How to enable Docker API access from Windows running Docker Toolbox (docker machine)
Asked Answered
A

2

9

I am running the latest Docker Toolbox, using latest Oracle VirtualBox, with Windows 7 as a host OS.

I am trying to enable non-TLS access to Docker remote API, so I could use Postman REST client running on Windows and hit docker API running on docker-machine in the VirtualBox. I found that if Docker configuration included -H tcp://0.0.0.0:2375, that would do the trick exposing the API on port 2375 of the docker machine, but for the life of me I can't find where this configuration is stored and can be changed.

I did docker-machine ssh from the Toolbox CLI, and then went and pocked around the /etc/init.d/docker file, but no changes to the file survive docker-machine restart.

I was able to find answer to this question for Ubuntu and OSX, but not for Windows.

Archibald answered 27/10, 2016 at 21:57 Comment(4)
Here is the answer: #26424838 RegardsWaste
@CarlosRafaelRamirez, do you mean duplicate question? if so, you can flag it.Bicollateral
No the question is not the same. It is not about the same topic. But can be resolved in the same file. It is important to keep this question so people is looking for this solution different of the other relates to dns can find.Waste
In summary everything is configured in the same configuration fileWaste
A
13

@CarlosRafaelRamirez mentioned the right place, but I will add a few details and provide more detailed, step-by-step instructions, because Windows devs are often not fluent in Linux ecosystem.

Disclaimer: following steps make it possible to hit Docker Remote API from Windows host, but please keep in mind two things:

  1. This should not be done in production as it makes Docker machine very not secure.
  2. Current solution disables most of the docker-machine and all docker CLI functionality. docker-machine ssh remains operational, forcing one to SSH into docker machine to access docker commands.

Solution Now, here are the steps necessary to switch Docker API to non-TLS port. (Docker machine name is assumed to be "default". If your machine name has a different name, you will need to specify it in the commands below.)

  1. Start "Docker Quickstart Terminal". It starts Bash shell and is the place where all following commands will be run. Run docker-machine ip command and note the IP address of the docker host machine. Then do
  2. docker-machine ssh
  3. cd /var/lib/boot2docker
  4. sudo vi profile This starts "vi" editor in elevated privileges mode required for editing "profile" file, where Docker host settings are. (If as a Windows user you are not familiar with vi, here's is super-basic crash course on it. When file is open in the vi, vi is not in editing mode. Press "i" to start edit mode. Now you can make changes. After you made all the changes, hit Esc and then ZZ to save changes and exit vi. If you need to exit vi without saving changes, after Esc please type :q! and hit Enter. ":" turns on vi's command mode, and "q!" command means exit without saving. Detailed vi command info is here.)
  5. Using vi, change DOCKER_HOST to be DOCKER_HOST='-H tcp://0.0.0.0:2375', and set DOCKER_TLS=no. Save changes as described above.
  6. exit to leave SSH session.
  7. docker-machine restart

After doocker machine has restarted, your sould be able to hit docker API URL, like http://dokerMachineIp:2375/containers/json?all=1, and get valid JSON back.

This is the end of steps required to achieve the main goal.

However, if at this point you try to run docker-machine config or docker images, you will see an error message indicating that docker CLI client is trying to get to the Docker through the old port/TLS settings, which is understandable. What was not expected to me though, is that even after I followed all the Getting Started directions, and ran export DOCKER_HOST=tcp://192.168.99.101:2375 and export DOCKER_TLS_VERIFY=0, resulting in

$ env | grep DOCKER
DOCKER_HOST=tcp://192.168.99.101:2375
DOCKER_MACHINE_NAME=default
DOCKER_TLS_VERIFY=0
DOCKER_TOOLBOX_INSTALL_PATH=C:\Program Files\Docker Toolbox
DOCKER_CERT_PATH=C:\Users\USERNAME\.docker\machine\machines\default

the result was the same:

$ docker-machine env

Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.101:2376"

If you see a problem with how I changed environment variables to point Docker CLI to the new Docker host address, please comment.

To work around this problem, use docker-machine ssh command and run your docker commands after that.

Archibald answered 28/10, 2016 at 22:26 Comment(0)
B
2

I encountered the same problem and thanks to @VladH made it working not changing any internal Docker profile properties. All you have to do is correctly define Windows local env variables (or configure maven plugin properties, if you use io.fabric8 docker-maven-plugin).

Note that 2375 port is used for non-TLS connections, and 2376 only for TLS connections.

DOCKER_HOST=tcp://192.168.99.100:2376
DOCKER_TLS_VERIFY=0
DOCKER_TOOLBOX_INSTALL_PATH=C:\Program Files\Docker Toolbox
DOCKER_CERT_PATH=C:\Users\USERNAME\.docker\machine\machines\default
Blackboard answered 5/11, 2019 at 11:28 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.