Chewing_Bever
/
bever-dam
Archived
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Activity

Removed some faulty information
continuous-integration/drone the build was successful Details

master
Jef Roosens 2021-05-17 10:44:57 +02:00
parent 2cb6d2686c
commit 87c5b2eca9
Signed by: Jef Roosens
GPG Key ID: B580B976584B5F30
3 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
content/posts/docker-tcp.md
View File

@ -61,9 +61,10 @@ openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=<HOST>" -sha256 -new -key server-key.pem -out server.csr
```
In the above snippet, replace `<HOST>` with the hostname (output of the
`hostname` command) of the machine who's API you want to expose. Now we've
created `server-key.pem` and `server.csr`.
In the above snippet, replace `<HOST>` with the hostname of the machine who's
API you want to expose. With hostname, I mean the domain from which your server
is accessible, e.g. `server.example.com`. Now we've created `server-key.pem`
and `server.csr`.
After this, we need to create a file named `extfile.cnf` with the
following content:
@ -73,7 +74,7 @@ subjectAltName = DNS:<HOST>,IP:<IP>,IP:127.0.0.1 >> extfile.cnf
extendedKeyUsage = serverAuth
```
Here, we once again replace `<HOST>` with the machine's hostname, and `<IP>`
Here, we once again replace `<HOST>` with the machine's domain name, and `<IP>`
with the machine's public IP.
This file can now be used to generate the actual signed certificate:
@ -125,12 +126,12 @@ directory.
We're gonna be creating a system config file for the Docker service (this guide
assumes the use of `systemd`). In
`/etc/systemd/docker.service.d/startup_options.conf`, put the following:
`/etc/systemd/system/docker.service.d/startup_options.conf`, put the following:
```shell
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --tlsverify --tlscacert='<DIR>/ca.pem' --tlscert='<DIR>/server-cert.pem' --tlskey='<DIR>/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376
ExecStart=/usr/sbin/dockerd --tlsverify --tlscacert='<DIR>/ca.pem' --tlscert='<DIR>/server-cert.pem' --tlskey='<DIR>/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376
```
Don't forget the replace `<PATH>` with the path to your actual directory.

0
static/.gitkeep
View File

6
static/scripts/docker-tcp.sh
View File

@ -16,7 +16,7 @@ Docker API.
Usage: $0 [-h] [-d DAYS] HOST IP [CERTDIR]
HOST hostname of the machine to expose
HOST domain name where your machine is accessible
IP public IP of the machine to expose
CERTDIR directory where the certificates will reside on the machine. If
specified, a startup_options.conf file is created for you, which
@ -118,11 +118,11 @@ if [ -n "$certdir" ]; then
cat > startup_options.conf << EOF
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --tlsverify --tlscacert='$certdir/ca.pem' --tlscert='$certdir/server-cert.pem' --tlskey='$certdir/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376
ExecStart=/usr/sbin/dockerd --tlsverify --tlscacert='$certdir/ca.pem' --tlscert='$certdir/server-cert.pem' --tlskey='$certdir/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376
EOF
echo "Copy 'ca.pem', 'server-cert.pem' and 'server-key.pem' over to '$certdir' on the machine."
echo "'startup_options.conf' should be placed in '/etc/systemd/docker.service.d/startup_options.conf'."
echo "'startup_options.conf' should be placed in '/etc/systemd/system/docker.service.d/startup_options.conf'."
else
echo "Copy 'ca.pem', 'server-cert.pem' and 'server-key.pem' over to the chosen directory on the machine."