Bluemix docker documentation update

Sunday night I commented on the Bluemix document site that the instructions did not work for the windows installed version of boot2docker.

Only yesterday I posted the following image taken from the site last Friday night


and commented how it didn’t work and I had to use curl.

I found this, this evening….


How cool is that – I have no idea if my comments/blog post was the reason for the change, but it certainly can’t have hurt.

If you see something wrong, do the right thing and report it and get it fixed for other people 🙂

It also goes to show that a program in BETA is going to undergo some refining – that is kinda the point of being in BETA. I am very impressed at the response time for the changes and I can only hope that the final version is better than what I had to go through.


The other thing of course is that yesterday’s blog is now total rubbish (facepalm)

Bluemix and docker BETA installation (part 1)

*** UPDATE***

I guess I should have seen this coming, but it is a good thing – the Bluemix docker documentation has been updated since this post was published. It is still worth reading to learn a few things about docker – but the referenced documentation site does not look like it is detailed in this post (less than 24 hours later!!)


Currently access to containers within Bluemix is at BETA (May 2015) and you have to request access to get to it. I am writing this for my own sanity and documentation…….

The instructions for installation are here

Having had to figure out how to give my boot2docker access to the internet to download files for Step 1, Step 2 was no easier…

Step 2





Well when I tried that I got this……


So having a quick Google and some Toby I found this link about using curl instead of wget

 wget vs curl: How to Download Files Using wget and curl

Using curl -O instead of wget it works


Step 3

  1. Install Python Setuptools, see Installing and Using Setuptools.

Install says do this – curl -o – | python

and that bombed


Do this instead

curl -O

sudo python


Step 4

Abandon all faith ye who enter…..ok what next

docker@boot2docker:~$ wget cf.tgz -L -O
docker@boot2docker:~$ sudo tar -zxvf cf.tgz -C /usr/bin/

well that didn’t work as we have already seen – try I tried this instead and this failed as well

curl cf.tgz -O

I tried to download the file ( ) with chrome dev tools open and I saw this URL –

so I tried this – and it worked

then this failed – sudo tar -zxvf cf.tgz -C /usr/bin/ because the name of the file is really cf-linux-386.tgz

so do this

  • sudo tar -zxvf cf-linux-386.tgz -C /usr/bin/

Step 5

Set the following variable: DOCKER_TLS_VERIFY=1

Note: If you are using Boot2docker, set the variable in your Boot2docker VM.”


So I checked the docker git site… which states clearly…


I also saw to run boot2docker up and oooooo look at that export !!!



So do that (I wonder what the other two do – that might be helpful later)

  • export DOCKER_TLS_VERIFY=1

“You are ready to install the IBM Containers Extension.”


Steps 1 – 5 and none of them worked as per the instructions. I have done my part and commented on the post stating as such, but wow !!!

You can’t make this up…..more as soon as I can figure it out….or not !

I did learn a bunch about curl, boot2docker, oracle VirtualBox so not a total waste



Setting Port forwarding for boot2docker to access the internet

If you have followed the instructions on how to install boot2docker on windows you will discover that the docker VM may not able to talk to the outside world by default.


To correct this you have to add port forwarding from the docker VM to the HOST. This is accomplished by the following

Run the newly installed Oracle Virtual box on your window machine


Select Settings


Network > Port Forwarding


Add the docker port (2375) so that it can talk out through the host (windows) machine

With this in place you must close boot2docker and restart the VM.


After that you can restart boot2docker and you should be able to ping the outside world





Creating a sample Hybrid Bluemix environment

In this article I will demonstrate how to create a sample Hybrid app running in IBM Bluemix but getting data from behind a company firewall.


A couple of years ago the prevailing message from vendors was “move to the cloud !!!”. The thing the vendors found though, was that the companies do not necessarily want to move their “data” to the cloud. It is either too complicated, expensive, unnecessary or they just do not flat out trust their data to the cloud. All that said though they are interested in the ability to securely expose their data to the outside world without exposing any of their internal systems. This has been achieved for years using a DMZ style firewall architecture which exposes only the web server but not the database server to the outside world.

