Compose: docker-compose ERROR: SSL error: hostname 'xx.xx.xx.xx' doesn't match 'localhost'

Created on 20 Nov 2015 · 5Comments · Source: docker/compose

Hi, I'm trying to use docker-compose version 1.5.1 with docker-machine. My system is Ubuntu 14.04 and the remote system is a RHEL 7.1 system. When i try docker-compose ps, I get this error:

docker-compose ps
ERROR: SSL error: hostname '16.xx.xx.xx' doesn't match 'localhost'

The --verbose log output looks like this:

compose.config.config.find: Using configuration files: ./docker-compose.yml
docker.auth.auth.load_config: Trying /home/eraigosa/.docker/config.json
docker.auth.auth.load_config: Found 'auths' section
docker.auth.auth.parse_auth: Found entry (registry=u'xxxxx', username=u'xxxxx')
docker.auth.auth.parse_auth: Found entry (registry=u'xx.xxx:443', username=u'xxxx')
Traceback (most recent call last):
  File "<string>", line 3, in <module>
  File "/code/compose/cli/main.py", line 54, in main
  File "/code/compose/cli/docopt_command.py", line 23, in sys_dispatch
  File "/code/compose/cli/docopt_command.py", line 26, in dispatch
  File "/code/compose/cli/main.py", line 169, in perform_command
  File "/code/compose/cli/command.py", line 54, in project_from_options
  File "/code/compose/cli/command.py", line 91, in get_project
  File "/code/compose/cli/command.py", line 73, in get_client
  File "/code/.tox/py27/lib/python2.7/site-packages/docker/api/daemon.py", line 78, in version
  File "/code/.tox/py27/lib/python2.7/site-packages/docker/client.py", line 110, in _get
  File "/code/.tox/py27/lib/python2.7/site-packages/requests/sessions.py", line 477, in get
  File "/code/.tox/py27/lib/python2.7/site-packages/requests/sessions.py", line 465, in request
  File "/code/.tox/py27/lib/python2.7/site-packages/requests/sessions.py", line 573, in send
  File "/code/.tox/py27/lib/python2.7/site-packages/requests/adapters.py", line 431, in send
requests.exceptions.SSLError: hostname '16.xx.xx.xx' doesn't match 'localhost'

I saw another issue in the list about updating openssl, but that didn't work for me. Also the workarounds looked specific to OSX. Any ideas?

Source

wenlock

Most helpful comment

On Linux, if you installed docker compose with pip, uninstall it with:
pip uninstall docker-compose
and try to install it manually. This worked for me:

curl -L https://github.com/docker/compose/releases/download/1.8.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

If you have permission problems then you most probably cannot write to /usr/local/bin/docker-compose. --> Try with "sudo su".

Here the reference: https://docs.docker.com/compose/install/

enjoy! :-)

patanric on 15 Aug 2016

👍7

All 5 comments

I think this has to do with the environment variables that are being created by machine. You can check the current settings with env | grep DOCKER.

Compose supports these: http://docs.docker.com/compose/reference/overview/#docker-host

I think you might see this error if you have DOCKER_HOST set to the 16.x.x.x host, but DOCKER_CERT_PATH set to a path for a different host (where the certs were for a localhost hostname). Or vice versa.

You can check the expected settings for a machine with docker-machine env <name>.

If they match, maybe try recreating the machine and rerunning the eval $(docker-machine env <name>) ?

dnephin on 20 Nov 2015

I have the same problem, as of today. No idea what changed since it last worked i.e. before the weekend (AFAIK nothing)

$ docker-machine ls
NAME    ACTIVE   DRIVER       STATE     URL                         SWARM
work   *        virtualbox   Running   tcp://192.168.99.100:2376
dev     -        virtualbox   Running   tcp://192.168.99.101:2376
$ env | grep DOCKER
DOCKER_HOST=tcp://192.168.99.100:2376
DOCKER_MACHINE_NAME=work
DOCKER_TLS_VERIFY=1
DOCKER_CERT_PATH=/Users/anentropic/.docker/machine/machines/work
$ docker-compose ps
ERROR: SSL error: hostname '192.168.99.100' doesn't match 'localhost'

doing the docker-machine eval doesn't help (and appears already set correctly)

I'm on OSX and:

$ docker-compose version
docker-compose version: 1.5.0
docker-py version: 1.5.0
CPython version: 2.7.9
OpenSSL version: OpenSSL 1.0.1j 15 Oct 2014

anentropic on 23 Nov 2015

ahem... in my case the answer was stupidly my fault... I forgot I had Charles proxy running (!)

anentropic on 23 Nov 2015

👍6

@dnephin thanks so much for that awesome clue. That got my problem solved. For clarity this is how I was able to test and validate what was going on.

I had to update my /etc/hosts file to map the machine name to the ip address of the remote host. (Only good for testing on a local system but i imagine the same works for dns).
I regenerated the certs on for my target host:

docker-machine regenerate-certs docker-node1
Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Detecting the provisioner...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...

for the plugin I was using (HPE OneView), i updated the public name to reflect the same machine name, so I would get a name vs ip address. This fixed docker-machine env output.

Now docker-compose works, no problem because the certs match the names from env and host lookup.

Thanks!

wenlock on 25 Nov 2015

👍1

On Linux, if you installed docker compose with pip, uninstall it with:
pip uninstall docker-compose
and try to install it manually. This worked for me:

curl -L https://github.com/docker/compose/releases/download/1.8.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

If you have permission problems then you most probably cannot write to /usr/local/bin/docker-compose. --> Try with "sudo su".

Here the reference: https://docs.docker.com/compose/install/

enjoy! :-)

patanric on 15 Aug 2016

👍7

Was this page helpful?

0 / 5 - 0 ratings