Check TLS in a remote Docker service - #docker #docker-tls #tls #ubuntu #docker-client

docker-client-check-tls.sh

#!/usr/bin/env bash

: ' Script to validate a remote Docker service running with TLS

    It assumes that the server was configured using my other script hosted in
    Gist through the link;

    https://gist.github.com/ivan-pinatti/6ad05557e526f1f32ca357d15139df83

    Usage:

    ./docker-client-check-tls.sh 200.200.200.200 root

    '

# check if debug flag is set
if [ "${DEBUG}" = true ]; then

  set -x # enable print commands and their arguments as they are executed.
  export # show all declared variables (includes system variables)
  whoami # print current user

else

  # unset if flag is not set
  unset DEBUG

fi

# bash default parameters
set -o errexit  # make your script exit when a command fails
set -o pipefail # exit status of the last command that threw a non-zero exit code is returned
set -o nounset  # exit when your script tries to use undeclared variables

# parameters
__server_ip="${1:-"200.200.200.200"}"
__user="${2:-"root"}"

# binaries
__CURL=$(which curl)
__MKTEMP=$(which mktemp)
__RSYNC=$(which rsync)

# create temp folder
readonly __temp_folder=$(${__MKTEMP} --directory)

# download keys from remote server
echo "Downloading certificates and key..."
${__RSYNC} --archive \
           --compress \
           --verbose \
           "${__user}@${__server_ip}:/etc/docker/certs/*" \
           "${__temp_folder}/"

# check remote server by listing images
echo "Checking remote Docker service..."
${__CURL} "https://"${__server_ip}":2376/images/json" --insecure \
                                                      --cert "${__temp_folder}/cert.pem" \
                                                      --key "${__temp_folder}/key.pem" \
                                                      --cacert "${__temp_folder}/ca.pem"