Machine: docker-machine create node without tls verification

It's not currently possible today. I have been pretty hesitant to add the feature due to fear that users who aren't aware of the consequences might use it and put themselves (unnecessarily) at risk. Even on local instances, it's dangerous, due to the possibility of remote code execution via a browser attack (e.g. $.get('192.168.99.100:2375/containers/json'))

Maybe it would be OK if we put it behind a flag that specifically calls out its insecure nature, e.g. --engine-insecure.

@nathanleclaire Ok, i get it.If i can't create a machine without tls verification,then how can i create a swarm node when i have created the machine in virtualbox. At present, i only know create a swarm node when i am creating the machine.
For example:
docker-machine create \
-d virtualbox \
--swarm --swarm-master \
--swarm-discovery="consul://$(docker-machine ip discovery):8500" \
--engine-opt="cluster-store=consul://$(docker-machine ip discovery):8500" \
--engine-opt="cluster-advertise=eth1:2376" \
node
the docker swarm for a production does not give a certain solution for how to create a swarm node with tls verification when i have created the machine in virtualbox.
i only get that:
https://docs.docker.com/swarm/install-manual/
and in this article
https://docs.docker.com/swarm/configure-tls/
i can't get the information how to create tls swarm node in virtualbox.
i am new to docker machine, and confused with this problem, pls help me.

@LionHeartFXCX Do you just want to run a Swarm manager and/or join container without having to use the Machine flags?

@nathanleclaire yes. i want to run a swarm manager/node on the discovery node. But what i can do now is to create a swarm manager/node container by creating the machine. So, the discovery container and the swarm container is on two different machines. i don't know how to run a swarm manager/node container when i have created the machine(i have tried many times,but failed because of the tls verification).

I am trying to run some integration tests of Java software using docker+ovrcast and I run onto following problem under docker for windows:

1. I can't turn off TLS - it would be the easiest way, overcast works nice on plan HTTP connection.
2. I can't turn off TLS client authentication - it is more complicated to do, but possible to add apropriate certificates to Java so it could connect via HTTPS, but there is a problem that docker want's client certificate, which I cannot pass.
3. I can't get woring any socast solution - there are two solutions that make a kind of proxy via plane http to docker socket, but both of them are not working.

Generally it would be nice to have some option to turno off all TLS, because for some special purposes like integration testing it's safe enough. And if somebody gets hurt? Well, when changing default settings RTFM would be great answer for them. So I belive it is perfectly safe to add such feature.

Is there any workaround I could use under windows to connect without TLS or at least without client certificate validation?

My thought on this iissue from back in the days of SunOS.

"Anything that prevents me from doing something stupid prevents me from doing something clever"

We must protect our users by default.

If you are willing to take the risks of disabling TLS, you should be knowledgable enough to SSH into the VM and change the settings yourself.

@nathanleclaire : would disabling it manually keep the machine compatible with further docker-machine commands? For instance after upgrade or provision commands it might enable tls again I think. You were also mentioning a possible flag, would you accept an --engine-insecure-connection flag to disable tls?

I'm interested in disabling it for a local dev machine as the IP changes occasionally and I have to regenerate certs each time.

local machine +1