How can I configure the certificates for a TCP connection in the Docker plugin

Answered

Docker integration plugin allows connecting to a remote container through a TCP socket. This is the thing (see "TCP socket -> Engine API URL"):

The problem is, the docs do not specify what this plugin expects in "Certificates folder". For example, I set up TLS certificates for a remote docker daemon according to this manual and connect to the daemon successfully with:

    % docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem

But when I put the same files in one folder and point to this folder in the IDEA settings (screenshot above), it says ""Cannot connect: Channel has disconnected".

So, basically, how do I configure authentication in the Docker plugin such that this plugin can access a remote Docker daemon through a secure 2376 port and TLS?

0
8 comments

This option originally comes from the support of older Docker toolbox - backed installations where the certificates were always put into the single folder (by toolbox).

Regarding the problem, please do the following:

Also I would appreciate some hints on how you have configured the SSL in Docker, probably a link to documentation or relevant manual.

0

Petr,

I used this manual, main part "Create a CA, server and client keys with OpenSSL": https://docs.docker.com/engine/security/https/

Does the Docker plugin support this type of authentication?

0

At firs glance, the plugin is intended to support this, could you please raise an issue and provide a logs,  to see what went wrong.

0
Avatar
Permanently deleted user

After following https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl I get the same problem in Intellij Ultimate Edition.

The Intellij docker plugin tells me: "Cannot connect: com.github.dockerjava.api.exception. DockerClientException: Unsupported protocol scheme found: '[mydockerserverdomain]'. Only 'tcp://' or 'unix://' supported."

 

0

Regarding the original problem ("Channel has disconnected"): https://youtrack.jetbrains.com/issue/IDEA-176357

It says that changing the protocol from "tcp" to "https" (as in "tcp://$HOST:2376" to "https://$HOST:2376") may help.

1
Avatar
Permanently deleted user

Using https://$host:2376 in PhpStorm actually helped! I can successfully connect to our docker hosts!

 

8

If you want to connect to Container Station at your QNAP you also need to change to http://$host:2376 instead of TCP.

The certificate folder contains the files downloaded from your QNAP.

0

Please sign in to leave a comment.