centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-28 06:49:00 +07:00
Code Issues Packages Projects Releases Wiki Activity

v1.4 seed

Browse Source
This commit is contained in:
John Mulhausen
2016-09-01 14:09:43 -07:00
parent c67c1f7f12
commit 4d41e40a79
348 changed files with 161922 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
articles/https/Dockerfile Normal file
View File

@@ -0,0 +1,10 @@
FROM debian
RUN apt-get update && apt-get install -yq openssl
ADD make_certs.sh /
WORKDIR /data
VOLUMES ["/data"]
CMD /make_certs.sh

23
articles/https/Makefile Normal file
View File

@@ -0,0 +1,23 @@
HOST:=boot2docker
makescript:
./parsedocs.sh > make_certs.sh
build: makescript
docker build -t makecerts .
cert: build
docker run --rm -it -v $(CURDIR):/data -e HOST=$(HOST) makecerts
certs: cert
run:
docker -d -D --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=0.0.0.0:6666 --pidfile=$(pwd)/docker.pid --graph=$(pwd)/graph
client:
docker --tls --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=$(HOST):6666 version
docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=$(HOST):6666 info
clean:
rm ca-key.pem ca.pem ca.srl cert.pem client.csr extfile.cnf key.pem server-cert.pem server-key.pem server.csr

30
articles/https/ca-key.pem Normal file
View File

@@ -0,0 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,1D26FB962D005D68B7CEC841D7DBD67B
B8L5mFNyYx8eapqxU5epHRCcwS+XoXQiyTlxkw7rQjECyLHpWztVjCq2F0d6Tn3G
0CsMv6+bs4UDA2J7HeRWf+ares3IGlwqawIrzKfJyFuUXA7NKvbMNm2HH1FjxZQW
YHy/sqS7mxJdW5djlPlC3qXAngX39XMB4njbKERc21bhFOIJ9H8QsPJ2SVXRtD58
bL/6pf5fa8D+ya65nIGBWCg9ww8hZHT27tNzgAi0jhOmzgUXDldObkG97oRdQSiC
71IYJV9F3WMyi6IqgXQKhzLevjxhXOmwrKnR9MqEbBIdJpjq9A80vh2zirHIbUMI
DbWg14XC6pdx+Upff2Uh1qljkL+eV4Trq8somv8DBHj9RuNO2R8bN4GAWaHyGyO+
IgXsmeCD7cs0R9JOjnwetiDKmdOczEwF1AqLB2WUHw1zxyh1VSai384E8+tmbzqQ
QsJmt5saIPy2+dgYX0h9WrfblVitEN8Vq7XDN8vw3xtyfJMvWCfaUu8q+FAK+Oh+
pyl6kHTiRZl1mbMIvLrdD34MxT05uoS3yacjJ2q/qZILGsHyT49sHpxp6nLzdYnr
1apwvHqozjTmXjhTUip8tZJUXtH4Ro8wSFuT2glR/1e/CoypIZt0yk1ibG60FPfh
0VxS2LpGXmMOyWPIqEeYseXPeoGYijfFrmswyPH7+r+nNiQXbiq6FwmIHg167X4S
jCLkQT2TBEwpfKp/AdHAnln25tt0lyjjvKSy+Qp1tuSQUepaFbUKvzJilVEtpoYd
lRtcDbU+lMZyoT/LADKiLfTQz1NVTn371bF7ez3+nBkKfcUKduRdwQCb/FIZAcFN
JbZbQG2K61iHzonSO4pnmt7goCnzymiCABGP90SvaxV5+mAMSVrURyy9IVX6A+rP
G1n5H+KNGjWYcjRYGe7b3qXNGt8VgaKYQ7lwZlDgHlSJKDMuFOOEiRuGh01QvG4U
2hdFCYYhrHgRx7EWR+ups3v2R25eN+zXOGzVvs/+V4CLi74AkDp9HZiUjdTRJneo
4HrnRcb4jSsLJhDg3U3hIkTFXRWJRXcWMjJ+pU+B0FUZaZxSFyv8Mn5Ivbi+jBIY
N+UY7+tNcVNkuYFnYHkMbpMG1B213Dcd+fOJXO4mPPvITmA3QhcfJ4VrSGkjPe8e
2uCL1URjdDkEAAhCQP4vuQ4LdsF3xp7a4s895UwCxqwcNbEslxUSra3Vzljbmld0
W/BtURwhQfkf6AkbeDxngnCTFsykTfvbRvMeeseyQ0QT17exHRA7uWDFrrL+ddcm
kGc3OJp7SxZljaUEhOXfsbVmsz2YE+LXIXM7saoHzAqg29WoeqDtqUvbMfHpKG3y
F6/yxjrSiQ7FmAJt1dSBrGD4HZKZiB98lWe+VX8sYCwDfkvL6BduOdxipZlyFsi5
T/zAbxGwqmd8DgZwUjfke/MXu2yxNO3jv9k4vEfzXTSIQLjZcQMz81WzV27BjSit
l+OVvNrjbBpRrjiwMmibYLmutJV0IpTViwk9b3MbX6NT9PmjfemEZcGRlJvR28ON
4pEyNX2657em8VxhEcx7GnVuqsd0tpIjfWmj0DpfDWVHMmNoRpxjVRxbT6+/zmNg
-----END RSA PRIVATE KEY-----

