3 files changed, 18 insertions, 51 deletions

diff --git a/api/server/server.go b/api/server/server.go
index e8714eb060..3ce2659287 100644
--- a/api/server/server.go
+++ b/api/server/server.go
@@ -2,7 +2,6 @@ package server // import "github.com/docker/docker/api/server"
 
 import (
 	"context"
-	"crypto/tls"
 	"net"
 	"net/http"
 	"strings"
@@ -22,32 +21,13 @@ import (
 // when a request is about to be served.
 const versionMatcher = "/v{version:[0-9.]+}"
 
-// Config provides the configuration for the API server
-type Config struct {
-	CorsHeaders string
-	Version     string
-	SocketGroup string
-	TLSConfig   *tls.Config
-	// Hosts is a list of addresses for the API to listen on.
-	Hosts []string
-}
-
 // Server contains instance details for the server
 type Server struct {
-	cfg         *Config
 	servers     []*HTTPServer
 	routers     []router.Router
 	middlewares []middleware.Middleware
 }
 
-// New returns a new instance of the server based on the specified configuration.
-// It allocates resources which will be needed for ServeAPI(ports, unix-sockets).
-func New(cfg *Config) *Server {
-	return &Server{
-		cfg: cfg,
-	}
-}
-
 // UseMiddleware appends a new middleware to the request chain.
 // This needs to be called before the API routes are configured.
 func (s *Server) UseMiddleware(m middleware.Middleware) {
diff --git a/api/server/server_test.go b/api/server/server_test.go
index a3e8124a88..8b71e9fce6 100644
--- a/api/server/server_test.go
+++ b/api/server/server_test.go
@@ -13,12 +13,7 @@ import (
 )
 
 func TestMiddlewares(t *testing.T) {
-	cfg := &Config{
-		Version: "0.1omega2",
-	}
-	srv := &Server{
-		cfg: cfg,
-	}
+	srv := &Server{}
 
 	srv.UseMiddleware(middleware.NewVersionMiddleware("0.1omega2", api.DefaultVersion, api.MinVersion))
 
diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go
index 8389378174..90348f1217 100644
--- a/cmd/dockerd/daemon.go
+++ b/cmd/dockerd/daemon.go
@@ -65,7 +65,7 @@ type DaemonCli struct {
 	configFile *string
 	flags      *pflag.FlagSet
 
-	api             *apiserver.Server
+	api             apiserver.Server
 	d               *daemon.Daemon
 	authzMiddleware *authorization.Middleware // authzMiddleware enables to dynamically reload the authorization plugins
 }
@@ -80,7 +80,7 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 		return err
 	}
 
-	serverConfig, err := newAPIServerConfig(cli.Config)
+	tlsConfig, err := newAPIServerTLSConfig(cli.Config)
 	if err != nil {
 		return err
 	}
@@ -161,9 +161,7 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 		}
 	}
 
-	cli.api = apiserver.New(serverConfig)
-
-	hosts, err := loadListeners(cli, serverConfig)
+	hosts, err := loadListeners(cli, tlsConfig)
 	if err != nil {
 		return errors.Wrap(err, "failed to load listeners")
 	}
@@ -192,7 +190,7 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 
 	pluginStore := plugin.NewStore()
 
-	if err := cli.initMiddlewares(cli.api, serverConfig, pluginStore); err != nil {
+	if err := cli.initMiddlewares(&cli.api, pluginStore); err != nil {
 		logrus.Fatalf("Error creating middlewares: %v", err)
 	}
 
@@ -230,7 +228,7 @@ func (cli *DaemonCli) start(opts *daemonOptions) (err error) {
 	if err != nil {
 		return err
 	}
-	routerOptions.api = cli.api
+	routerOptions.api = &cli.api
 	routerOptions.cluster = c
 
 	initRouter(routerOptions)
@@ -546,8 +544,8 @@ func initRouter(opts routerOptions) {
 }
 
