1

I run IntelliJ-IDEA on Windows10, and I want to use the Docker-Plugin to connect with Docker-Daemon on Ubuntu 19.04 Disco Dingo inside VirtualBox using TCP socket.

I installed Docker properly onto Ubuntu inside VirtualBox.

I created all the needed certificates using the documentated openssl statements.

The certificates are in /root/.docker and I copied them to Windows to C:\DEV\VirtualBox Shared Folder.

The Docker-Daemon is configured within /etc/docker/daemon.jsn:

{
  "debug": true,
  "tlsverify": true,
  "tlscacert": "/root/.docker/ca.pem",
  "tlscert": "/root/.docker/cert.pem",
  "tlskey": "/root/.docker/key.pem",
  "hosts": ["tcp://10.0.2.15:2375"]
}

But from IntelliJ-IDEA I get this: enter image description here The Docker-Daemon logs:

2020-01-21 08:06:38.194975 I | http: TLS handshake error from 10.0.2.2:60917: remote error: tls: unknown certificate

VirtualBox has it's Network Adapter attached to NAT and I use the following Port Forwarding:

Guest-IP 10.0.2.15
Host-IP  192.168.33.1
Protocol TCP
Forward    22 ->   22 (ssh)
Forward  2375 -> 2375 (dockerd)

Here is how I created all the certificates. Using curl I found out that my certificates / chain of thrust is the problem:

openssl genrsa -aes256 -out ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=10.0.2.15" -sha256 -new -key server-key.pem -out server.csr
echo subjectAltName = DNS:10.0.2.15,IP:10.10.10.20,IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf

openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile-client.cnf
rm -v client.csr server.csr extfile.cnf extfile-client.cnf
chmod -v 0400 ca-key.pem key.pem server-key.pem
chmod -v 0444 ca.pem server-cert.pem cert.pem

So what am I missing?

Marco Schmitz
  • 219
  • 4
  • 8
  • Have you enabled more verbose logging for Docker: https://success.docker.com/article/how-do-i-enable-debug-logging-of-the-docker-daemon What is complete content of the log when issue happens? – Andrey Jan 21 '20 at 14:23

0 Answers0