What does the DOCKER_TLS_VERIFY and DOCKER_CERT_PATH variable do?

Solution 1

As mentioned in the README:

By default, boot2docker runs docker with TLS enabled. It auto-generates certificates and stores them in /home/docker/.docker inside the VM.
The boot2docker up command will copy them to ~/.boot2docker/certs on the host machine once the VM has started, and output the correct values for the DOCKER_CERT_PATH and DOCKER_TLS_VERIFY environment variables.

eval "$(boot2docker shellinit)" will also set them correctly.

We strongly recommend against running Boot2Docker with an unencrypted Docker socket for security reasons, but if you have tools that cannot be easily switched, you can disable it by adding DOCKER_TLS=no to your /var/lib/boot2docker/profile file.

In a more dynamic environment, where the boot2docker ip can change, see issue 944.

Solution 2

Please check below comments for now. I'm not a Go developer but I understand usage from it. To be edited later as it is too Spartan.

from https://github.com/docker/docker/blob/3ea762b9f6ba256cf51bd2c35988f0c48bccf0b0/client/client.go

[...]
// Use DOCKER_HOST to set the url to the docker server.
// Use DOCKER_API_VERSION to set the version of the API to reach, leave empty for latest.
// Use DOCKER_CERT_PATH to load the tls certificates from.
// Use DOCKER_TLS_VERIFY to enable or disable TLS verification, off by default.
func NewEnvClient() (*Client, error) {
    var client *http.Client
    if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); dockerCertPath != "" {
        options := tlsconfig.Options{
            CAFile:             filepath.Join(dockerCertPath, "ca.pem"),
            CertFile:           filepath.Join(dockerCertPath, "cert.pem"),
            KeyFile:            filepath.Join(dockerCertPath, "key.pem"),
            InsecureSkipVerify: os.Getenv("DOCKER_TLS_VERIFY") == "",
[...]

Author by

Aniketh

In my 3+ years software career, I have relevant experience in developing Backend services, REST API's, building Data Infrastructure Pipelines and monitoring tools for services operating in the AWS Cloud Environment Here is the summary of my experience. Expertise in application development and automation right from design phase to deployment in production. My work primarily involved using technologies and frameworks like Java, JavaScript, HTML, CSS SQL, Shell, Spring, Hibernate, Apache Thrift, Hadoop, Oozie, Pig Latin. On the DevOps front I was independently responsible for developing automated test suites and creating a CICD pipeline using Jenkins and Chef for all the applications I have worked on. Knowledgeable of back-end development best practices, with hands-on software troubleshooting experience. Good understanding of data structures and algorithms

Updated on July 20, 2022