Hello.
I’m trying to use docker with tls.
Made the following changes to /etc/docker/daemon.json
{
“log-driver”: “journald”,
“tlsverify”: true,
“tlscacert”: “/etc/docker/certs/ca-cert.pem”,
“tlscert”: “/etc/docker/certs/server-cert.pem”,
“tlskey”: “/etc/docker/certs/server-key.pem”,
“host”: “tcp://0.0.0.0:2376”
}
Validated the file with the following command
dockerd --validate --config-file=/etc/docker/daemon.json
Modified the file /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --config-file=/etc/docker/daemon.json --containerd=/run/containerd/containerd.sock
Rebooted the docker server.
Still the configuration inside daemon.json is ignored.
If I stop the service
sudo systemctl stop docker
and modify daemon.json
{
“log-driver”: “journald”
}
then restart the service
sudo systemctl start docker
Verify docker is working
sudo systemctl status docker
Still tls does not work.
If I stop the service
sudo systemctl stop docker
and run
dockerd --tlsverify --tlscacert=/etc/docker/certs/ca-cert.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
Docker works as expected.
If I modify /lib/systemd/system/docker.service
and modify
ExecStart=/usr/bin/ dockerd --tlsverify --tlscacert=/etc/docker/certs/ca-cert.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 --containerd=/run/containerd/containerd.sock
Save the changes made to file. Restart the service or the server. The service does not work.
I imagine the ExecStart has a limit of characters?
I created all the certificates following this guide
To test to see if its working I run the following command in client terminal
curl https://docker-host:2376/info --cert ~/.docker/client-cert.pem --key ~/.docker/client-key.pem --cacert ~/.docker/ca-cert.pem
All the files are on the correct paths. If I do it manually it works, if I tell it to do it via config-file it does not.
On my mac, modified /etc/hosts added
10.0.0.208 docker-host
Please help.