Docker Community Forums

Share and learn in the Docker community.

Cannot connect to cluster created with swarm mode

(Trondhindenes) #1

I followed the instructions at to setup the first node in my swarm cluster.

Problem is, I’m unable to remotely connect to it. I’m using the same ports as in the example, and the client simply responds with a "malformed HTTP response “\x15\x03\x01\x00\x02\x02” when attempting to connect.

My manager node is configured with ssh password rather than key, so at this point I have no idea where (if it even exists) I can find the key that lets me connect. Am I stupid or are the docs missing something?

(Charlessmith) #2

@trondhindenes , what do you mean you’re unable to remotely connect to the machine? What command are you running and where?

You need to SSH into your manager machine and run docker swarm init locally to the machine.
Also you need to have Docker Engine 1.12 installed on the manager machine.



(Dvohra) #3

Is the Swarm Manager listening for HTTP on address :2375 with tcp protocol?

(Royee Tager) #4


I have the same issue, I’m running 1 manager and 2 workers on EC2 instances.
Which certificate do I need to use in order to connect my client (export DOCKER_CERT_PATH=)
I guess that when I ran the docker swarm init command it created the certificate…

[root@swarm-manger01 ~]# docker version
Version: 1.12.0-rc2
API version: 1.24
Go version: go1.6.2
Git commit: 906eacd
OS/Arch: linux/amd64
Experimental: true

Version: 1.12.0-rc2
API version: 1.24
Go version: go1.6.2
Git commit: 906eacd
OS/Arch: linux/amd64
Experimental: true
[root@swarm-manger01 ~]# docker node ls
0dziu2i0qrzgmpwx2j10m7eyy ip-10-1-11-24.ec2.internal Accepted Ready Active
1ye03pfxm8ncq9qnd0hh2knsa * swarm-manger01 Accepted Ready Active Leader
bd2rog6weod3xylegn0d98y3j ip-10-1-11-23.ec2.internal Accepted Ready Active
[root@swarm-manger01 ~]# netstat -nlp | grep -i docker
tcp 0 0* LISTEN 784/dockerd
tcp6 0 0 :::2377 :::* LISTEN 784/dockerd
udp 0 0* 784/dockerd
unix 2 [ ACC ] STREAM LISTENING 21525 1158/docker-contain /var/run/docker/libcontainerd/docker-containerd.sock
unix 2 [ ACC ] STREAM LISTENING 22935 784/dockerd /var/lib/docker/network/files/a5330a36d1b4aa440e1ad06113e28f88da84418232bd51f622bf1e05b2618805.sock
unix 2 [ ACC ] STREAM LISTENING 23430 784/dockerd /var/lib/docker/swarm/control.sock
unix 2 [ ACC ] STREAM LISTENING 17570 1/systemd /var/run/docker.sock
[root@swarm-manger01 ~]#

royee@Royees-MacBook-Pro-2 ~> export DOCKER_HOST=XX.XXX.XX.XXX:2377
royee@Royees-MacBook-Pro-2 ~> docker version
Version: 1.12.0-rc2
API version: 1.24
Go version: go1.6.2
Git commit: 906eacd
Built: Fri Jun 17 20:35:33 2016
OS/Arch: darwin/amd64
Experimental: true
Get http://XX.XXX.XX.XXX:2377/v1.24/version: malformed HTTP response “\x15\x03\x01\x00\x02\x02”.

  • Are you trying to connect to a TLS-enabled daemon without TLS?

(Charlessmith) #5

@yoreectu you don’t connect directly to the swarm from your client. You run the commands on the manager. In your case swarm-manger01 .

(Royee Tager) #6

@charlessmith what do you mean when you say: “you run the commands on the manager”? Does it mean that I need to ssh my swarm-manger01 and then to run docker commands?
What about exporting the DOCKER_HOST environment variable? Can’t I use it?

(Charlessmith) #7

The TLS for swarm mode is for node to node communication internally to the swarm. You can’t use that to connect from a remote client.

The tutorial is written from the perspective of SSH-ing into the machine and running the commands locally there.

If you want to connect a remote client to the manager node, you would need to set that up the same way as you would before in Docker 1.11.

Jus to be sure I verified with engineering. If docker version is not working between the client and the remote manager, this is not a swarm mode-specific issue.

(Finkes) #8

@charlessmith so this means I have to use my own CA/certificates again to remotely communicate with the cluster? Or is there a simpler way?

(Mdaniels) #9

You can bind the docker daemon running on your swarm manager nodes to a TCP port and communicate with it insecurely via docker -H tcp://x.x.x.x:2375 but is it not recommended for production. For testing it should be ok.

(Jega) #10

I’m try to setup CI & CD for my dev server using, but i could not make it. Getting the below error.

Environment : AWS EC2

OS : Ubuntu 16.

ubuntu@bookeiz:~/swarm$ sudo docker --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=localhost:2377 version 
 Version:      17.03.0-ce
 API version:  1.26
 Go version:   go1.7.5
 Git commit:   3a232c8
 Built:        Tue Feb 28 08:01:32 2017
 OS/Arch:      linux/amd64
error during connect: Get https://localhost:2377/v1.26/version: x509: certificate is valid for swarm-manager, rocu0uma3ty5mqvz3hkbdhdjn, swarm-ca, not localhost

Followed this tutorials

I’m getting the below error

ubuntu@bookeiz:~/swarm$ sudo dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem   -H=
Error starting daemon: pid file found, ensure docker is not running or delete /var/run/