如何启用从Windows运行Docker Toolbox（Docker机器）的Docker API访问 [英] How to enable Docker API access from Windows running Docker Toolbox (docker machine)

问题描述

all。

运行最新的Docker Toolbox，使用最新的Oracle VirtualBox，Windows 7作为主机操作系统。

我正在尝试启用非TLS访问Docker远程API，因此我可以使用Windows上运行的Postman REST客户端，并在Docker机器上运行docker API VirtualBox的。我发现，如果Docker配置包括 -H tcp：//0.0.0.0：2375 ，那么这将会使Docker机器端口2375上的API暴露出来，但是我的生活我找不到这个配置存储在哪里并可以更改。

我做了$ code> docker-machine ssh 从Toolbox CLI，然后去&code> /etc/init.d/docker 文件，但没有更改文件生存 docker-machine restart 。

我能够找到Ubuntu和OSX这个问题的答案，但不能为Windows找到答案。 >

谢谢。

解决方案

@CarlosRafaelRamirez提到正确的地方，但我会添加一些细节，并提供更详细的分步说明，因为Windows开发者往往不能流利的Linux生态系统。

免责声明：以下步骤可以从Windows主机点击Docker Remote API，但请记住两个东西：

1. 这不应该在生产中完成，因为它使Docker机器非常安全。


2. 当前解决方案会禁用大部分 docker-machine 和所有 docker CLI功能。 docker-machine ssh 仍然可以运行，迫使一个SSH进入docker机器以访问 docker 命令。

解决方案
现在，以下是将Docker API切换到非TLS端口所需的步骤。 （Docker机器名称假定为默认，如果您的机器名称具有不同的名称，则需要在下面的命令中指定。）

1. 启动Docker快速入门终端。它启动Bash shell，并且是将运行以下所有命令的地方。运行 docker-machine ip 命令，并注意docker主机的IP地址。然后执行


2. docker-machine ssh


3. cd / var / lib / boot2docker


4. sudo vi profile 这将启动vi编辑器，编辑配置文件文件，其中Docker主机设置是。 （如果作为Windows用户，你不熟悉vi，这里是超级基本的崩溃课程，当文件在vi中打开时，vi不处于编辑模式，按i开始编辑模式，现在可以进行更改后，进行所有更改后，点击 Esc 然后 ZZ 保存更改并退出vi。如果您需要退出vi而不保存更改，在 Esc 之后，输入：q！并按Enter。：打开vi的命令模式和q！命令意味着退出而不保存。详细的vi命令信息是 here < a>。）


5. 使用vi，将DOCKER_HOST更改为 DOCKER_HOST =' - H tcp：//0.0.0.0：2375' ，并设置 DOCKER_TLS = no 。保存更改，如上所述。


6. 退出以离开SSH会话。


7. docker-machine restart

在doocker机器重新启动后，您可以点击docker API URL，如 http：// dokerMachineIp：2375 / containers / json？all = 1 ，并获得有效的JSON。

这是实现主要目标所需步骤的 。

但是，如果此时您尝试运行 docker-machine config 或 docker images ，您将看到一条错误消息，指出docker CLI客户端正试图访问Docker通过旧端口/ TLS设置，这是可以理解的。即使在我遵循所有入门之后，我也不期望我路线，并运行 export DOCKER_HOST = tcp：//192.168.99.101：2375 和 export DOCKER_TLS_VERIFY = 0 ，导致

  $ env | grep DOCKER 
 DOCKER_HOST = tcp：//192.168.99.101：2375 
 DOCKER_MACHINE_NAME =默认
 DOCKER_TLS_VERIFY = 0 
 DOCKER_TOOLBOX_INSTALL_PATH = C：\Program Files\Docker Toolbox 
 DOCKER_CERT_PATH = C：\Users\USERNAME\.docker\machine\machines\default 
  

结果是一样的：

  $ docker-machine env 
检查TLS连接时出错：检查和/或再生证书：验证主机192.168.99.101:2376的证书有错误
  

如果您看到我如何更改环境变量以将Docker CLI指向新的Docker主机地址时出现问题，请发表评论。

要解决此问题，请使用 docker-machine ssh 命令，然后运行您的 docker 命令。

all.

