No support for DOCKER_TLS_VERIFY

Question

No support for DOCKER_TLS_VERIFY

PatrickLang opened this issue 8 years ago · 3 comments

I have a Docker Swarm mode cluster set up with TLS, but no unencrypted or unix socket access since it's Windows. I'm using @StefanScherer 's steps with a few changes:

DOCKER_HOST is set to port 2376 instead of 2375 or :0.0
DOCKER_TLS_VERIFY is set to 1
Certificates are bind mounted into user's .docker directory

I would expect this to work since it follows the typical environment variables and certificates used for docker.exe and docker-compose.exe, but no luck.

Specific commands:

$ip=(Get-NetIPAddress -AddressFamily IPv4 `
   | Where-Object -FilterScript { $_.InterfaceAlias -Eq "vEthernet (HNS Internal NIC)" } `
   ).IPAddress

docker run -d -p 8080:8080 -e DOCKER_HOST=${ip}:2376 `
                           -e DOCKER_TLS_VERIFY=1 `
                           -v "$env:USERPROFILE\.docker:c:\users\containeradministrator\.docker" `
                           --name=visualizer `
                           stefanscherer/visualizer-windows

It fails to attach to the TLS port:

docker : npm info it worked if it ends with ok
    + CategoryInfo          : NotSpecified: (npm info it worked if it ends with ok:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError


npm info using npm@2.15.9
npm info using node@v4.6.1
npm info ok
npm info it worked if it ends with ok
npm info using npm@2.15.9
npm info using node@v4.6.1
npm info prestart swarmVisualizer@0.0.1
npm info start swarmVisualizer@0.0.1
> swarmVisualizer@0.0.1 start C:\app
> node server.js

172.20.192.1:2376
problem with request: Parse Error
Error: Parse Error
    at Error (native)
    at Socket.socketOnData (_http_client.js:322:20)
    at emitOne (events.js:77:13)
    at Socket.emit (events.js:169:7)
    at readableAddChunk (_stream_readable.js:153:18)
    at Socket.Readable.push (_stream_readable.js:111:10)
    at TCP.onread (net.js:536:20)
problem with request: Parse Error

The last error stack repeats several times.

Answer 1 · 2017-01-03T08:10:18.000Z

I haven't tried it with TLS yet, but found this older comment #6 (comment) and it seems there is some work needed to fix it in the code.

Answer 2 · 2017-01-03T10:56:28.000Z

ping @PatrickLang there is a PR #47 or use the Docker image stefanscherer/visualizer-windows:allow-tls with your specified commands from above.

Answer 3 · 2017-01-04T07:05:34.000Z

Thanks! I added some comments to the PR with my testing