How to connect to a remote docker server with a certificate

1. Use scripts to encrypt TLS for docker
2. Modify the docker configuration and enable remote access
3. Use idea to test the connection

Before starting to remotely connect to the Docker server, we need to make sure that Docker has been installed on the remote server and that Docker is running normally on the server. Next, complete the steps of remotely connecting to Docker with IDEA certificates.

1. Use scripts to encrypt TLS for docker

The following script is quoted from "Docker remote API one-click TLS encryption". Next, use this script to complete the generation of the encrypted certificate file.

Create an encryption script in the /root directory: vi create_verify.sh.

Note that in the "xxxx" section of the script, fill in the public IP address of your server.

#!/bin/bash
mkdir -p /root/tls/pem
#DOMAIN_HOST=`ifconfig eth0 | grep "inet" | awk '{ print $2}' | sed -n '1p;1q'`
DOMAIN_HOST=`hostname`
HOST=$DOMAIN_HOST
# Custom information PASSWORD="HeDongHudj"
COUNTRY=CN
PROVINCE=gd
CITY=gz
ORGANIZATION=dounine
GROUP=dg
NAME=lake
SUBJ="/C=$COUNTRY/ST=$PROVINCE/L=$CITY/O=$ORGANIZATION/OU=$GROUP/CN=$HOST"
# Custom information#====================================================================================================================
#This form is to issue a certificate to yourself. You are the CA organization, or you can give it to a third party organization to issue openssl genrsa -passout pass:$PASSWORD -aes256 -out /root/tls/pem/ca-key.pem 4096
# 2. Generate a self-signed root certificate (business license) using the root certificate RSA private key
openssl req -new -x509 -days 365 -passin pass:$PASSWORD -key /root/tls/pem/ca-key.pem -sha256 -subj $SUBJ -out /root/tls/pem/ca.pem
#============================================================================================
#Issue a certificate to the server# 1. The server generates its own private key openssl genrsa -out /root/tls/pem/server-key.pem 4096
# 2. The server generates a certificate (which contains the public key and server information)
openssl req -new -sha256 -key /root/tls/pem/server-key.pem -out /root/tls/pem/server.csr -subj "/CN=$DOMAIN_HOST"
# 3. How to connect to me? You can set multiple IP addresses and separate them with commas. echo subjectAltName=IP:xxxx,IP:0.0.0.0 > /tmp/extfile.cnf
# 4. The authority stamps the certificate to make it effective openssl x509 -passin pass:$PASSWORD -req -days 365 -sha256 -in /root/tls/pem/server.csr -CA /root/tls/pem/ca.pem -CAkey /root/tls/pem/ca-key.pem -CAcreateserial -out /root/tls/pem/server-cert.pem -extfile /tmp/extfile.cnf
#============================================================================================
#Issue a certificate to the client openssl genrsa -out /root/tls/pem/client-key.pem 4096
openssl req -subj '/CN=client' -new -key /root/tls/pem/client-key.pem -out /root/tls/pem/client.csr
echo extendedKeyUsage = clientAuth > /tmp/extfile.cnf
openssl x509 -passin pass:$PASSWORD -req -days 365 -sha256 -in /root/tls/pem/client.csr -CA /root/tls/pem/ca.pem -CAkey /root/tls/pem/ca-key.pem -CAcreateserial -out /root/tls/pem/client-cert.pem -extfile /tmp/extfile.cnf
#============================================================================================
# Clean up the file rm -rf /root/tls/pem/ca-key.pem
rm -rf /root/tls/pem/{server,client}.csr
rm -rf /root/tls/pem/ca.srl
# Final file# ca.pem == CA certificate# client-cert.pem == Client certificate# client-key.pem == Client private key# server-cert.pem == Server certificate# server-key.pem == Server private key

After the script is created, execute the script: sh create_verify.sh

After executing the shell script, the ca.pem, client-cert.pem, client-key.pem, server-cert.pem, and server-key.pem certificate files will be generated in the /root/tls/pem directory.

Next, copy the three files ca.pem, client-cert.pem, and client-key.pem to any local directory, and rename client-cert.pem and client-key.pem to cert.pem and key.pem respectively. Remember this directory will be used later.

2. Modify the docker configuration and enable remote access

$ vi /usr/lib/systemd/system/docker.service

Find the corresponding line starting with ExecStart and modify it to the following content, introduce the certificate information just now, and use port 2376 for connection. If the server is Alibaba Cloud or Tencent Cloud, this port needs to be opened in the firewall.

Restart Docker:

$ systemctl daemon-reload
$ systemctl restart docker

3. Use idea to test the connection

Install the docker plug-in on idea. This step will not be repeated here. Then fill in the relevant information as shown in the figure. The certificate information is the three files we just copied from the server. Select the directory just stored. If you see the prompt below, it means the connection is successful!

After successfully connecting to the docker server remotely, we can make our own project into a mirror and deploy it in the server k8s.

This is the end of this article about how to implement remote docker server certificate connection. For more relevant docker remote connection certificate content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:

Docker deploys mysql remote connection to solve 2003 problems
Tutorial on installing MySQL with Docker and implementing remote connection
Detailed tutorial on how to connect to a remote server Docker to deploy a Spring Boot project in IDEA
Tutorial on using portainer to connect to remote docker
Docker deploys mysql to achieve remote connection sample code
Detailed explanation of docker daemon remote connection settings

<<: About the overlap of margin value and vertical margin in CSS

>>: Methods for defragmenting and reclaiming space in MySQL tables

IE8 provides a good experience: Activities

How to connect to a remote docker server with a certificate

Table of contents

1. Use scripts to encrypt TLS for docker

2. Modify the docker configuration and enable remote access

3. Use idea to test the connection

IE8 provides a good experience: Activities

Vue Virtual DOM Quick Start

Detailed explanation of log processing of Docker containers

Description of the writing method of foreach array in Vue and traversal array in js

6 solutions to IDEA's inability to connect to the MySQL database

Solution to the CSS height collapse problem

Summary of basic SQL statements in MySQL database

The most complete 50 Mysql database query exercises

Detailed explanation of two ways to dynamically change CSS styles in react

How to change the password of mysql5.7.20 under linux CentOS 7.4

Recommend

A brief discussion on the Linux kernel's support for floating-point operations

Configure selenium environment based on linux and implement operation

Teach you to use dozens of lines of js to achieve cool canvas interactive effects

In-depth understanding of Vue dynamic components and asynchronous components

React implements dynamic pop-up window component

A complete list of commonly used shared codes for web pages (essential for front-end)

CSS shadow animation optimization tips

Implementation example of Nginx+Tomcat load balancing cluster

How to draw a cool radar chart in CocosCreator

What you need to understand about MySQL locks

Implementation of React star rating component

MySQL learning record: bloody incident caused by KEY partition

Detailed explanation of the difference between the default value of the CSS attribute width: auto and width: 100%

Install Percona Server+MySQL on CentOS 7

How to modify the sources.list of Ubuntu 18.04 to Alibaba or Tsinghua mirror