How to connect to a remote docker server with a certificate

1. Use scripts to encrypt TLS for docker
2. Modify the docker configuration and enable remote access
3. Use idea to test the connection

Before starting to remotely connect to the Docker server, we need to make sure that Docker has been installed on the remote server and that Docker is running normally on the server. Next, complete the steps of remotely connecting to Docker with IDEA certificates.

1. Use scripts to encrypt TLS for docker

The following script is quoted from "Docker remote API one-click TLS encryption". Next, use this script to complete the generation of the encrypted certificate file.

Create an encryption script in the /root directory: vi create_verify.sh.

Note that in the "xxxx" section of the script, fill in the public IP address of your server.

#!/bin/bash
mkdir -p /root/tls/pem
#DOMAIN_HOST=`ifconfig eth0 | grep "inet" | awk '{ print $2}' | sed -n '1p;1q'`
DOMAIN_HOST=`hostname`
HOST=$DOMAIN_HOST
# Custom information PASSWORD="HeDongHudj"
COUNTRY=CN
PROVINCE=gd
CITY=gz
ORGANIZATION=dounine
GROUP=dg
NAME=lake
SUBJ="/C=$COUNTRY/ST=$PROVINCE/L=$CITY/O=$ORGANIZATION/OU=$GROUP/CN=$HOST"
# Custom information#====================================================================================================================
#This form is to issue a certificate to yourself. You are the CA organization, or you can give it to a third party organization to issue openssl genrsa -passout pass:$PASSWORD -aes256 -out /root/tls/pem/ca-key.pem 4096
# 2. Generate a self-signed root certificate (business license) using the root certificate RSA private key
openssl req -new -x509 -days 365 -passin pass:$PASSWORD -key /root/tls/pem/ca-key.pem -sha256 -subj $SUBJ -out /root/tls/pem/ca.pem
#============================================================================================
#Issue a certificate to the server# 1. The server generates its own private key openssl genrsa -out /root/tls/pem/server-key.pem 4096
# 2. The server generates a certificate (which contains the public key and server information)
openssl req -new -sha256 -key /root/tls/pem/server-key.pem -out /root/tls/pem/server.csr -subj "/CN=$DOMAIN_HOST"
# 3. How to connect to me? You can set multiple IP addresses and separate them with commas. echo subjectAltName=IP:xxxx,IP:0.0.0.0 > /tmp/extfile.cnf
# 4. The authority stamps the certificate to make it effective openssl x509 -passin pass:$PASSWORD -req -days 365 -sha256 -in /root/tls/pem/server.csr -CA /root/tls/pem/ca.pem -CAkey /root/tls/pem/ca-key.pem -CAcreateserial -out /root/tls/pem/server-cert.pem -extfile /tmp/extfile.cnf
#============================================================================================
#Issue a certificate to the client openssl genrsa -out /root/tls/pem/client-key.pem 4096
openssl req -subj '/CN=client' -new -key /root/tls/pem/client-key.pem -out /root/tls/pem/client.csr
echo extendedKeyUsage = clientAuth > /tmp/extfile.cnf
openssl x509 -passin pass:$PASSWORD -req -days 365 -sha256 -in /root/tls/pem/client.csr -CA /root/tls/pem/ca.pem -CAkey /root/tls/pem/ca-key.pem -CAcreateserial -out /root/tls/pem/client-cert.pem -extfile /tmp/extfile.cnf
#============================================================================================
# Clean up the file rm -rf /root/tls/pem/ca-key.pem
rm -rf /root/tls/pem/{server,client}.csr
rm -rf /root/tls/pem/ca.srl
# Final file# ca.pem == CA certificate# client-cert.pem == Client certificate# client-key.pem == Client private key# server-cert.pem == Server certificate# server-key.pem == Server private key

After the script is created, execute the script: sh create_verify.sh

After executing the shell script, the ca.pem, client-cert.pem, client-key.pem, server-cert.pem, and server-key.pem certificate files will be generated in the /root/tls/pem directory.

Next, copy the three files ca.pem, client-cert.pem, and client-key.pem to any local directory, and rename client-cert.pem and client-key.pem to cert.pem and key.pem respectively. Remember this directory will be used later.

2. Modify the docker configuration and enable remote access

$ vi /usr/lib/systemd/system/docker.service

Find the corresponding line starting with ExecStart and modify it to the following content, introduce the certificate information just now, and use port 2376 for connection. If the server is Alibaba Cloud or Tencent Cloud, this port needs to be opened in the firewall.

Restart Docker:

$ systemctl daemon-reload
$ systemctl restart docker

3. Use idea to test the connection

Install the docker plug-in on idea. This step will not be repeated here. Then fill in the relevant information as shown in the figure. The certificate information is the three files we just copied from the server. Select the directory just stored. If you see the prompt below, it means the connection is successful!

After successfully connecting to the docker server remotely, we can make our own project into a mirror and deploy it in the server k8s.

This is the end of this article about how to implement remote docker server certificate connection. For more relevant docker remote connection certificate content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:

Docker deploys mysql remote connection to solve 2003 problems
Tutorial on installing MySQL with Docker and implementing remote connection
Detailed tutorial on how to connect to a remote server Docker to deploy a Spring Boot project in IDEA
Tutorial on using portainer to connect to remote docker
Docker deploys mysql to achieve remote connection sample code
Detailed explanation of docker daemon remote connection settings

<<: About the overlap of margin value and vertical margin in CSS

>>: Methods for defragmenting and reclaiming space in MySQL tables

MySQL 5.7.24 compressed package installation and configuration method graphic tutorial

How to connect to a remote docker server with a certificate

Table of contents

1. Use scripts to encrypt TLS for docker

2. Modify the docker configuration and enable remote access

3. Use idea to test the connection

MySQL 5.7.24 compressed package installation and configuration method graphic tutorial

Detailed steps for deploying Tomcat server based on IDEA

MySQL gets the current date and time function

Simple analysis of EffectList in React

How to implement remote access control in Centos 7.4

Analysis of uniapp entry-level nvue climbing pit record

A brief discussion on how to use slots in Vue

MySQL learning to create and operate databases and table DDL for beginners

CSS adaptive layout realizes the overall centering of sub-element items and left alignment of internal items

The specific implementation of div not automatically wrapping and forcing not wrapping in html

Recommend

MySQL database monitoring software lepus usage problems and solutions

Vue implements partial refresh of the page (router-view page refresh)

CSS pseudo-class: empty makes me shine (example code)

Summary of Problems in Installation and Usage of MySQL 5.7.19 Winx64 ZIP Archive

Pure CSS meteor shower background sample code

How to add Lua module to Nginx

Linux file management command example analysis [permissions, create, delete, copy, move, search, etc.]

Solve the problem that the Node.js mysql client does not support the authentication protocol

Vue imports excel table, and automatically downloads the data that failed to import

How to make ApacheBench support multi-url

One line of CSS code to achieve the integration of avatar and national flag

Summarize the common application problems of XHTML code

Detailed explanation of the use of Vue's new built-in components

Enable sshd operation in docker

Example of using HTML+CSS to implement a secondary menu bar when the mouse is moved