In the Cloud world this concept is called a Hybrid model – cloud app, on premises data. In this article I want to show one way which IBM has approached this in Bluemix.


I wish I had listened to Ryan Baxter, last year at MWLUG 2014. I heard him talk about this concept and I serious thought to myself – who would want to do that. Being ahead of your time, happens to the best of us. Anyway you can see how Ryan set up his environment at that time using Cast Iron here. This is an excellent video and gives a nice overview of cast iron – that said, it is not the way I am going to do it and not the way IBM wants you to do it any more. So enjoy but come back….

I found most of the information I am going to write about today in this video…

(For more information on getting started with your first Bluemix application check out this NotesIn9 video)

So Bluemix

Within my Bluemix application I created a simple node application (xominoKnox) and then added the “Secure Gateway” Service.








I then created a Jazz Hub Git site and then cloned the repository locally (See this post for more information on that)

Creating the secure gateway

So the way that the gateway works is this:

  1. Create and configure the Bluemix end of the gateway
  2. Install the gateway code on the machine within the firewall
  3. Open the connection from inside the firewall
  4. Configure the connection to access data behind the firewall
  5. Use the connection

So let’s go through those steps one by one and explain what is going on.

1. Create and configure the Bluemix end of the gateway

Click on the Secure Gateway Service from within your Dashboard app view and you will see the configuration screen to create your first Gateway



Click Add Gateway and then you will be prompted to name your Gateway connection


Click Connect it and you will then be presented with the status screen – Not Connected



2. Install the gateway code on the machine within the firewall

The computer that you install the gateway on, inside your firewall, does not have to be the destination machine, it does however have to have access to the destination machine. Currently (April 2015) you will need to install a docker container on the machine and then inside of that the bluemix-secure-gateway can be installed. For those people without docker already, go here to get it installed.

NOTE FOR WINDOWS USERS: I had serious issues getting this installed due to the Oracle Virtual Box which has to be installed along with it. If you find that the Virtual box does not install – use this regedit hack to fix it.

This fixed it for me. Follow these step by step:

  1. Uninstall Virtualbox
  2. Uninstall Any Virtual Box Network Adaptors from Device Manager
  3. Go into the registry at: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network
  4. Change “MaxFilters” from 8 to 20 (decimal)”
  5. Reboot your PC
  6. Install VirtualBox 4.3.X (Run as Administrator)

3. Open the connection from inside the firewall

Once you have docker installed and running (Boot2Docker for windows), copy the commend below into your docker window and run it.



You will see the Connected message appear on your Secure Gateway dashboard and the tunnel connected message in the docker window.


The gateway is set up and a secure tunnel from Bluemix to my laptop (behind my office firewall) is set up.

To be clear at this point the outside world cannot access the Copper/xomino server running on my laptop from the outside world. It is just running on my laptop as normal within my development environment.

4. Configure the connection to access data behind the firewall

Next we have to create a destination (behind the firewall). Understand that the docker window is by default bridged and therefore does not know that it is running on my local computer ( IP address  I have given Bluemix is the IP address of the laptop on my network.




As you can see from the image above a Cloud Host and port has been assigned. If you do this a number of times you will see that the port changes.

You will also note that I chose not to use No TLS in the connection. This means that this is NOT PRODUCTION ready. We really need to secure this so that only my application can call that URL. More on that later – but for the  sake of this article/demo I am leaving it simple.

5. Use the connection

If we connect to the URL shown in the image above we can see a Domino server !!!



If we go to a specific page on that server we see this. Not much to look at I grant you, more on that in a later article.


But if we go to the gateway path – and add the “/xomino/ainx.nsf/testForm?readform” to the end of the URL – we get the exact same thing, from the exact same server, just displayed in a cloud app.


And that is very cool! Especially as it only took about 3 hours to figure this out 🙂


As we have seen in this article, it is relatively simple to set up a secure connection from a computer behind a firewall, and Bluemix. The example show it not yet fully secure though as anyone could call the URL and get web page from my server.

In a future article we will look at securing the connection and what else we are able to do with it.