siqnjg
Last Updated: October 31, 2018
·
13.93K
· itseranga

Disable TLS on boot2docker

Docker with boot2docker

  • When installing docker in OSX environment we are using boot2docker light weight linux virtual machine
  • More info Install docker with boo2docker
  • By default the Docker daemon on boot2docker only activates the TLS encrypted socket (port: 2376)
  • It auto-generates certificates and stores them in /home/docker/.docker inside the VM
  • The boot2docker up command will copy them to ~/.boot2docker/certs on the host machine
  • Once the VM has started, and output the correct values for the DOCKER_CERT_PATH and DOCKER_TLS_VERIFY environment variables.
  • In default setup we use following environment variable
export DOCKER_HOST=tcp://192.168.59.103:2376
exportDOCKER_CERT_PATH=/Users/eranga/.boot2docker/certs/boot2docker-vm
export DOCKER_TLS_VERIFY=1
  • Note that the DOCKER_HOST use 2376 port

Picture

Disable TLS

  • To use boot2docker with an unencrypted Docker socket you have to disable TLS

1. Set DOCKER_TLS in boot2docker VM

  • Add DOCKER_TLS=no to boot2docker configuration profile
# ssh to boot2docker from host machine(OSX)
boot2docker up
boot2docker ssh

# add DOCKER_TLS=no
vi /var/lib/boot2docker/profile

# restart docker service in boot2docker
sudo /etc/init.d/docker restart

# exit from boot2docker vm
exit
  • Now /var/lib/boot2docker/profile would looks like below

Picture

2. Set docker environment variables in host machine

  • Add following environment variables to ~/.bashrc(or ~/.zshrc if you using zsh shell) in your host OSX machine
# set up boot2docker environment variables
export DOCKER_HOST=tcp://192.168.59.103:2375
unset DOCKER_TLS_VERIFY
unset DOCKER_CERT_PATH
  • Note that DOCKER_HOST use 2375 port

Picture

1 Response
Add your response

31105

I've found this post useful. I'll read it in detail, but I think most of what he suggests in the first part was taken into account in the latest version of boot2docker. But the insightful bit was "connecting to VPN things is going to break". What it has proposed is to look for a firewall rule that rejects everything. So, fired without a VPN, I searched for this rule, and it was not there. Sure enough, after I started my VPN, I got the following (other) error

https://www.achieveessays.com/dissertation-writing-service.html

3 months ago ·