apocas / docker-modem

Docker Remote API network stack driver.
Apache License 2.0
234 stars 112 forks source link

Bug: Port 2376 always defaults to https with no ability to override #121

Open ntziolis opened 4 years ago

ntziolis commented 4 years ago

While it is pretty standard to use TLS when port 2376 it should not be assumed this is a given or at the very least we should be able to override it.

For comparison when using docker from the command line there were no issues when using the same host + port configuration.

When switching docker remote server / vscode extension to use other port it works without issues.

This is the line in question: if (process.env.DOCKER_TLS_VERIFY === '1' || opts.port === '2376')

Options I see are either:

From correctness standpoint the check on port should be removed, but I do understand this might break a lot of peoples setup if they have not properly set the verify flag as officially required when wanting to use TLS.

Referencing the related issue: https://github.com/microsoft/vscode-docker/issues/2164

tarik02 commented 3 years ago

I've spent a lot of time configuring tls for docker (vscode) when I didn't actually need it (local virtual machine and port forwarding). And that's all because I used port 2376 which is always trying to use TLS (while CLI does not). The last time I was trying to setup that dumb thing and it could not connect at all. Just using another port works flawlessly, but everyone is putting port 2376 on the internet without saying that it is recommended to use this port only for TLS, 2375 for unsafe connection...

Idk, add some warning or something like that because people can really be trying to setup that thing when they don't actually need it)...

apocas commented 3 years ago

Interesting. Will look into this.