Login/Register
Docker Desktop for Windows with Linux Containers and TLS
Asked Answered
windowsdockertls1.2docker-desktop
T

0

6

TL/DR: Is it possible to use Docker on Windows, with Linux containers, and with TLS enabled?

Observation 1:

When I use Docker on Windows 10 (Docker Desktop 2.2.0.3, and engine 19.03.5) I can happily use Linux containers.

Observation 2:

Using the same environment as observation 1 above, if I want to expose the docker daemon on TCP with TLS, I can use openssl to set up the CA, and all the certs I need - again, no problem. Just to clarify, this is all happening on localhost - only the one host PC is involved.

My Docker Engine config file (Docker Desktop > Settings > Docker Engine) ends up looking like this:

{
  "registry-mirrors": [],
  "insecure-registries": [],
  "debug": true,
  "experimental": false,
  "tlsverify": true,
  "tlscacert": "C:/dockercerts/ca.pem",
  "tlscert": "C:/dockercerts/server-cert.pem",
  "tlskey": "C:/dockercerts/server-key.pem",
  "hosts": [
    "tcp://0.0.0.0:2376",
    "npipe://"
  ]
}

And, the following docker version command works like a charm for me:

docker --tlsverify ^
  --tlscacert=C:/dockercerts/ca.pem ^
  --tlscert=C:/dockercerts/cert.pem ^
  --tlskey=C:/dockercerts/key.pem ^
  -H=localhost:2376 version

Observation 3:

But to make the docker version command in observation 2 work, I have to switch Docker Desktop from "Linux Containers" to "Windows Containers".

(I currently have no Windows containers.)

If I try to switch Docker Desktop to use Linux containers, then Docker Desktop crashes on start-up (or on restart). I even had to re-install the whole thing a couple of times - I could not get to the "reset to factory options" button.

Background:

I was trying to use the Docker API (the REST services) over HTTPS rather than HTTP - so that's what prompted all of this - in case that helps.

Likely Conclusion...?:

It's not possible to mix these specific things on Windows - and I should use a Linux host for my Linux containers.

However, I'd be delighted to see a set-up where I can run that docker version command on Windows, using my certificates, and Linux containers - all at the same time.

Failing that, if anyone has any insight into why it's not possible ("...windows pipes...?") or something like that, I would be very interested.

(I do see a fairly large number of Docker and TLS questions on SO - but nothing specific to this scenario.)

UPDATE:

Here is the specific error I get:

Docker.Core.Backend.BackendException:
Failed to start
   at Docker.Core.Pipe.NamedPipeClient.<TrySendAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Docker.Core.Pipe.NamedPipeClient.Send(String action, Object[] parameters)
   at Docker.Actions.<RestartDaemon>b__37_0()
   at Docker.ApiServices.TaskQueuing.TaskQueue.<>c__DisplayClass18_0.<.ctor>b__1()

  Docker.Core.DockerException:
  Failed to start
     at Docker.Backend.ContainerEngine.Linux.DoStart(Settings settings, String daemonOptions, Credential credential)
     at Docker.Backend.ContainerEngine.Linux.Restart(Settings settings, String daemonOptions, Credential credential)
     at Docker.Backend.BackendNamedPipeServer.<Run>b__8_3(Object[] args)
     at Docker.Core.Pipe.NamedPipeServer.<>c__DisplayClass9_0.<Register>b__0(Object[] parameters)
     at Docker.Core.Pipe.NamedPipeServer.RunAction(String action, Object[] parameters)

Researching the following...

Failed to start at Docker.Core.Pipe.NamedPipeClient.<TrySendAsync>d__5.MoveNext()

... has not led to any insights, beyond some me too comments - mostly related to version updates.

Issue Ticket

Unable to run Docker for Windows using TLS with Linux Containers

Troth answered 12/2, 2020 at 23:19 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.