New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http: server gave HTTP response to HTTPS client #2442

Closed
pvsvamsi opened this Issue Nov 7, 2017 · 4 comments

Comments

Projects
None yet
4 participants
@pvsvamsi

pvsvamsi commented Nov 7, 2017

Description
I am trying to setup docker machine across multiple hosts, in an insecure way. I have followed the official configuration guide for local registry and created a daemon.json placed in /etc/docker/daemon.json. When I try to connect to the remote docker daemon, I'm getting this error :

Unable to query docker version: Get https://10.xxx.xxx.xxx:2376/v1.15/version: http: server gave HTTP response to HTTPS client

I tried the same get request in the browser using http instead of https and got this response

{"Version":"17.09.0-ce","ApiVersion":"1.32","MinAPIVersion":"1.12","GitCommit":"afdb6d4","GoVersion":"go1.8.3","Os":"linux","Arch":"amd64","KernelVersion":"3.10.0-514.16.1.el7.x86_64","BuildTime":"2017-09-26T22:42:49.000000000+00:00"}

my /etc/docker/daemon.json is

{
"insecure-registries": ["10.xxx.xxx.xxx:2376"]
}

Command

I'm registering the existing remote docker daemon on my host using this command

docker-machine create --driver none --url=tcp://10.xxx.xxx.xxx:2376 myRemoteDaemon

Error:

docker-machine env myRemoteDaemon

When I run this command on my host machine, it was throwing this error

Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "10.xxx.xxx.xxx:2376": tls: oversized record received with length 20527

And the command "docker-machine ls" is giving

NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS

myRemoteDaemon - none Running tcp://10.xxx.xxx.xxx:2376 Unknown Unable to query docker version: Get https://10.xxx.xxx.xxx:2376/v1.15/version: http: server gave HTTP response to HTTPS client

docker info :

Containers: 9
Running: 0
Paused: 0
Stopped: 9
Images: 49
Server Version: 17.09.0-ce
Storage Driver: overlay
Backing Filesystem: xfs
Supports d_type: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-514.16.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.51GiB
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
10.xxx.xxx.xxx:2376
127.0.0.0/8
Live Restore Enabled: false

Edit : I'm aware of this issue. But that didn't fix my issue.

@bradfigler

This comment has been minimized.

Show comment
Hide comment
@bradfigler

bradfigler Nov 17, 2017

I ran in to this same exact problem. However, I was able to get around it by using a fqdn versus the direct IP address. Here is what I have in /etc/docker/daemon.json:
{ "insecure-registries":["dockerreg.mydomain.net:5000"] }

We have a bunch of scripts to setup our docker environment and when we are calling docker pull, the above FQDN was getting resolved so docker pull looked like:
docker pull 192.168.10.10:5000/path/to/image

I updated the script to put the matching fqdn in and it worked.... not sure why docker cares, but it solved my problem...

bradfigler commented Nov 17, 2017

I ran in to this same exact problem. However, I was able to get around it by using a fqdn versus the direct IP address. Here is what I have in /etc/docker/daemon.json:
{ "insecure-registries":["dockerreg.mydomain.net:5000"] }

We have a bunch of scripts to setup our docker environment and when we are calling docker pull, the above FQDN was getting resolved so docker pull looked like:
docker pull 192.168.10.10:5000/path/to/image

I updated the script to put the matching fqdn in and it worked.... not sure why docker cares, but it solved my problem...

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Nov 17, 2017

Member

The error in this case looks to be that the Docker API is running on non-TLS, but listening on port 2376 (which is the TLS port).

When setting up a machine with docker-machine, it'll generate and configure certificates to have a secure connection with the daemon (remote API); possibly you changed the daemon configuration and removed the part that configures TLS for the API

Member

thaJeztah commented Nov 17, 2017

The error in this case looks to be that the Docker API is running on non-TLS, but listening on port 2376 (which is the TLS port).

When setting up a machine with docker-machine, it'll generate and configure certificates to have a secure connection with the daemon (remote API); possibly you changed the daemon configuration and removed the part that configures TLS for the API

@thaJeztah

This comment has been minimized.

Show comment
Hide comment
@thaJeztah

thaJeztah Nov 17, 2017

Member

Please keep in mind that the GitHub issue tracker is not intended as a general support forum,
but for reporting bugs and feature requests. For other type of questions, consider using one of;

I'm closing this issue because this is not a bug, but feel free to continue the conversation

Member

thaJeztah commented Nov 17, 2017

Please keep in mind that the GitHub issue tracker is not intended as a general support forum,
but for reporting bugs and feature requests. For other type of questions, consider using one of;

I'm closing this issue because this is not a bug, but feel free to continue the conversation

@thaJeztah thaJeztah closed this Nov 17, 2017

@sujeetkp

This comment has been minimized.

Show comment
Hide comment
@sujeetkp

sujeetkp Nov 25, 2017

hi pvsvamsi,

Did you get the solution for this. I am getting the same error even after adding the fqdn.
Could you please help.

Regards,
sujeet

sujeetkp commented Nov 25, 2017

hi pvsvamsi,

Did you get the solution for this. I am getting the same error even after adding the fqdn.
Could you please help.

Regards,
sujeet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment