Skip to content

Instantly share code, notes, and snippets.

@knbknb

knbknb/docker-tlsverify-commands.sh

Last active August 16, 2024 07:37
Show Gist options
  • Save knbknb/fd33d297dfef63fb793c7b623b968e44 to your computer and use it in GitHub Desktop.
Save knbknb/fd33d297dfef63fb793c7b623b968e44 to your computer and use it in GitHub Desktop.
Download ZIP
docker-tlsverify-commands.sh
Raw
docker-tlsverify-commands.sh
# apt install mkcert
# create a root CA locally
mkcert --install
# on well
## server certificate and key
mkcert --cert-file ~/.local/share/mkcert/well-server.crt --key-file ~/.local/share/mkcert/well-server.key 192.168.178.25 localhost 127.0.0.1 ::1
## client certificate and key. new flag "client"
mkcert --cert-file ~/.local/share/mkcert/well-client.crt --key-file ~/.local/share/mkcert/well-client.key --client 192.168.178.25 localhost 127.0.0.1 ::1
## Expected output:
## Note: the local CA is not installed in the Firefox and/or Chrome/Chromium trust store.
## Run "mkcert -install" for certificates to be trusted automatically ⚠️
##
## Created a new certificate valid for the following names 📜
## - "192.168.178.25"
## - "localhost"
## - "127.0.0.1"
##
## The certificate is at "/home/knut/.local/share/mkcert/well-server.crt" and the key at "/home/knut/.local/share/mkcert/well-server.key" ✅
##
## It will expire on 16 November 2026
# open override file for docker service:
systemctl edit docker.service
# remove -H flag entirely from ExecStart
# modify contents of /etc/docker/daemon.json
{
"debug": false,
"tlsverify": true,
"tlscacert": "/home/knut/.local/share/mkcert/rootCA.pem",
"tlscert": "/home/knut/.local/share/mkcert/well-server.crt",
"tlskey": "/home/knut/.local/share/mkcert/well-server.key",
"hosts": ["tcp://0.0.0.0:2376"]
}
dockerd --validate
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment