[英]How to secure docker client connection by default?
I'm using https to protect the docker daemon socket.我正在使用 https 来保护 docker 守护程序套接字。 Followed all the steps as mentioned here .
遵循此处提到的所有步骤。 The environment variables are set as below,
环境变量设置如下,
The below command works (when I pass ca, client certificate & key):以下命令有效(当我通过 ca、客户端证书和密钥时):
docker --tlsverify --tlscacert=~/.docker/ca.pem --tlscert=~/.docker/client-cert.pem --tlskey=~/.docker/client-key.pem -H=$HOST:2376 ps
According to Docker documentation , I can secure docker client connections by default and do not need to pass certificates every time but the command "docker ps", doesn't work for me.根据Docker 文档,我可以默认保护 docker 客户端连接,并且不需要每次都通过证书,但是命令“docker ps”对我不起作用。 It always expects client certificate to be passed.
它总是希望通过客户端证书。
I also tried executing the below,我也尝试执行以下,
docker-compose --tlsverify --tlscacert=~/.docker/ca.pem --tlscert=~/.docker/client-cert.pem --tlskey=~/.docker/client-key.pem -H=$HOST:2376 up
ERROR: TLS configuration is invalid - make sure your DOCKER_TLS_VERIFY and DOCKER_CERT_PATH are set correctly
How can I secure the docker client connections by default?默认情况下,如何保护 docker 客户端连接? I just want to execute like "docker ps" without passing client certificate every time since it already exists in ~/.docker
我只想像“docker ps”一样执行而不每次都通过客户端证书,因为它已经存在于 ~/.docker
I found the answer myself.我自己找到了答案。 The client certificate and key generated are having the names as cert.pem and key.pem when I followed the official documentation instructions .
当我按照官方文档说明进行操作时,生成的客户端证书和密钥的名称分别为 cert.pem 和 key.pem。 I renamed the cert.pem to client-cert.pem and key to client-key.pem in my ~/.docker directory.
我在 ~/.docker 目录中将 cert.pem 重命名为 client-cert.pem 并将密钥重命名为 client-key.pem。
Apparently, docker picks the client certificate by default, only if it has name as cert.pem and key.pem.显然,docker 默认选择客户端证书,前提是它的名称为 cert.pem 和 key.pem。 So, my issue here is because of changing the client certificate / key names.
所以,我的问题是因为更改了客户端证书/密钥名称。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.