Syslog logging driver + TLS + encrypted private key

Hello,

I am trying to use a docker logging driver to send logs via tls to a fluentd container. My first try was with Fluentd logging driver | Docker Documentation until I found no option to use tls. Then I switched to Syslog logging driver | Docker Documentation:

client:
      build: ./client
      container_name: some-client
      hostname: some-client
      volumes:
        - ./client/td-agent-bit.conf:/etc/td-agent-bit/td-agent-bit.conf:ro
   
      networks:
        - graylog
      restart: unless-stopped
      depends_on:
        - fluentd
      logging:
        driver: syslog 
        options:
          syslog-address: tcp+tls://some-fluentd:514
          syslog-facility: daemon
          syslog-tls-ca-cert: /etc/certs/graylog/certs/ca.crt.pem
          syslog-tls-cert: /etc/certs/graylog/certs/client.crt.pem
          syslog-tls-key: /etc/certs/graylog/private/client.key.pem
          syslog-tls-skip-verify: "false"
          tag: "docker.{{.Name}}"
          syslog-format: rfc5424micro

But got the following error when using docker compose up:

Attaching to some-client, some-fluentd
Error response from daemon: failed to initialize logging driver: Could not load X509 key pair: private key is encrypted, but could not decrypt it: x509: decryption password incorrect

The issue is that i am using an encrypted private key. I found to driver option for setting the corresponding pass phrase. Am I missing something ?

Best regards,

Jean-Pierre

I’m running docker on WSL2, WIndows 10.

Here’s the output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  compose: Docker Compose (Docker Inc., v2.2.3)
WARNING: Plugin "/usr/local/lib/docker/cli-plugins/docker-buildx" is not valid: failed to fetch metadata: fork/exec /usr/local/lib/docker/cli-plugins/docker-buildx: no such file or directory
WARNING: Plugin "/usr/local/lib/docker/cli-plugins/docker-scan" is not valid: failed to fetch metadata: fork/exec /usr/local/lib/docker/cli-plugins/docker-scan: no such file or directory

Server:
 Containers: 5
  Running: 2
  Paused: 0
  Stopped: 3
 Images: 13
 Server Version: 20.10.9
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e25210fe30a0a703442421b0f60afac609f950a3
 runc version: v1.0.1-0-g4144b63
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.10.60.1-microsoft-standard-WSL2
 Operating System: Ubuntu 20.04.4 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 6.14GiB
 Name: LP-0102
 ID: 32VD:3AAD:U5T7:LEBS:L4WY:XTEU:CWRE:H36H:C7HW:ZM55:NDTF:WZ5X
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support