当前位置 博文首页 > 董哥的黑板报:长文详解!Docker客户端与服务端TLS认证(Docker
which openssl
ls /etc/docker
cd /etc/docker
echo 01 | sudo tee ca.srl
sudo openssl genrsa -des3 -out ca-key.pem
sudo openssl req -new -x509 -days 365 -key ca-key.pem -out ca.pem
sudo openssl genrsa -des3 -out server-key.pem
sudo openssl req -new -key server-key.pem -out server.csr
sudo openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem
sudo openssl rsa -in server-key.pem -out server-key.pem
sudo chmod 0600 /etc/docker/server-key.pem /etc/docker/server-cert.pem /etc/docker/ca-key.pem /etc/docker/ca.pem
sudo vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2376 --tlsverify --tlscacert=/etc/docker/ca.pem --tlscert=/etc/docker/server-cert.pem --tlskey=/etc/docker/server-key.pem
sudo systemctl daemon-reload
sudo service docker restart
sudo service docker status
sudo openssl genrsa -des3 -out client-key.pem
sudo openssl req -new -key client-key.pem -out client.csr
sudo su
echo extendedKeyUsage = clientAuth > extfile.cnf
sudo openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem -out client-cert.pem -extfile extfile.cnf
sudo openssl rsa -in client-key.pem -out client-key.pem
sudo ls ~/.docker
sudo cp ca.pem ~/.docker/ca.pem
sudo cp client-key.pem ~/.docker/key.pem
sudo cp client-cert.pem ~/.docker/cert.pem
sudo chmod 0600 ~/.docker/key.pem ~/.docker/cert.pem
sudo ls ~/.docker/
?
sudo docker -H=localhost?:2376 --tlsverify info
sudo docker -H=localhost?:2376 info