History

Ventilaar f5e33ee9eb add docker-mutual-tls generator script		2024-01-16 16:05:00 +01:00
..
README.md	add docker-mutual-tls generator script	2024-01-16 16:05:00 +01:00
gen_mutual_tls.sh	add docker-mutual-tls generator script	2024-01-16 16:05:00 +01:00

README.md

Docker Mutual TLS

This script generates a linked mutual TLS keys and certificates

Usage

Run the script and give the fqdn of the host you are setting up. Then the script will leave 4 files. server-key.pem server-cert.pem client-key.pem client-cert.pem. The other files are automatically cleaned up

Requirements

Bash and openssl

Install

First of all make sure that systemd is not hijacking the commandline options, if so on Debian the system service is at /usr/lib/systemd/system/docker.service and remove the commandline options which are overridden in the configuration file below.
Copy the configuration of the codeblock below to /etc/docker/daemon.json
Install the certificates in the correct locations
restart the systemd service (all containers will be restarted as well!!!)

{
  "hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2376"],
  "tls": true,
  "tlscacert": "/etc/docker/ca.pem",
  "tlscert": "/etc/docker/server-cert.pem",
  "tlskey": "/etc/docker/server-key.pem",
  "tlsverify": true
}