Run Any MCP Servers Securely and Easily with Docker

Model Context Protocol (MCP) servers are becoming quite common in the AI landscape today. You can find MCP servers for many tasks, including email integration, cloud storage access, content management, web search, and more. However, as this ecosystem grows, several challenges arise:

• Security: How trustworthy are the MCP servers you're using? Do they send data unexpectedly ("phone home")? Is the underlying code secure?
• Installation and Configuration: Setting up MCP servers can sometimes be complicated.
• Observability: It can be difficult to monitor what MCP servers are actually doing on your system.
• Performance: How efficiently are these servers running?

Fortunately, there are good solutions available that borrow best practices from modern software engineering and cloud technologies to address these issues. One helpful tool, which I've discussed before, is Docker (though other container runtimes like CRI-O or Podman would also work similarly).

How Docker Helps with MCP Servers

If you're unfamiliar with Docker, you might want to check out my recent post about the power of Docker and container technologies in general.

In short, Docker allows you to run applications – in this case, an MCP server – inside an isolated environment called a container. This approach offers several advantages:

• Sandboxing: The application runs in a restricted environment with limited access to your main computer (the "host"). Unlike running MCP servers directly using methods like npm or Python packages (which often have broad access), a containerized MCP server can only access the specific resources Docker assigns to it. This enhances security.
• Simplified Setup: You don't need to install specific software like Node.js (npm), Uvicorn (uv), etc., directly on your host system just to run the MCP server. Instead, you can use a pre-built Docker container image that already includes all necessary dependencies, often hardened for better security.
• Better Observability: When MCP servers run directly on your host, they start processes that can be tricky to monitor. Docker, however, provides clear visibility into what's happening inside the container. You can easily check performance metrics, view logs, and manage the server. Tools like Docker Desktop offer a single dashboard to view and manage all your running containers.

This tutorial demonstrates how to run an MCP server using Docker, often without needing to install extra software directly on your system.

What You'll Need

• Claude Desktop
• Docker (Docker Desktop is recommended for ease of use)

I'm using macOS for this example, but the steps should be adaptable to Windows or Linux.

Example: Adding Tavily Search to Claude Desktop

Let's say we want to give Claude Desktop the ability to perform web searches using Tavily, an AI-powered search engine similar to Perplexity or Google's AI search.

Tavily provides detailed documentation here: https://docs.tavily.com/documentation/mcp.

Typically, to start the Tavily MCP server so that the Claude Desktop can communicate with it, you would run the following command in your terminal:

TAVILY_API_KEY=xxxx npx -y tavily-mcp@0.1.4

Note: The usual locations for the Claude MCP configuration file are:
– macOS: ~/Library/Application Support/Claude/claude_desktop_config.json– Windows: %APPDATA%\Claude\claude_desktop_config.jsonFor more details on configuring Claude Desktop with MCP servers, please refer to the official documentation: https://modelcontextprotocol.io/quickstart/user

As mentioned earlier, running this command directly using npx can present challenges related to installation, monitoring, and security (although Tavily, being a reputable company, likely takes security seriously).

Running the Tavily MCP Server with Docker

To run the same command inside a Docker container, we essentially wrap it within a container that has Node.js and npx available.

The command above, adapted for Docker, looks like this:

docker run -i --rm --name mcp-tavily -e TAVILY_API_KEY=xxxx node:latest npx -y tavily-mcp@0.1.4

• docker run: Starts a new container.
• -i: Keeps STDIN open, necessary for interaction.
• --rm: Automatically removes the container when it stops.
• --name mcp-tavily: Assigns a recognizable name to the container.
• -e TAVILY_API_KEY=xxxx: Passes your Tavily API key as an environment variable into the container. Remember to replace xxxx with your actual key.
• node:latest: Specifies the Docker image to use (a recent version of Node.js, which includes npx).
• npx -y tavily-mcp@0.1.4: The actual command to run inside the container.

You can test this Docker command by running it directly in your terminal.