DEV Community

loading...

Docker Desktop + WSL1 + TLS

drproteus profile image Jake Goritski Originally published at jakeg.dev on ・3 min read

NOTE: This applies to WSL1 not WSL2

Setting Up Docker on Windows with WSL (securely)

For WSL2, this is all completely unnecessary. You have a secure connection to the Docker daemon provided you're using the WSL2 backend (switchable in Docker settings).

No Port forwarding is required, and should you run

docker run --rm -p 80:80 nginx
Enter fullscreen mode Exit fullscreen mode

within the WSL2 instance, you can just go to http://localhost to access that nginx instance.

BUT there are many valid reasons to remain on WSL1, so this may still be useful to some.


Since I do a lot of web development, Docker is a must-have tool. This is a simple guide to using Docker on Windows– the supported Hyper-V enabled release. This will not cover the Docker Toolbox, which uses Virtualbox for the base image. The intent of this is to provide a kind-of-not-really native configuration for using the Windows Docker host from the WSL environment.

Since the Docker host is on Windows, some considerations must be made if you intend to mount local volumes in your images. The following steps will reference paths as if this is the desired outcome. The first thing that must be done to facilitate this is configure WSL to mount drives in the root / directory. This is what Docker on Windows normally expects; i.e. to see your Windows home dir as /c/Users/coolguy.

To do this, edit /etc/wsl.conf, creating this file if not present:

$ sudo vim /etc/wsl.conf
Enter fullscreen mode Exit fullscreen mode

With the contents (at least, other options are available):

[automount]
root = /
Enter fullscreen mode Exit fullscreen mode
/etc/wsl.conf

Assuming you're WSL distro is Ubuntu 18.04 , run the following to terminate the process so the next time you run it, it spins up with the new settings:

PS C:\Users\coolguy> wsl -t "Ubuntu-18.04"
Enter fullscreen mode Exit fullscreen mode

THE INSECURE WAY TO CONNECT TO DOCKER HOST

One option is to check this box in the your Docker settings:

Setting Up Docker on Windows with WSL (securely)
Heed the warning!

And then throw the following lines into your .bashrc, .bash_profile, .zshrc, or what-have-you.

export DOCKER_HOST=tcp://127.0.0.1:2375
export DOCKER_TLS_VERIFY=0
Enter fullscreen mode Exit fullscreen mode

THE BETTER WAY, WITH NPIPERELAY

Thanks to John Starks over at MS, we can set up a secure connection to our Docker on Windows host. Enter npiperelay, "[w]ith it, you can use Windows named pipes from the Windows Subsystem for Linux (WSL)."

First, we need Go. We can cross-compile from WSL to a Windows binary, so let's grab it in Ubuntu and go from there. (The following is pretty much lifted wholesale from the repo's README).

$ sudo apt update && sudo apt install golang
Enter fullscreen mode Exit fullscreen mode

Get the Go source and build the npiperelay.exe binary.

$ go get -d github.com/jstarks/npiperelay
$ GOOS=windows go build -o /c/Users/coolguy/go/bin/npiperelay.exe github.com/jstarks/npiperelay
Enter fullscreen mode Exit fullscreen mode

Symlink the new binary to your WSL path. This is just one of many ways to do so:

$ sudo ln -s /c/Users/coolguy/go/bin/npiperelay.exe /usr/local/bin/npiperelay.exe
Enter fullscreen mode Exit fullscreen mode

Now we we need to write a script to facilitate the Docker engine connection. First, install socat.

$ sudo apt install socat
Enter fullscreen mode Exit fullscreen mode

Create a script to run the relay:

$ vim docker-relay.sh

Enter fullscreen mode Exit fullscreen mode

with contents,

#!/bin/sh

exec socat UNIX-LISTEN:/var/run/docker.sock,fork,group=docker,umask=007 EXEC:"npiperelay.exe -ep -s //./pipe/docker_engine",nofork
Enter fullscreen mode Exit fullscreen mode

And give it executable permissions,

$ chmod +x docker-relay.sh
Enter fullscreen mode Exit fullscreen mode

RUNNING THE RELAY

# Trailing & to throw the process it in the background.
$ sudo ./docker-relay.sh &
Enter fullscreen mode Exit fullscreen mode

No modifications have to be made to the default docker config on the WSL side, so let's just verify we're able to talk to it:

$ docker info
Enter fullscreen mode Exit fullscreen mode

Which should present the same output as if you ran the command from a PS or CMD prompt.


Volumes

For mounted volumes, you won't be able to mount a path within WSL. You can mount directories within Windows. For example,

PS C:\Users\coolguy> cat .\testdir\test.txt
Hello, Docker!
Enter fullscreen mode Exit fullscreen mode
Powershell showing the contents of a test file.
$ docker run -v /c/Users/coolguy/testdir:/mnt/test -it ubuntu
root@950d87d611ea:/# cat /mnt/test/test.txt
Hello, Docker!
Enter fullscreen mode Exit fullscreen mode
Running docker from within WSL, mounting the testdir with test file.

Discussion (0)

pic
Editor guide