Skip to content

Apr 30 / Rupak Ganguly

How to run boot2docker without TLS?

Boot2Docker by default exposes the docker daemon securely via TLS, and the following env settings are recommended:

DOCKER_HOST=tcp://192.168.59.103:2376
DOCKER_CERT_PATH=/Users/username/.boot2docker/certs/boot2docker-vm
DOCKER_TLS_VERIFY=1

But, there are situations in development when you want the docker daemon to be exposed insecurely. I know, not the best of idea, but sometimes it is needed.

So here is what you need to do:

$ boot2docker ssh
##         .
## ## ##        ==
## ## ## ## ##    ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~
\______ o           __/
\    \         __/
\____\_______/
_                 _   ____     _            _
| |__   ___   ___ | |_|___ \ __| | ___   ___| | _____ _ __
| '_ \ / _ \ / _ \| __| __) / _` |/ _ \ / __| |/ / _ \ '__|
| |_) | (_) | (_) | |_ / __/ (_| | (_) | (__|   <  __/ |
|_.__/ \___/ \___/ \__|_____\__,_|\___/ \___|_|\_\___|_|
Boot2Docker version 1.6.0, build master : a270c71 - Thu Apr 16 19:50:36 UTC 2015
Docker version 1.6.0, build 4749651
 
## Create this file
docker@boot2docker:~$ sudo vi /var/lib/boot2docker/profile
 
## Add this one line
DOCKER_TLS="no"

Save the file and exit the ssh session.

Now, edit your bashrc/zshrc profile or export the following envs again:

DOCKER_HOST=192.168.59.103:2375
DOCKER_CERT_PATH=/Users/username/.boot2docker/certs/boot2docker-vm
DOCKER_TLS_VERIFY=

Note: The DOCKER_HOST env var now uses port 2375 (default insecure port), and the DOCKER_TLS_VERIFY env var is empty string.

Now, from another host that does not have docker installed, you can point to the insecure docker host like so:

docker run -d -e DOCKER_HOST=192.168.59.103:2375 -p 3000:3000 mycoolimage

Hope you find this useful. Leave your comments or feedback.

Leave a Comment