Running latest Docker Toolbox, using latest Oracle VirtualBox, with Windows 7 as a host OS.

I am trying to enable non-TLS access to Docker remote API, so I could use Postman REST client running on Windows and hit docker API running on docker-machine in the VirtualBox. I found that if Docker configuration included -H tcp://0.0.0.0:2375, that would do the trick exposing the API on port 2375 of the docker machine, but for the life of me I can't find where this configuration is stored and can be changed.

I did docker-machine ssh from the Toolbox CLI, and then went and pocked around the /etc/init.d/docker file, but no changes to the file survive docker-machine restart.

I was able to find answer to this question for Ubuntu and OSX, but not for Windows.

Thanks.

解决方案

@CarlosRafaelRamirez mentioned the right place, but I will add a few details and provide more detailed, step-by-step instructions, because Windows devs are often not fluent in Linux ecosystem.

Disclaimer: following steps make it possible to hit Docker Remote API from Windows host, but please keep in mind two things:

1. This should not be done in production as it makes Docker machine very not secure.
2. Current solution disables most of the docker-machine and all docker CLI functionality. docker-machine ssh remains operational, forcing one to SSH into docker machine to access docker commands.

Solution Now, here are the steps necessary to switch Docker API to non-TLS port. (Docker machine name is assumed to be "default". If your machine name has a different name, you will need to specify it in the commands below.)

1. Start "Docker Quickstart Terminal". It starts Bash shell and is the place where all following commands will be run. Run docker-machine ip command and note the IP address of the docker host machine. Then do
2. docker-machine ssh
3. cd /var/lib/boot2docker
4. sudo vi profile This starts "vi" editor in elevated privileges mode required for editing "profile" file, where Docker host settings are. (If as a Windows user you are not familiar with vi, here's is super-basic crash course on it. When file is open in the vi, vi is not in editing mode. Press "i" to start edit mode. Now you can make changes. After you made all the changes, hit Esc and then ZZ to save changes and exit vi. If you need to exit vi without saving changes, after Esc please type :q! and hit Enter. ":" turns on vi's command mode, and "q!" command means exit without saving. Detailed vi command info is here.)
5. Using vi, change DOCKER_HOST to be DOCKER_HOST='-H tcp://0.0.0.0:2375', and set DOCKER_TLS=no. Save changes as described above.
6. exit to leave SSH session.
7. docker-machine restart

After doocker machine has restarted, your sould be able to hit docker API URL, like http://dokerMachineIp:2375/containers/json?all=1, and get valid JSON back.

This is the end of steps required to achieve the main goal.

However, if at this point you try to run docker-machine config or docker images, you will see an error message indicating that docker CLI client is trying to get to the Docker through the old port/TLS settings, which is understandable. What was not expected to me though, is that even after I followed all the Getting Started directions, and ran export DOCKER_HOST=tcp://192.168.99.101:2375 and export DOCKER_TLS_VERIFY=0, resulting in

$ env | grep DOCKER
DOCKER_HOST=tcp://192.168.99.101:2375
DOCKER_MACHINE_NAME=default
DOCKER_TLS_VERIFY=0
DOCKER_TOOLBOX_INSTALL_PATH=C:\Program Files\Docker Toolbox
DOCKER_CERT_PATH=C:\Users\USERNAME\.docker\machine\machines\default

the result was the same:

$ docker-machine env
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.101:2376"

If you see a problem with how I changed environment variables to point Docker CLI to the new Docker host address, please comment.

To work around this problem, use docker-machine ssh command and run your docker commands after that.

这篇关于如何启用从Windows运行Docker Toolbox（Docker机器）的Docker API访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！