How can I configure the certificates for a TCP connection in the Docker plugin
Docker integration plugin allows connecting to a remote container through a TCP socket. This is the thing (see "TCP socket -> Engine API URL"):

The problem is, the docs do not specify what this plugin expects in "Certificates folder". For example, I set up TLS certificates for a remote docker daemon according to this manual and connect to the daemon successfully with:
% docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem
But when I put the same files in one folder and point to this folder in the IDEA settings (screenshot above), it says ""Cannot connect: Channel has disconnected".
So, basically, how do I configure authentication in the Docker plugin such that this plugin can access a remote Docker daemon through a secure 2376 port and TLS?
Please sign in to leave a comment.
This option originally comes from the support of older Docker toolbox - backed installations where the certificates were always put into the single folder (by toolbox).
Regarding the problem, please do the following:
com.intellij.docker.agent com.github.dockerjavaAlso I would appreciate some hints on how you have configured the SSL in Docker, probably a link to documentation or relevant manual.
Petr,
I used this manual, main part "Create a CA, server and client keys with OpenSSL": https://docs.docker.com/engine/security/https/
Does the Docker plugin support this type of authentication?
At firs glance, the plugin is intended to support this, could you please raise an issue and provide a logs, to see what went wrong.
After following https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl I get the same problem in Intellij Ultimate Edition.
The Intellij docker plugin tells me: "Cannot connect: com.github.dockerjava.api.exception. DockerClientException: Unsupported protocol scheme found: '[mydockerserverdomain]'. Only 'tcp://' or 'unix://' supported."
Please see https://youtrack.jetbrains.com/issue/IDEA-175592.
Regarding the original problem ("Channel has disconnected"): https://youtrack.jetbrains.com/issue/IDEA-176357
It says that changing the protocol from "tcp" to "https" (as in "tcp://$HOST:2376" to "https://$HOST:2376") may help.
Using https://$host:2376 in PhpStorm actually helped! I can successfully connect to our docker hosts!
If you want to connect to Container Station at your QNAP you also need to change to http://$host:2376 instead of TCP.
The certificate folder contains the files downloaded from your QNAP.