Skip to content
Permalink
Browse files

Initial Commit. This is how I setup TLS on my computer.

  • Loading branch information
Reynaldo Morillo
Reynaldo Morillo committed Mar 2, 2019
0 parents commit 3ae6f1589fb784f1831d3a953cdc1f2794098767
Showing with 65 additions and 0 deletions.
  1. +26 −0 README.md
  2. +3 −0 docker_deamon_settings.conf
  3. +36 −0 setup_docker_tls.sh
@@ -0,0 +1,26 @@
Setup TLS for Docker
===============================

You need to run these commands to setup part of the process that's currently not automated.

You can find these instructions partially at the following link.

```bash
# After the first command you need to copy and past the contents of docker_deamon_settings.conf in the docker.service file
sudo systemctl edit docker.service
sudo systemctl daemon-reload
sudo systemctl restart docker.service
```


Then you need to modify your `.bashrc`, `zshrc` or whatever shell you're using.
Add This to the end of your `*rc` file

```bash
#######################################################
# Docker
#######################################################
export COMPOSE_TLS_VERSION=TLSv1_2
export DOCKER_HOST=tcp://localhost:2376 DOCKER_TLS_VERIFY=1
```
@@ -0,0 +1,3 @@
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/home/reynaldo/.docker/ca.pem --tlscert=/home/reynaldo/.docker/server-cert.pem --tlskey=/home/reynaldo/.doc$
@@ -0,0 +1,36 @@
#!/bin/sh

hostname=${1}

cd ~/.docker/

openssl genrsa -aes256 -out ca-key.pem 4096

openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem

openssl genrsa -out server-key.pem 4096

openssl req -subj "/CN=$hostname" -sha256 -new -key server-key.pem -out server.csr

echo subjectAltName = DNS:$hostname,IP:10.10.10.20,IP:127.0.0.1 >> extfile.cnf

echo extendedKeyUsage = serverAuth >> extfile.cnf

openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf

openssl genrsa -out key.pem 4096

openssl req -subj '/CN=client' -new -key key.pem -out client.csr

echo extendedKeyUsage = clientAuth > extfile-client.cnf

openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out cert.pem -extfile extfile-client.cnf


rm -v client.csr server.csr extfile.cnf extfile-client.cnf

chmod -v 0400 ca-key.pem key.pem server-key.pem

chmod -v 0444 ca.pem server-cert.pem cert.pem

0 comments on commit 3ae6f15

Please sign in to comment.
You can’t perform that action at this time.