Docker MCP Gateway with MCP Toolkit

This example demonstrates how to configure the Docker MCP Gateway to work seamlessly with the Docker MCP Toolkit interface in Docker Desktop. The MCP Toolkit provides a user-friendly UI for managing MCP servers and connecting them to various AI clients like Claude Desktop, Cursor, and VS Code.

Overview

The MCP Toolkit integration provides:

• UI-Driven Management: Visual interface in Docker Desktop for server management
• One-Click Setup: Install MCP servers directly from the Docker MCP Catalog
• Client Integration: Automatic configuration for Claude Desktop, Cursor, and other MCP clients
• Credential Management: Secure OAuth and API key handling through Docker Desktop
• Gateway Aggregation: Single connection point for multiple MCP servers

This Docker Compose configuration establishes an advanced MCP Gateway setup that operates as a comprehensive management layer with persistent configuration and Server-Sent Events (SSE) transport protocol. 

The gateway runs on port 8080 with –transport=sse, enabling HTTP-based streaming communication that’s more suitable for web applications and browser-based clients compared to the traditional stdio protocol. 

The ~/.docker/mcp:/mcp volume mount creates a persistent configuration directory on the host system, allowing the gateway to store and access custom catalog definitions (/mcp/catalogs/docker-mcp.yaml), configuration settings (/mcp/config.yaml), and registry information (/mcp/registry.yaml) that survive container restarts and updates.

services:
  gateway:
    image: docker/mcp-gateway
    ports:
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "~/.docker/mcp:/mcp"
    command:
      - --catalog=/mcp/catalogs/docker-mcp.yaml
      - --config=/mcp/config.yaml
      - --registry=/mcp/registry.yaml
      - --secrets=docker-desktop
      - --watch=true
      - --transport=sse
      - --port=8080

The configuration enables dynamic file monitoring and enterprise-grade features through several key parameters: 

• –watch=true allows the gateway to automatically reload when configuration files change, enabling live updates without service restarts; 
• –secrets=docker-desktop integrates with Docker Desktop’s credential management system for secure handling of API keys and authentication tokens; and the custom catalog/registry files provide the flexibility to define organization-specific MCP server collections and deployment configurations. 
• The Docker socket mount (/var/run/docker.sock) gives the gateway full container management capabilities, allowing it to spawn, monitor, and manage MCP server containers dynamically based on the configurations defined in the mounted YAML files. 

This setup is ideal for development environments or enterprise deployments where teams need centralized MCP server management with custom catalogs, persistent configurations, and web-accessible interfaces through the SSE transport protocol.

Getting Started

git clone https://github.com/docker/mcp-gateway

cd mcp-gateway/examples/mcp_toolkit

Start the services

docker compose up -d --build

This log output demonstrates the comprehensive startup sequence of a production-configured MCP Gateway with multiple servers and enterprise-grade features. 

The gateway begins by reading its multi-file configuration setup, loading the registry definitions from /mcp/registry.yaml, custom catalog from /mcp/catalogs/docker-mcp.yaml, and main configuration from /mcp/config.yaml, then securely accessing stored credentials including pat_token, firecrawl.api_key, and github.personal_access_token. 

The configuration process  immediately establishes file watchers on the registry and config files, enabling live configuration reloading without service restarts when these files are modified.

The server orchestration phase reveals five enabled MCP servers (dockerhub, duckduckgo, firecrawl, github-official, sequentialthinking) with their corresponding container images pulled and cryptographically verified using SHA256 hashes for security. 

Each server container is launched with robust security constraints including –security-opt no-new-privileges to prevent privilege escalation, CPU limits of 1 core, memory limits of 2GB, and proper Docker labeling for management. 

The containers are injected with service-specific environment variables (like FIRECRAWL_API_KEY for Firecrawl and GITHUB_PERSONAL_ACCESS_TOKEN for GitHub) while maintaining network isolation within the mcp_toolkit_default network. 

This sophisticated setup demonstrates how the MCP Gateway can manage a heterogeneous collection of AI tools – from web search (DuckDuckGo) and web scraping (Firecrawl) to repository management (GitHub) and AI reasoning (Sequential Thinking) – all orchestrated through a single, secure, and dynamically configurable gateway interface accessible via SSE transport on port 8080.