Can I connect via https and with basic auth?

[4n70w4]

            $client = DockerClientFactory::create([
                'remote_socket' => 'https://user:password@dock.localhost',
                'ssl' => true,
            ]);

            self::$docker = Docker::create($client);

    "message": "Unable to find the socket transport \"https\" - did you forget to enable it when you configured PHP?",
    "exception": "Http\\Client\\Socket\\Exception\\ConnectionException",
    "file": "/var/www/app/vendor/php-http/socket-client/src/Client.php",
    "line": 114

php -m | grep openssl

openssl

[JanHolger]

The DockerEngine does not have any basic auth support. The DockerEngine itself doesn't even have a user system so i'm wondering where you even got the credentials from that you tried to use. You can access the DockerEngine API via a local unix socket, http without any auth or using ssl certificates (https).

You can find an explanation on how to configure https here: https://docs.docker.com/engine/security/https/

Then use the following config to create the client:

$context = stream_context_create([
  'ssl' => [
    'cafile' => 'path/to/ca.pem',
    'local_cert' => 'path/to/cert.pem',
    'local_pk' => 'path/to/key.pem',
    'verify_peer' => false,
    'verify_peer_name' => false,
    'allow_self_signed' => true
  ]
]);
$client = DockerClientFactory::create([
  'remote_socket' => 'tcp://dock.localhost:2376',
  'ssl' => true,
  'stream_context' => $context
]);
self::$docker = Docker::create($client);

Hope this helps you (:

[4n70w4]

@JanHolger this is easy to do through any reverse proxy or balancer.
The question about basic authorization is still open. =(

[JanHolger]

Well but this is a library for connecting to the docker engine api, not some unofficial custom proxy you made, that nobody knows how its designed. If you need the library to connect to your custom proxy setup, fork it and implement the auth logic yourself and don't ask this project to do so.

Solution:
When you type "https://user:password@dock.localhost" into your browsers url input, the basic auth part is stripped and converted into an Authorization header. The DockerClientFactory creates a SocketHttpClient that is documented here http://docs.php-http.org/en/latest/clients/socket-client.html and adds some plugins to it. My suggestion would be to take a look at the Authentication plugin (http://docs.php-http.org/en/latest/message/authentication.html), which implements basic auth. Then create the client yourself (to be able to add the plugin) instead of using the create function in DockerClientFactory. Make sure to use tcp for the protocol in "remote_socket". If you did everything correct you should be able to connect to your proxy.

A function that might be working (im not experienced with php-http):

function createClient(array $config = [], PluginClientFactory $pluginClientFactory = null): HttpClient
{
    $messageFactory = new GuzzleMessageFactory();
    $socketClient = new SocketHttpClient($messageFactory, $config);
    $host = $config['remote_socket'];
    $pluginClientFactory = $pluginClientFactory ?? new PluginClientFactory();
    return $pluginClientFactory->createClient($socketClient, [
        new ContentLengthPlugin(),
        new DecoderPlugin(),
        new AddHostPlugin(new Uri($host)),
        new AuthenticationPlugin(new BasicAuth($config['username'], $config['password']))
    ], [
        'client_name' => 'docker-client',
    ]);
}

Usage:

$client = createClient([
    'remote_socket' => 'tcp://dock.localhost',
    'ssl' => true,
    'username' => 'your-username',
    'password' => 'your-password'
]);
self::$docker = Docker::create($client);

Please do the research yourself next time. It didn't took me too long to read the docs of php-http...