Disable TLS on boot2docker

Docker with boot2docker

• When installing docker in OSX environment we are using boot2docker light weight linux virtual machine
• More info Install docker with boo2docker
• By default the Docker daemon on boot2docker only activates the TLS encrypted socket (port: 2376)
• It auto-generates certificates and stores them in /home/docker/.docker inside the VM
• The boot2docker up command will copy them to ~/.boot2docker/certs on the host machine
• Once the VM has started, and output the correct values for the DOCKER_CERT_PATH and DOCKER_TLS_VERIFY environment variables.
• In default setup we use following environment variable

export DOCKER_HOST=tcp://192.168.59.103:2376
exportDOCKER_CERT_PATH=/Users/eranga/.boot2docker/certs/boot2docker-vm
export DOCKER_TLS_VERIFY=1

• Note that the DOCKER_HOST use 2376 port

Disable TLS

• To use boot2docker with an unencrypted Docker socket you have to disable TLS

1. Set DOCKER_TLS in boot2docker VM

• Add DOCKER_TLS=no to boot2docker configuration profile

# ssh to boot2docker from host machine(OSX)
boot2docker up
boot2docker ssh

# add DOCKER_TLS=no
vi /var/lib/boot2docker/profile

# restart docker service in boot2docker
sudo /etc/init.d/docker restart

# exit from boot2docker vm
exit

• Now /var/lib/boot2docker/profile would looks like below

2. Set docker environment variables in host machine

• Add following environment variables to ~/.bashrc(or ~/.zshrc if you using zsh shell) in your host OSX machine

# set up boot2docker environment variables
export DOCKER_HOST=tcp://192.168.59.103:2375
unset DOCKER_TLS_VERIFY
unset DOCKER_CERT_PATH

• Note that DOCKER_HOST use 2375 port

• More info boot2docker TLS support