Reputation: 4958
Docker Socket Without TLS
I have a TLS secured docker demon running. I use TLS for remote accessing the docker demon and access docker locally without any TLS. Normally...
Recently, I have updated Docker. Apparently I cannot connect to the local socket anymore. I suppose Docker is using now TLS for remote and local connections.
Is there a way to disable TLS for the local Docker socket?
Output of ps auxw | grep dockerd:
/usr/bin/dockerd -H 0.0.0.0:2376 --tlsverify --tlscacert /home/dockermanager/.docker/ca.pem --tlscert /home/dockermanager/.docker/server-cert.pem --tlskey /home/dockermanager/.docker/server-key.pem
Upvotes: 1
Views: 3207
Answers (1)
Reputation: 4958
Had been able to fix this myself.
I needed to migrate to these two systemd files provided by Docker: https://github.com/moby/moby/tree/master/contrib/init/systemd
One service file is for the docker demon and there is one for the docker socket separately. The docker socket is a required dependency by docker.service and will be loaded, restartet and stopped accordingly.
Then i needed to add the docker demon parameter -H unix:// in order to activate the docker demon listening to the docker socket.
Afterwards everything worked as always and I assume local docker.socket communication does not need tls verification at all.
Start command now:
/usr/bin/dockerd -H unix:// -H tcp://0.0.0.0:2376 --tlsverify --tlscacert /home/dockeruser/.docker/ca.pem --tlscert /home/dockeruser/.docker/server-cert.pem --tlskey /home/dockeruser/.docker/server-key.pem
Upvotes: 2
Related Questions
- Docker remote error: tls: handshake failure
- use docker's remote API in a secure manner
- Docker establish tcp communication between host and container
- Docker TLS Error on Ubuntu
- HTTPS server in Docker container
- Using SSL with docker containers
- Networking setup in docker
- TLS failed in Docker
- docker-machine create node without tls verification
- Access a docker container on a non standard SSL port