Chewing_Bever
/
bever-dam
Archived
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Activity

Removed some faulty information
continuous-integration/drone the build was successful Details

master
Jef Roosens 2021-05-17 10:44:57 +02:00
parent 2cb6d2686c
commit 87c5b2eca9
Signed by: Jef Roosens
GPG Key ID: B580B976584B5F30
3 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
content/posts/docker-tcp.md
View File

@ -61,9 +61,10 @@ openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=<HOST>" -sha256 -new -key server-key.pem -out server.csr openssl req -subj "/CN=<HOST>" -sha256 -new -key server-key.pem -out server.csr
``` ```
In the above snippet, replace `<HOST>` with the hostname (output of the In the above snippet, replace `<HOST>` with the hostname of the machine who's
`hostname` command) of the machine who's API you want to expose. Now we've API you want to expose. With hostname, I mean the domain from which your server
created `server-key.pem` and `server.csr`. is accessible, e.g. `server.example.com`. Now we've created `server-key.pem`
and `server.csr`.
After this, we need to create a file named `extfile.cnf` with the After this, we need to create a file named `extfile.cnf` with the
following content: following content:
@ -73,7 +74,7 @@ subjectAltName = DNS:<HOST>,IP:<IP>,IP:127.0.0.1 >> extfile.cnf
extendedKeyUsage = serverAuth extendedKeyUsage = serverAuth
``` ```
Here, we once again replace `<HOST>` with the machine's hostname, and `<IP>` Here, we once again replace `<HOST>` with the machine's domain name, and `<IP>`
with the machine's public IP. with the machine's public IP.
This file can now be used to generate the actual signed certificate: This file can now be used to generate the actual signed certificate:
@ -125,12 +126,12 @@ directory.
We're gonna be creating a system config file for the Docker service (this guide We're gonna be creating a system config file for the Docker service (this guide
assumes the use of `systemd`). In assumes the use of `systemd`). In
`/etc/systemd/docker.service.d/startup_options.conf`, put the following: `/etc/systemd/system/docker.service.d/startup_options.conf`, put the following:
```shell ```shell
[Service] [Service]
ExecStart= ExecStart=
ExecStart=/usr/bin/dockerd --tlsverify --tlscacert='<DIR>/ca.pem' --tlscert='<DIR>/server-cert.pem' --tlskey='<DIR>/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376 ExecStart=/usr/sbin/dockerd --tlsverify --tlscacert='<DIR>/ca.pem' --tlscert='<DIR>/server-cert.pem' --tlskey='<DIR>/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376
``` ```
Don't forget the replace `<PATH>` with the path to your actual directory. Don't forget the replace `<PATH>` with the path to your actual directory.

0
static/.gitkeep
View File

6
static/scripts/docker-tcp.sh
View File

@ -16,7 +16,7 @@ Docker API.
Usage: $0 [-h] [-d DAYS] HOST IP [CERTDIR] Usage: $0 [-h] [-d DAYS] HOST IP [CERTDIR]
HOST hostname of the machine to expose HOST domain name where your machine is accessible
IP public IP of the machine to expose IP public IP of the machine to expose
CERTDIR directory where the certificates will reside on the machine. If CERTDIR directory where the certificates will reside on the machine. If
specified, a startup_options.conf file is created for you, which specified, a startup_options.conf file is created for you, which
@ -118,11 +118,11 @@ if [ -n "$certdir" ]; then
cat > startup_options.conf << EOF cat > startup_options.conf << EOF
[Service] [Service]
ExecStart= ExecStart=
ExecStart=/usr/bin/dockerd --tlsverify --tlscacert='$certdir/ca.pem' --tlscert='$certdir/server-cert.pem' --tlskey='$certdir/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376 ExecStart=/usr/sbin/dockerd --tlsverify --tlscacert='$certdir/ca.pem' --tlscert='$certdir/server-cert.pem' --tlskey='$certdir/server-key.pem' -H fd:// -H tcp://0.0.0.0:2376
EOF EOF
echo "Copy 'ca.pem', 'server-cert.pem' and 'server-key.pem' over to '$certdir' on the machine." echo "Copy 'ca.pem', 'server-cert.pem' and 'server-key.pem' over to '$certdir' on the machine."
echo "'startup_options.conf' should be placed in '/etc/systemd/docker.service.d/startup_options.conf'." echo "'startup_options.conf' should be placed in '/etc/systemd/system/docker.service.d/startup_options.conf'."
else else
echo "Copy 'ca.pem', 'server-cert.pem' and 'server-key.pem' over to the chosen directory on the machine." echo "Copy 'ca.pem', 'server-cert.pem' and 'server-key.pem' over to the chosen directory on the machine."