How to connect to a remote docker server with a certificate

1. Use scripts to encrypt TLS for docker
2. Modify the docker configuration and enable remote access
3. Use idea to test the connection

Before starting to remotely connect to the Docker server, we need to make sure that Docker has been installed on the remote server and that Docker is running normally on the server. Next, complete the steps of remotely connecting to Docker with IDEA certificates.

1. Use scripts to encrypt TLS for docker

The following script is quoted from "Docker remote API one-click TLS encryption". Next, use this script to complete the generation of the encrypted certificate file.

Create an encryption script in the /root directory: vi create_verify.sh.

Note that in the "xxxx" section of the script, fill in the public IP address of your server.

#!/bin/bash
mkdir -p /root/tls/pem
#DOMAIN_HOST=`ifconfig eth0 | grep "inet" | awk '{ print $2}' | sed -n '1p;1q'`
DOMAIN_HOST=`hostname`
HOST=$DOMAIN_HOST
# Custom information PASSWORD="HeDongHudj"
COUNTRY=CN
PROVINCE=gd
CITY=gz
ORGANIZATION=dounine
GROUP=dg
NAME=lake
SUBJ="/C=$COUNTRY/ST=$PROVINCE/L=$CITY/O=$ORGANIZATION/OU=$GROUP/CN=$HOST"
# Custom information#====================================================================================================================
#This form is to issue a certificate to yourself. You are the CA organization, or you can give it to a third party organization to issue openssl genrsa -passout pass:$PASSWORD -aes256 -out /root/tls/pem/ca-key.pem 4096
# 2. Generate a self-signed root certificate (business license) using the root certificate RSA private key
openssl req -new -x509 -days 365 -passin pass:$PASSWORD -key /root/tls/pem/ca-key.pem -sha256 -subj $SUBJ -out /root/tls/pem/ca.pem
#============================================================================================
#Issue a certificate to the server# 1. The server generates its own private key openssl genrsa -out /root/tls/pem/server-key.pem 4096
# 2. The server generates a certificate (which contains the public key and server information)
openssl req -new -sha256 -key /root/tls/pem/server-key.pem -out /root/tls/pem/server.csr -subj "/CN=$DOMAIN_HOST"
# 3. How to connect to me? You can set multiple IP addresses and separate them with commas. echo subjectAltName=IP:xxxx,IP:0.0.0.0 > /tmp/extfile.cnf
# 4. The authority stamps the certificate to make it effective openssl x509 -passin pass:$PASSWORD -req -days 365 -sha256 -in /root/tls/pem/server.csr -CA /root/tls/pem/ca.pem -CAkey /root/tls/pem/ca-key.pem -CAcreateserial -out /root/tls/pem/server-cert.pem -extfile /tmp/extfile.cnf
#============================================================================================
#Issue a certificate to the client openssl genrsa -out /root/tls/pem/client-key.pem 4096
openssl req -subj '/CN=client' -new -key /root/tls/pem/client-key.pem -out /root/tls/pem/client.csr
echo extendedKeyUsage = clientAuth > /tmp/extfile.cnf
openssl x509 -passin pass:$PASSWORD -req -days 365 -sha256 -in /root/tls/pem/client.csr -CA /root/tls/pem/ca.pem -CAkey /root/tls/pem/ca-key.pem -CAcreateserial -out /root/tls/pem/client-cert.pem -extfile /tmp/extfile.cnf
#============================================================================================
# Clean up the file rm -rf /root/tls/pem/ca-key.pem
rm -rf /root/tls/pem/{server,client}.csr
rm -rf /root/tls/pem/ca.srl
# Final file# ca.pem == CA certificate# client-cert.pem == Client certificate# client-key.pem == Client private key# server-cert.pem == Server certificate# server-key.pem == Server private key

After the script is created, execute the script: sh create_verify.sh

After executing the shell script, the ca.pem, client-cert.pem, client-key.pem, server-cert.pem, and server-key.pem certificate files will be generated in the /root/tls/pem directory.

Next, copy the three files ca.pem, client-cert.pem, and client-key.pem to any local directory, and rename client-cert.pem and client-key.pem to cert.pem and key.pem respectively. Remember this directory will be used later.

2. Modify the docker configuration and enable remote access

$ vi /usr/lib/systemd/system/docker.service

Find the corresponding line starting with ExecStart and modify it to the following content, introduce the certificate information just now, and use port 2376 for connection. If the server is Alibaba Cloud or Tencent Cloud, this port needs to be opened in the firewall.

Restart Docker:

$ systemctl daemon-reload
$ systemctl restart docker

3. Use idea to test the connection

Install the docker plug-in on idea. This step will not be repeated here. Then fill in the relevant information as shown in the figure. The certificate information is the three files we just copied from the server. Select the directory just stored. If you see the prompt below, it means the connection is successful!

After successfully connecting to the docker server remotely, we can make our own project into a mirror and deploy it in the server k8s.

This is the end of this article about how to implement remote docker server certificate connection. For more relevant docker remote connection certificate content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:

Docker deploys mysql remote connection to solve 2003 problems
Tutorial on installing MySQL with Docker and implementing remote connection
Detailed tutorial on how to connect to a remote server Docker to deploy a Spring Boot project in IDEA
Tutorial on using portainer to connect to remote docker
Docker deploys mysql to achieve remote connection sample code
Detailed explanation of docker daemon remote connection settings

<<: About the overlap of margin value and vertical margin in CSS

>>: Methods for defragmenting and reclaiming space in MySQL tables

$Virtual domain name configuration and test verification under Linux\Nginx environment$

How to connect to a remote docker server with a certificate

Table of contents

1. Use scripts to encrypt TLS for docker

2. Modify the docker configuration and enable remote access

3. Use idea to test the connection

Virtual domain name configuration and test verification under Linux\Nginx environment

CocosCreator Universal Framework Design Network

Analysis of the implementation of MySQL statement locking

SVG button example code based on CSS animation

Detailed steps for creating a Vue scaffolding project

Implementation of element input box automatically getting focus

Analysis of MySQL crash recovery based on Redo Log and Undo Log

How to modify the master-slave replication options in MySQL online

How to set up jar application startup on CentOS7

Example of how rem is adapted for mobile devices

Recommend

Example code for css flex layout with automatic line wrapping

Embedded transplant docker error problem (summary)

Implementation example of video player based on Vue

A brief discussion on the solution of Tomcat garbled code and port occupation

JavaScript to implement drop-down list selection box

How to create a table by month in MySQL stored procedure

Detailed explanation of data sharing between Vue components

How to implement the King of Glory matching personnel loading page with CSS3

Vue implements Dialog encapsulation

Two ways to build a private GitLab using Docker

Solution to MySQL connection exception and error 10061

Example sharing of anchor tag usage in HTML

A brief discussion on the solution to the problem of native page compatibility with IE9

Discussion on the Issues of Image Button Submission and Form Repeated Submission

A preliminary understanding of CSS custom properties