我正在尝试访问docker Remote rest api,但我无法访问它。
例如
$ curl -v https://192.168.99.100:2376/images/json
* About to connect() to 192.168.99.100 port 2376 (#0)
* Trying 192.168.99.100...
* Adding handle: conn: 0x7f8cd380fe00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f8cd380fe00) send_pipe: 1, recv_pipe: 0
* Connected to 192.168.99.100 (192.168.99.100) port 2376 (#0)
* SSL certificate problem: Invalid certificate chain
* Closing connection 0
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
$ curl -v http://192.168.99.100:2376/images/json
* About to connect() to 192.168.99.100 port 2376 (#0)
* Trying 192.168.99.100...
* Adding handle: conn: 0x7f9411008c00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7f9411008c00) send_pipe: 1, recv_pipe: 0
* Connected to 192.168.99.100 (192.168.99.100) port 2376 (#0)
> GET /images/json HTTP/1.1
> User-Agent: curl/7.30.0
> Host: 192.168.99.100:2376
> Accept: */*
>
* Connection #0 to host 192.168.99.100 left intact
但是如果我运行 docker 命令,它可以工作:
$docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
subh007/docker_quagga v1 fd482b733697 6 months ago 263.5 MB
我也尝试遵循堆栈帖子的建议,但它对我不起作用,看起来它对boot2docker有效.目前我使用的是mac os X(10.9.4)。
以下是码头工人机器的详细信息:
$ docker-machine env default
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.99.100:2376"
export DOCKER_CERT_PATH="/Users/subh/.docker/machine/machines/default"
export DOCKER_MACHINE_NAME="default"
# Run this command to configure your shell:
# eval "$(docker-machine env default)"
如果我缺少一些理解,请告诉我。
新版本的CURL使用Apple的安全传输API而不是OpenSSL API。使用 P12 格式的证书。试试这个——
cd $DOCKER_CERT_PATH
openssl pkcs12 -export -inkey key.pem -in cert.pem -CAfile ca.pem -chain -name client-side -out cert.p12 -password pass:mypass
curl https://192.168.99.100:2376/images/json --cert $DOCKER_CERT_PATH/cert.p12 --pass mypass --key $DOCKER_CERT_PATH/key.pem --cacert $DOCKER_CERT_PATH/ca.pem