 // TODO: remove this from cli and return the authzMiddleware
-func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config, pluginStore plugingetter.PluginGetter) error {
-	v := cfg.Version
+func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, pluginStore plugingetter.PluginGetter) error {
+	v := dockerversion.Version
 
 	exp := middleware.NewExperimentalMiddleware(cli.Config.Experimental)
 	s.UseMiddleware(exp)
@@ -555,8 +553,8 @@ func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config
 	vm := middleware.NewVersionMiddleware(v, api.DefaultVersion, api.MinVersion)
 	s.UseMiddleware(vm)
 
-	if cfg.CorsHeaders != "" {
-		c := middleware.NewCORSMiddleware(cfg.CorsHeaders)
+	if cli.Config.CorsHeaders != "" {
+		c := middleware.NewCORSMiddleware(cli.Config.CorsHeaders)
 		s.UseMiddleware(c)
 	}
 
@@ -597,7 +595,7 @@ func (cli *DaemonCli) getContainerdDaemonOpts() ([]supervisor.DaemonOpt, error)
 	return opts, nil
 }
 
-func newAPIServerConfig(config *config.Config) (*apiserver.Config, error) {
+func newAPIServerTLSConfig(config *config.Config) (*tls.Config, error) {
 	var tlsConfig *tls.Config
 	if config.TLS != nil && *config.TLS {
 		var (
@@ -620,13 +618,7 @@ func newAPIServerConfig(config *config.Config) (*apiserver.Config, error) {
 		}
 	}
 
-	return &apiserver.Config{
-		SocketGroup: config.SocketGroup,
-		Version:     dockerversion.Version,
-		CorsHeaders: config.CorsHeaders,
-		TLSConfig:   tlsConfig,
-		Hosts:       config.Hosts,
-	}, nil
+	return tlsConfig, nil
 }
 
 // checkTLSAuthOK checks basically for an explicitly disabled TLS/TLSVerify
@@ -654,21 +646,21 @@ func checkTLSAuthOK(c *config.Config) bool {
 	return true
 }
 
-func loadListeners(cli *DaemonCli, serverConfig *apiserver.Config) ([]string, error) {
-	if len(serverConfig.Hosts) == 0 {
+func loadListeners(cli *DaemonCli, tlsConfig *tls.Config) ([]string, error) {
+	if len(cli.Config.Hosts) == 0 {
 		return nil, errors.New("no hosts configured")
 	}
 	var hosts []string
 
-	for i := 0; i < len(serverConfig.Hosts); i++ {
-		protoAddr := serverConfig.Hosts[i]
+	for i := 0; i < len(cli.Config.Hosts); i++ {
+		protoAddr := cli.Config.Hosts[i]
 		proto, addr, ok := strings.Cut(protoAddr, "://")
 		if !ok || addr == "" {
 			return nil, fmt.Errorf("bad format %s, expected PROTO://ADDR", protoAddr)
 		}
 
 		// It's a bad idea to bind to TCP without tlsverify.
-		authEnabled := serverConfig.TLSConfig != nil && serverConfig.TLSConfig.ClientAuth == tls.RequireAndVerifyClientCert
+		authEnabled := tlsConfig != nil && tlsConfig.ClientAuth == tls.RequireAndVerifyClientCert
 		if proto == "tcp" && !authEnabled {
 			logrus.WithField("host", protoAddr).Warn("Binding to IP address without --tlsverify is insecure and gives root access on this machine to everyone who has access to your network.")
 			logrus.WithField("host", protoAddr).Warn("Binding to an IP address, even on localhost, can also give access to scripts run in a browser. Be safe out there!")
@@ -712,7 +704,7 @@ func loadListeners(cli *DaemonCli, serverConfig *apiserver.Config) ([]string, er
 				return nil, err
 			}
 		}
-		ls, err := listeners.Init(proto, addr, serverConfig.SocketGroup, serverConfig.TLSConfig)
+		ls, err := listeners.Init(proto, addr, cli.Config.SocketGroup, tlsConfig)
 		if err != nil {
 			return nil, err
 		}