From 3ae6f1589fb784f1831d3a953cdc1f2794098767 Mon Sep 17 00:00:00 2001
From: Reynaldo Morillo <reymorillo2@gmail.com>
Date: Sat, 2 Mar 2019 15:15:15 -0500
Subject: [PATCH] Initial Commit. This is how I setup TLS on my computer.

---
 README.md                   | 26 ++++++++++++++++++++++++++
 docker_deamon_settings.conf |  3 +++
 setup_docker_tls.sh         | 36 ++++++++++++++++++++++++++++++++++++
 3 files changed, 65 insertions(+)
 create mode 100644 README.md
 create mode 100644 docker_deamon_settings.conf
 create mode 100755 setup_docker_tls.sh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0784fda
--- /dev/null
+++ b/README.md
@@ -0,0 +1,26 @@
+Setup TLS for Docker
+===============================
+
+You need to run these commands to setup part of the process that's currently not automated.
+
+You can find these instructions partially at the following link.
+
+```bash
+# After the first command you need to copy and past the contents of docker_deamon_settings.conf in the docker.service file
+sudo systemctl edit docker.service
+sudo systemctl daemon-reload
+sudo systemctl restart docker.service
+```
+
+
+Then you need to modify your `.bashrc`, `zshrc` or whatever shell you're using.
+Add This to the end of your `*rc` file
+
+```bash
+#######################################################
+# Docker
+#######################################################
+
+export COMPOSE_TLS_VERSION=TLSv1_2
+export DOCKER_HOST=tcp://localhost:2376 DOCKER_TLS_VERIFY=1
+```
diff --git a/docker_deamon_settings.conf b/docker_deamon_settings.conf
new file mode 100644
index 0000000..4a711fb
--- /dev/null
+++ b/docker_deamon_settings.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/home/reynaldo/.docker/ca.pem --tlscert=/home/reynaldo/.docker/server-cert.pem --tlskey=/home/reynaldo/.doc$
diff --git a/setup_docker_tls.sh b/setup_docker_tls.sh
new file mode 100755
index 0000000..bcaa614
--- /dev/null
+++ b/setup_docker_tls.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+hostname=${1}
+
+cd ~/.docker/
+
+openssl genrsa -aes256 -out ca-key.pem 4096
+
+openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
+
+openssl genrsa -out server-key.pem 4096
+
+openssl req -subj "/CN=$hostname" -sha256 -new -key server-key.pem -out server.csr
+
+echo subjectAltName = DNS:$hostname,IP:10.10.10.20,IP:127.0.0.1 >> extfile.cnf
+
+echo extendedKeyUsage = serverAuth >> extfile.cnf
+
+openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
+  -CAcreateserial -out server-cert.pem -extfile extfile.cnf
+
+openssl genrsa -out key.pem 4096
+
+openssl req -subj '/CN=client' -new -key key.pem -out client.csr
+
+echo extendedKeyUsage = clientAuth > extfile-client.cnf
+
+openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
+  -CAcreateserial -out cert.pem -extfile extfile-client.cnf
+
+
+rm -v client.csr server.csr extfile.cnf extfile-client.cnf
+
+chmod -v 0400 ca-key.pem key.pem server-key.pem
+
+chmod -v 0444 ca.pem server-cert.pem cert.pem