Generate TLS Certificates for Securing the Docker Daemon Socket
You can run this command line by line
git clone https://github.com/creatif-studio/docker-tls.git
cd dockertls; chmod +x generate.sh
sudo ./generate.sh
# note:
# copy ca.pem,server-cert.pem,server-key.pem
# insert all files into docker servers in this location `/data/certs/`
Example usage
./generate.sh -m ca -pw change-your-ramdon-string -t certs -e 900
./generate.sh -m server -h server -pw change-your-ramdon-string -t certs -e 900
./generate.sh -m client -h client -pw change-your-ramdon-string -t certs -e 900
# note:
# -h : hosts
# -pw : password
- Open your docker.service
/lib/systemd/system/docker.service - Look this line
ExecStart=/usr/bin/dockerd -H fd:// - Comment from
# -H fd:// ... - Restart your daemon service
systemctl daemon-reload - Restart your docker service
systemctl restart docker - Create a new file in
/etc/docker/daemon.jsonin your docker servers - Look
daemon.jsonin this repository - Restart your docker service
systemctl restart docker - Create virtual host
"echo your-ip server" > /etc/hosts
docker -H server:2376 --tlsverify --tlscacert=ca.pem --tlscert=client-cert.pem --tlskey=client-key.pem ps
If you'd like to contribute to this project, please follow these steps:
- Fork this repository.
- Create a branch for your changes.
- Make your changes and commit them to your branch.
- Push your branch to your forked repository.
- Open a pull request to merge your changes into the main repository.
This project is licensed under the MIT License. See the LICENSE file for details.