f5e33ee9eb | ||
---|---|---|
.. | ||
README.md | ||
gen_mutual_tls.sh |
README.md
Docker Mutual TLS
This script generates a linked mutual TLS keys and certificates
Usage
Run the script and give the fqdn of the host you are setting up. Then the script will leave 4 files. server-key.pem server-cert.pem client-key.pem client-cert.pem. The other files are automatically cleaned up
Requirements
Bash and openssl
Install
- First of all make sure that systemd is not hijacking the commandline options, if so on Debian the system service is at /usr/lib/systemd/system/docker.service and remove the commandline options which are overridden in the configuration file below.
- Copy the configuration of the codeblock below to /etc/docker/daemon.json
- Install the certificates in the correct locations
- restart the systemd service (all containers will be restarted as well!!!)
{
"hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2376"],
"tls": true,
"tlscacert": "/etc/docker/ca.pem",
"tlscert": "/etc/docker/server-cert.pem",
"tlskey": "/etc/docker/server-key.pem",
"tlsverify": true
}