- Docker High Performance(Second Edition)
- Allan Espinosa Russ McKendrick
- 299字
- 2021-06-24 14:32:39
Connecting remotely from the Docker client
Now that our Docker host is secure, it won't respond to requests from our Docker client yet. The Docker host will only respond to requests being made by clients verified by our CA.
The following steps will generate an identity for our Docker client:
- First, let's generate the private key of our Docker client in ~/.docker/key.pem:
client$ openssl genrsa -out ~/.docker/key.pem 4096
Generating RSA private key, 4096 bit long modulus
...................++
.........................................................++
e is 65537 (0x10001)
- Next, we make sure that this private key is restricted to us for viewing:
client$ chmod 600 ~/.docker/key.pem
- We now generate the CSR for client in a file called client.csr:
client$ openssl req -subj '/CN=client' -new \
-key ~/.docker/key.pem -out client.csr
- Now that our CSR is ready, we will now create an OpenSSL configuration to indicate that certificates will be used for client authentication. The OpenSSL command following creates this configuration in a file called ~/ca/client-ext.cnf:
extendedKeyUsage = clientAuth
- Finally, we are ready to issue the certificate for our Docker client. The following command writes our Docker client's certificate to ~/.docker/cert.pem:
client$ openssl x509 -req -CA ca.pem
-CAkey ca-key.pem -CAcreateserial
-extfile client-ext.cnf -in
~/client.csr -out ~/.docker/cert.pem
Signature ok
subject=/CN=client
Getting CA Private Key
Enter pass phrase for ca-key.pem: ****
- To complete our client's TLS configuration, we will also deploy our CA's certificate in our ~/.docker directory file:
client$ cp ca.pem ~/.docker/ca.pem
- Finally, we indicate to our Docker client that we will be connecting securely to our remote Docker host by exporting the following environment variables:
client$ export DOCKER_HOST=tcp://dockerhost:2376
client$ export DOCKER_TLS_VERIFY=true
Congratulations! We now have a secure communication channel between our Docker client and Docker host. To verify the connection, we can run the following command and show information about our remote Docker host:
client$ docker info
推薦閱讀
- AutoCAD快速入門與工程制圖
- Spark編程基礎(Scala版)
- Hands-On Neural Networks with Keras
- HBase Design Patterns
- 空間傳感器網絡復雜區域智能監測技術
- JavaScript典型應用與最佳實踐
- Enterprise PowerShell Scripting Bootcamp
- 傳感器與新聞
- 多媒體制作與應用
- 會聲會影X4中文版從入門到精通
- Linux Shell Scripting Cookbook(Third Edition)
- Moodle 2.0 Course Conversion(Second Edition)
- 天才與算法:人腦與AI的數學思維
- 互聯網單元測試及實踐
- 電氣自動化工程師自學寶典(基礎篇)