/system/mcp-gateway.service.d/token.conf > /dev/null << EOF
[Service]
Environment=MCP_GATEWAY_AUTH_TOKEN=$TOKEN
EOF
sudo mkdir -p /etc/systemd/system/mcp-gateway.service.d TOKEN=$(openssl rand -hex 32)
echo "Save this token: $TOKEN" sudo tee /etc/systemd/system/mcp-gateway.service.d/token.conf > /dev/null << EOF
[Service]
Environment=MCP_GATEWAY_AUTH_TOKEN=$TOKEN
EOF
sudo systemctl daemon-reload
sudo systemctl enable mcp-gateway.service
sudo systemctl start mcp-gateway.service
sudo systemctl daemon-reload
sudo systemctl enable mcp-gateway.service
sudo systemctl start mcp-gateway.service
sudo systemctl daemon-reload
sudo systemctl enable mcp-gateway.service
sudo systemctl start mcp-gateway.service
sudo systemctl status mcp-gateway.service
journalctl -u mcp-gateway.service -f
sudo systemctl status mcp-gateway.service
journalctl -u mcp-gateway.service -f
sudo systemctl status mcp-gateway.service
journalctl -u mcp-gateway.service -f
URL: http://your-server:8811/sse
Auth: Authorization: Bearer <your-token>
URL: http://your-server:8811/sse
Auth: Authorization: Bearer <your-token>
URL: http://your-server:8811/sse
Auth: Authorization: Bearer <your-token>
{ "mcpServers": { "my-gateway": { "command": "npx", "args": [ "mcp-remote", "http://your-server:8811/sse", "--header", "Authorization: Bearer <your-token>", "--allow-http", "--transport", "sse-only" ] } }
}
{ "mcpServers": { "my-gateway": { "command": "npx", "args": [ "mcp-remote", "http://your-server:8811/sse", "--header", "Authorization: Bearer <your-token>", "--allow-http", "--transport", "sse-only" ] } }
}
{ "mcpServers": { "my-gateway": { "command": "npx", "args": [ "mcp-remote", "http://your-server:8811/sse", "--header", "Authorization: Bearer <your-token>", "--allow-http", "--transport", "sse-only" ] } }
}
docker mcp gateway run --dry-run --verbose --secrets ~/.docker/mcp/secrets.env 2>&1 | grep Warning
docker mcp gateway run --dry-run --verbose --secrets ~/.docker/mcp/secrets.env 2>&1 | grep Warning
docker mcp gateway run --dry-run --verbose --secrets ~/.docker/mcp/secrets.env 2>&1 | grep Warning
VERSION=v0.41.0 # replace with latest
ARCH=arm64 # or amd64 sudo curl -fsSL \ https://github.com/docker/mcp-gateway/releases/download/$VERSION/docker-mcp-linux-$ARCH.tar.gz \ | sudo tar -xz -C /usr/local/lib/docker/cli-plugins/ sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-mcp
sudo systemctl restart mcp-gateway.service
VERSION=v0.41.0 # replace with latest
ARCH=arm64 # or amd64 sudo curl -fsSL \ https://github.com/docker/mcp-gateway/releases/download/$VERSION/docker-mcp-linux-$ARCH.tar.gz \ | sudo tar -xz -C /usr/local/lib/docker/cli-plugins/ sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-mcp
sudo systemctl restart mcp-gateway.service
VERSION=v0.41.0 # replace with latest
ARCH=arm64 # or amd64 sudo curl -fsSL \ https://github.com/docker/mcp-gateway/releases/download/$VERSION/docker-mcp-linux-$ARCH.tar.gz \ | sudo tar -xz -C /usr/local/lib/docker/cli-plugins/ sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-mcp
sudo systemctl restart mcp-gateway.service
docker save mcp/my-server:latest | ssh your-linux-host "docker load"
ssh your-linux-host "sudo systemctl restart mcp-gateway.service"
docker save mcp/my-server:latest | ssh your-linux-host "docker load"
ssh your-linux-host "sudo systemctl restart mcp-gateway.service"
docker save mcp/my-server:latest | ssh your-linux-host "docker load"
ssh your-linux-host "sudo systemctl restart mcp-gateway.service" - Runs any MCP server as a Docker container
- Exposes them all behind a single HTTP endpoint with Bearer token auth
- Starts automatically on boot via systemd - Linux host with Docker installed (Docker Engine, not Docker Desktop)
- Your user in the docker group (sudo usermod -aG docker $USER)
- SSH access if setting up remotely - --allow-http — mcp-remote blocks non-HTTPS URLs by default
- --transport sse-only — the default http-first strategy sends a POST that
the gateway rejects with sessionid must be provided
