dsdk / v1.47 / containerAttach
Function: containerAttach() ​
containerAttach(
opts,callback):void
Attach to a container
Attach to a container to read its output or send it input. You can attach to the same container multiple times and you can reattach to containers that have been detached.
Either the stream or logs parameter must be true for this endpoint to do anything.
See the documentation for the docker attach command for more details.
Hijacking ​
This endpoint hijacks the HTTP connection to transport stdin, stdout, and stderr on the same socket.
This is the response from the daemon for an attach request:
HTTP/1.1 200 OK
Content-Type: application/vnd.docker.raw-stream
[STREAM]After the headers and two new lines, the TCP connection can now be used for raw, bidirectional communication between the client and server.
To hint potential proxies about connection hijacking, the Docker client can also optionally send connection upgrade headers.
For example, the client sends this request to upgrade the connection:
POST /containers/16253994b7c4/attach?stream=1&stdout=1 HTTP/1.1
Upgrade: tcp
Connection: UpgradeThe Docker daemon will respond with a 101 UPGRADED response, and will similarly follow with the raw stream:
HTTP/1.1 101 UPGRADED
Content-Type: application/vnd.docker.raw-stream
Connection: Upgrade
Upgrade: tcp
[STREAM]Stream format ​
When the TTY setting is disabled in POST /containers/create, the HTTP Content-Type header is set to application/vnd.docker.multiplexed-stream and the stream over the hijacked connected is multiplexed to separate out stdout and stderr. The stream consists of a series of frames, each containing a header and a payload.
The header contains the information which the stream writes (stdout or stderr). It also contains the size of the associated frame encoded in the last four bytes (uint32).
It is encoded on the first eight bytes like this:
header := [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}STREAM_TYPE can be:
- 0:
stdin(is written onstdout) - 1:
stdout - 2:
stderr
SIZE1, SIZE2, SIZE3, SIZE4 are the four bytes of the uint32 size encoded as big endian.
Following the header is the payload, which is the specified number of bytes of STREAM_TYPE.
The simplest way to implement this protocol is the following:
- Read 8 bytes.
- Choose
stdoutorstderrdepending on the first byte. - Extract the frame size from the last four bytes.
- Read the extracted size and output it on the correct output.
- Goto 1.
Stream format when using a TTY ​
When the TTY setting is enabled in POST /containers/create, the stream is not multiplexed. The data exchanged over the hijacked connection is simply the raw data from the process PTY and client's stdin.
Parameters ​
| Parameter | Type |
|---|---|
| |
|
Returns ​
void