25 lines
824 B
Bash
25 lines
824 B
Bash
mkdir -p /etc/docker/certs.d/example.com:2376
|
|
cp ca.pem server-cert.pem server-key.pem /etc/docker/certs.d/example.com:2376
|
|
|
|
nano /lib/systemd/system/docker.service
|
|
|
|
-> Remove '-H fd://' from 'ExecStart'
|
|
|
|
# Create /etc/docker/daemon.json
|
|
tee /etc/docker/daemon.json << EOL
|
|
{
|
|
"tlsverify": true,
|
|
"tlscacert": "/etc/docker/certs.d/example.com:2376/ca.pem",
|
|
"tlscert" : "/etc/docker/certs.d/example.com:2376/server-cert.pem",
|
|
"tlskey" : "/etc/docker/certs.d/example.com:2376/server-key.pem",
|
|
"hosts" : ["fd://", "0.0.0.0:2376"]
|
|
}
|
|
EOL
|
|
|
|
# Reload and restart
|
|
systemctl daemon-reload
|
|
systemctl restart docker
|
|
|
|
# Test client connection from another server
|
|
# copy ca.pem, cert.pem and key.pem to another machine
|
|
docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem --host=example.com:2376 version |