Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Enable Docker Remote API via daemon.json
"authorization-plugins": ["kekruauth"],
"hosts": ["unix:///var/run/docker.sock", "tcp://"],
"tls": true,
"tlscacert": "/home/kevin/docker/certstest/ca.pem",
"tlscert": "/home/kevin/docker/certstest/server-cert.pem",
"tlskey": "/home/kevin/docker/certstest/server-key.pem",
"tlsverify": true

See here

Please go to Enable Docker Remote API with TLS client verification.

Old content:

docker-auth.js Generate Certs


unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: hosts: (from flag: [fd://], from file: [unix:///var/run/docker.sock tcp://])

systemctl list-units
we'll find "docker.service"

systemctl cat docker.service

first line: "# /lib/systemd/system/docker.service"

problem: ExecStart=/usr/bin/dockerd -H fd://

remove -H fd:// (comment out is not enough)

systemctl daemon-reload
systemctl restart docker.service


docker -H localhost:2376 --tlsverify --tlscacert=ca.pem --tlscert=client-microtest-cert.pem --tlskey=client-microtest-key.pem ps

docker-runc list
docker-runc exec -t 919ba26dd4ddb9d2505c1533247d181f7e732ea5eb56d856d281ce471cef03d3 cat /data/log.log > /home/kevin/log3.log

Show Docker Daemon Logs (CentOS)
journalctl -u docker.service -n 100


This comment has been minimized.

Copy link

juliocanares commented Jul 2, 2017

the CA should be placed in the Docker swarm manager right?

what if I have multiple managers, do I need to create multiple CA for each of them or would be ok to reuse just one CA?


This comment has been minimized.

Copy link
Owner Author

kekru commented Aug 13, 2017

Hi Julio, sorry for answering so late, Github doesn't send emails on new comments in gists.
When you use one CA for all your manager nodes, a client cert, signed by that CA, will be allowed to use all manager nodes. So it depends on how you want to design your authorization structure.


This comment has been minimized.

Copy link

zx1986 commented Aug 21, 2018

Thank you so much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.