Docker Securing Daemon
126 words
One minute
Basic Secure
- Disable password based authentication
- Enable SSH key based authentication
Without Authentication
Certification Files
| Location | Type | File |
|---|
| Server | CRT | /var/docker/server.pem |
| Server | Key | /var/docker/serverkey.pem |
Daemon Configuration
1
| cat /etc/docker/daemon.json
|
1
2
3
4
5
6
7
8
| {
"hosts": [
"tcp://192.168.1.10:2376"
],
"tls": true,
"tlscert": "/var/docker/server.pem",
"tlskey": "/var/docker/serverkey.pem"
}
|
Client Docker CLI
With Authentication
Certification Files
| Location | Type | File |
|---|
| Server | CA | /var/docker/cacert.pem |
| Server | CRT | /var/docker/server.pem |
| Server | Key | /var/docker/serverkey.pem |
| Client | CA | ~/.docker/cacert.pem |
| Client | CRT | ~/.docker/client.pem |
| Client | Key | ~/.docker/clientkey.pem |
Daemon Configuration
1
| cat /etc/docker/daemon.json
|
1
2
3
4
5
6
7
8
9
| {
"hosts": [
"tcp://192.168.1.10:2376"
],
"tlscert": "/var/docker/server.pem",
"tlskey": "/var/docker/serverkey.pem",
"tlsverify": true,
"tlscacert": "/var/docker/cacert.pem"
}
|
Client Docker CLI
1
2
3
4
5
| docker --tlsverify \\
--tlscacert=~/.docker/cacert.pem \\
--tlscert=~/.docker/client.pem \\
--tlskey=~/.docker/clientkey.pem
ps
|
CozyFex