Docker Community Forums

Share and learn in the Docker community.

How to disable Docker API TLS


(Danielfrancora) #1

Hello all,
We have in our development environment a swarm cluster with 8 nodes, as follow:

  • 4 linux manager runing CentOS and version 18.03.1-ce, build 9ee9f40
  • 4 windows nodes running Server Core 1803 with version 17.06.2-ee-12, build fb5da67

We are expecting some issues with Portainer and we need to perform some tests, like from one linux manager start a stack with -H flag pointing to a windows node, but we can’t do this because we get TLS error:

[root@host centralservicos]# docker -H 10.10.10.191:2377 stack deploy -c docker-compose.yml centralservicos
Get http://10.10.10.191:2377/v1.37/info: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02".
* Are you trying to connect to a TLS-enabled daemon without TLS?

Where host is a linux manager and the IP address is a windows node.

All the nodes are add to our domain, but that is not enought to verify the authentication.

There is a way to diable the TLS? I take a look at https://docs.docker.com/engine/security/https/ and only explain how to enable it (and only for linux purpose).

Besides that, we have our CA certificate generated from our Domain Controller, but I realy dont know what to do with it.

Anyone can help? I’ll be glad.


(David Maze) #2

I’m pretty sure you don’t actually want to open an unsecured TCP port running a service that gives unrestricted root access to its host. (Consider what’s possible via DOCKER_HOST=tcp://10.20.30.40:2375 docker run -it -v /:/host ubuntu bash.)

The error you’re getting is a client error (your local docker command is speaking plain HTTP but the daemon is sending a TLS-encrypted greeting); the page you site suggests setting an environment variable DOCKER_TLS_VERIFY=1 and/or using a --tlsverify command-line option.


(Danielfrancora) #3

Hello David, thx for you help.

Yes, I want to disable and open the TCP port. I don’t know how to generate the certificates on both linux and windows, even how to use them. So I want to disable the TLS, make the test I need to do and enable the security again.

This topic can be closed. I can’t put to work windows managers and linux manager with TLS enable to work over TCP. I will continue using Portainer to deploy stacks on linux and do it manually on windows.

Thx for the help.