• Uncategorised

How to check if docker demon is running on TLS or without it

To check whether the Docker daemon is running over TLS (port 2376) or without TLS on port 2375, you can make an attempt to connect to both ports and see which one is available.

General Approach:

  1. Attempt a Connection to Port 2376 (TLS):
    • If the connection succeeds, the Docker daemon is using TLS (SSL).
    • If the connection fails due to an SSL handshake issue, it’s likely that TLS is not being used.
  2. If TLS Connection Fails, attempt to connect to port 2375 (non-TLS).
  3. Handle errors appropriately depending on the result of the connection.

How to Implement:

You can use HttpClient to test each port and detect whether it’s running with or without TLS.

import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;

public class DockerConnectionChecker {

    private static final String DOCKER_API_URI_TLS = "https://localhost:2376/events";
    private static final String DOCKER_API_URI_NON_TLS = "http://localhost:2375/events";

    public static void main(String[] args) {
        try {
            if (checkDockerTLS()) {
                System.out.println("Docker is running on TLS (port 2376).");
            } else if (checkDockerNonTLS()) {
                System.out.println("Docker is running on non-TLS (port 2375).");
            } else {
                System.out.println("Docker is not running on either port 2376 (TLS) or 2375 (non-TLS).");
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    // Check if Docker is running on TLS (port 2376)
    private static boolean checkDockerTLS() {
        try {
            HttpClient client = HttpClient.newBuilder()
                .sslContext(SSLContext.getDefault())  // Use default SSL context
                .build();
            HttpRequest request = HttpRequest.newBuilder()
                .uri(URI.create(DOCKER_API_URI_TLS))
                .build();
            
            HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
            return response.statusCode() == 200;  // If the response is OK, Docker is on TLS
        } catch (SSLHandshakeException e) {
            // SSL Handshake failure indicates that TLS is not being used
            System.out.println("SSL Handshake failed: Docker is not running on port 2376 with TLS.");
            return false;
        } catch (Exception e) {
            // Other exceptions (e.g., connection refused) also mean TLS is not working
            System.out.println("Error connecting to port 2376: " + e.getMessage());
            return false;
        }
    }

    // Check if Docker is running on non-TLS (port 2375)
    private static boolean checkDockerNonTLS() {
        try {
            HttpClient client = HttpClient.newHttpClient();
            HttpRequest request = HttpRequest.newBuilder()
                .uri(URI.create(DOCKER_API_URI_NON_TLS))
                .build();
            
            HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
            return response.statusCode() == 200;  // If the response is OK, Docker is on non-TLS
        } catch (Exception e) {
            // If connection fails, Docker is not running on 2375 either
            System.out.println("Error connecting to port 2375: " + e.getMessage());
            return false;
        }
    }
}

You may also like...