Skip to content

Instantly share code, notes, and snippets.

@kekru
Last active January 11, 2024 18:20
Show Gist options
  • Save kekru/b9e4da822514df93e6fdf2f7d3d90d8a to your computer and use it in GitHub Desktop.
Save kekru/b9e4da822514df93e6fdf2f7d3d90d8a to your computer and use it in GitHub Desktop.
Enable Docker Remote API via daemon.json
{
"authorization-plugins": ["kekruauth"],
"hosts": ["unix:///var/run/docker.sock", "tcp://0.0.0.0:2376"],
"tls": true,
"tlscacert": "/home/kevin/docker/certstest/ca.pem",
"tlscert": "/home/kevin/docker/certstest/server-cert.pem",
"tlskey": "/home/kevin/docker/certstest/server-key.pem",
"tlsverify": true
}

See here

Please go to Enable Docker Remote API with TLS client verification.

Old content:

docker-auth.js Generate Certs

Troubleshooting

unable to configure the Docker daemon with file /etc/docker/daemon.json: the following directives are specified both as a flag and in the configuration file: hosts: (from flag: [fd://], from file: [unix:///var/run/docker.sock tcp://172.0.0.42:2375])

systemctl list-units
we'll find "docker.service"

systemctl cat docker.service

first line: "# /lib/systemd/system/docker.service"

problem: ExecStart=/usr/bin/dockerd -H fd://

remove -H fd:// (comment out is not enough)

systemctl daemon-reload
systemctl restart docker.service

/etc/docker/daemon.json

docker -H localhost:2376 --tlsverify --tlscacert=ca.pem --tlscert=client-microtest-cert.pem --tlskey=client-microtest-key.pem ps

docker-runc list
docker-runc exec -t 919ba26dd4ddb9d2505c1533247d181f7e732ea5eb56d856d281ce471cef03d3 cat /data/log.log > /home/kevin/log3.log

Show Docker Daemon Logs (CentOS)
journalctl -u docker.service -n 100

@zx1986
Copy link

zx1986 commented Aug 21, 2018

Thank you so much!

@lionsong
Copy link

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment