diff --git a/content/posts/docker-tcp.md b/content/posts/docker-tcp.md index 4608cc7..1270288 100644 --- a/content/posts/docker-tcp.md +++ b/content/posts/docker-tcp.md @@ -61,9 +61,10 @@ openssl genrsa -out server-key.pem 4096 openssl req -subj "/CN=" -sha256 -new -key server-key.pem -out server.csr ``` -In the above snippet, replace `` with the hostname (output of the -`hostname` command) of the machine who's API you want to expose. Now we've -created `server-key.pem` and `server.csr`. +In the above snippet, replace `` with the hostname of the machine who's +API you want to expose. With hostname, I mean the domain from which your server +is accessible, e.g. `server.example.com`. Now we've created `server-key.pem` +and `server.csr`. After this, we need to create a file named `extfile.cnf` with the following content: @@ -73,7 +74,7 @@ subjectAltName = DNS:,IP:,IP:127.0.0.1 >> extfile.cnf extendedKeyUsage = serverAuth ``` -Here, we once again replace `` with the machine's hostname, and `` +Here, we once again replace `` with the machine's domain name, and `` with the machine's public IP. This file can now be used to generate the actual signed certificate: @@ -125,12 +126,12 @@ directory. We're gonna be creating a system config file for the Docker service (this guide assumes the use of `systemd`). In -`/etc/systemd/docker.service.d/startup_options.conf`, put the following: +`/etc/systemd/system/docker.service.d/startup_options.conf`, put the following: ```shell [Service] ExecStart= -ExecStart=/usr/bin/dockerd --tlsverify --tlscacert='/ca.pem' --tlscert='/server-cert.pem' --tlskey='/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376 +ExecStart=/usr/sbin/dockerd --tlsverify --tlscacert='/ca.pem' --tlscert='/server-cert.pem' --tlskey='/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376 ``` Don't forget the replace `` with the path to your actual directory. diff --git a/static/.gitkeep b/static/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/static/scripts/docker-tcp.sh b/static/scripts/docker-tcp.sh index 0b7c6e4..5e74ca9 100755 --- a/static/scripts/docker-tcp.sh +++ b/static/scripts/docker-tcp.sh @@ -16,7 +16,7 @@ Docker API. Usage: $0 [-h] [-d DAYS] HOST IP [CERTDIR] - HOST hostname of the machine to expose + HOST domain name where your machine is accessible IP public IP of the machine to expose CERTDIR directory where the certificates will reside on the machine. If specified, a startup_options.conf file is created for you, which @@ -118,11 +118,11 @@ if [ -n "$certdir" ]; then cat > startup_options.conf << EOF [Service] ExecStart= -ExecStart=/usr/bin/dockerd --tlsverify --tlscacert='$certdir/ca.pem' --tlscert='$certdir/server-cert.pem' --tlskey='$certdir/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376 +ExecStart=/usr/sbin/dockerd --tlsverify --tlscacert='$certdir/ca.pem' --tlscert='$certdir/server-cert.pem' --tlskey='$certdir/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376 EOF echo "Copy 'ca.pem', 'server-cert.pem' and 'server-key.pem' over to '$certdir' on the machine." - echo "'startup_options.conf' should be placed in '/etc/systemd/docker.service.d/startup_options.conf'." + echo "'startup_options.conf' should be placed in '/etc/systemd/system/docker.service.d/startup_options.conf'." else echo "Copy 'ca.pem', 'server-cert.pem' and 'server-key.pem' over to the chosen directory on the machine."