calvin.house/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5d688e1ba7fa63dda6170643145f2b76877d3108
docs/tls_docs/tls_docker/tls_docker.md
chouse 5d688e1ba7 initial commit
2025-11-07 03:44:26 +00:00

1.4 KiB
Raw Blame History

Configuring TLS for the Docker Daemon

Follow the directions to create a CSR and signing a certificate. The key and CSR can be created on the Docker node and the CSR can be provided alone for signing. Once the bundle has been received, extract it to the desired directory. Make sure to extract the path to a secure directory that cannot be read by or written to by every user on the system.

Edit the systemd service file (Alternatively systemctl edit docker could be used to edit the service)

sudo vim /usr/lib/systemd/system/docker.service

Add the following line and comment out the original ExecStart line

ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2376 --tlsverify --tlscacert=/path/to/ca_or_ca_chain.crt --tlscert=/path/to/server.crt --tlskey=/path/to/server.key

Reload daemons and restart the Docker service

sudo systemctl daemon-reload && sudo systemctl restart docker

Test the connection to the Docker daemon from a remote host running the Docker CLI

docker --tlsverify \
    --tlscacert=ca.pem \
    --tlscert=cert.pem \
    --tlskey=key.pem \
    -H=$HOST:2376 version

The replace tlscacert, tlscert, tlskey, and $HOST with the certs and keys provided earlier and the FQDN or IP of the Docker host. The command should output the Docker version running on the remote host.

Reference in New Issue View Git Blame Copy Permalink