No support for DOCKER_TLS_VERIFY
PatrickLang opened this issue · 3 comments
I have a Docker Swarm mode cluster set up with TLS, but no unencrypted or unix socket access since it's Windows. I'm using @StefanScherer 's steps with a few changes:
DOCKER_HOST
is set to port 2376 instead of 2375 or :0.0DOCKER_TLS_VERIFY
is set to 1- Certificates are bind mounted into user's .docker directory
I would expect this to work since it follows the typical environment variables and certificates used for docker.exe
and docker-compose.exe
, but no luck.
Specific commands:
$ip=(Get-NetIPAddress -AddressFamily IPv4 `
| Where-Object -FilterScript { $_.InterfaceAlias -Eq "vEthernet (HNS Internal NIC)" } `
).IPAddress
docker run -d -p 8080:8080 -e DOCKER_HOST=${ip}:2376 `
-e DOCKER_TLS_VERIFY=1 `
-v "$env:USERPROFILE\.docker:c:\users\containeradministrator\.docker" `
--name=visualizer `
stefanscherer/visualizer-windows
It fails to attach to the TLS port:
docker : npm info it worked if it ends with ok
+ CategoryInfo : NotSpecified: (npm info it worked if it ends with ok:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
npm info using npm@2.15.9
npm info using node@v4.6.1
npm info ok
npm info it worked if it ends with ok
npm info using npm@2.15.9
npm info using node@v4.6.1
npm info prestart swarmVisualizer@0.0.1
npm info start swarmVisualizer@0.0.1
> swarmVisualizer@0.0.1 start C:\app
> node server.js
172.20.192.1:2376
problem with request: Parse Error
Error: Parse Error
at Error (native)
at Socket.socketOnData (_http_client.js:322:20)
at emitOne (events.js:77:13)
at Socket.emit (events.js:169:7)
at readableAddChunk (_stream_readable.js:153:18)
at Socket.Readable.push (_stream_readable.js:111:10)
at TCP.onread (net.js:536:20)
problem with request: Parse Error
The last error stack repeats several times.
I haven't tried it with TLS yet, but found this older comment #6 (comment) and it seems there is some work needed to fix it in the code.
ping @PatrickLang there is a PR #47 or use the Docker image stefanscherer/visualizer-windows:allow-tls
with your specified commands from above.
Thanks! I added some comments to the PR with my testing