22
articles/https/ca.pem Normal file
View File

@@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDjzCCAnegAwIBAgIJAIIb0DqdqnJQMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAkxMjcuMC4wLjEx
EjAQBgNVBAsMCTEyNy4wLjAuMTESMBAGA1UEAwwJMTI3LjAuMC4xMB4XDTE1MDEy
MzAxNTAzMloXDTE2MDEyMzAxNTAzMlowXjELMAkGA1UEBhMCQVUxEzARBgNVBAgM
ClNvbWUtU3RhdGUxEjAQBgNVBAoMCTEyNy4wLjAuMTESMBAGA1UECwwJMTI3LjAu
MC4xMRIwEAYDVQQDDAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDFiCT1k7H4YYm311EBF63/EV/rTPd2C7DGnM0elHnzvPJ44I3aK9Kp
ZsTglS8tIV5BMmVZNDFCLvVMgHpjp5nCtPRkGCqGg38wedwfy72hmafJx5pk1HI8
XBPtRBZgKsyg8WwV67lf99dNBGHl29OeWgSuPOL+643/0U/o8EfEpZACqu6X/FzO
cGK/XDP2nUf9FRBL5U4Q2+UdEDSb4Wl9IuWwS0jTC16i/hhHwv0PbTDafv7odIpT
TJl03SVm299I6ObCOcmKPPNTjXz3aO8MYZQDA6rr4zhBvVhiNk+ShyD9bSwSp0zX
65ERqMrtJoQDJ9nc88RJVva164Upy7BfAgMBAAGjUDBOMB0GA1UdDgQWBBQdDyg/
Fiaq72nblJMBhUAotA3rHDAfBgNVHSMEGDAWgBQdDyg/Fiaq72nblJMBhUAotA3r
HDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBUrgpl5CLf/kuZBYGW
qup9h1T6WTE3uSF9eCR0mqq3AR7hhUBl5fecOPLNnRKg8l3VrYLxQzQGOC1zkTXJ
cka7VCY6vWgiO7QANnN1P60xXvgIbQlIsjU+KwNE6+87CUcdmMB/dWUDVyl5YsLe
eMtN7/UJ+nLaIbBFDoDnrSUUAHvjaQPK6rs0usbDg/SNTU/NW+GGDvptmPS/0N0b
sr2Ru504AS8rZhcCDby2ySGLnhVJoi+evtZQ9XKrgGR3aG3JU59gciQUbsjU+nbk
XXp2oFvrZGAfo1PUoHH2Zih8o4hvezKLoUBUxTCRw/6SAWo7Kz35wgF52EIHQ2lh
ecF+
-----END CERTIFICATE-----

1
articles/https/ca.srl Normal file
View File

@@ -0,0 +1 @@
E4FDDD7295F6D385

19
articles/https/cert.pem Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDCTCCAfGgAwIBAgIJAOT93XKV9tOFMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAkxMjcuMC4wLjEx
EjAQBgNVBAsMCTEyNy4wLjAuMTESMBAGA1UEAwwJMTI3LjAuMC4xMB4XDTE1MDEy
MzAxNTAzN1oXDTE2MDEyMzAxNTAzN1owETEPMA0GA1UEAwwGY2xpZW50MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhx1oTKy+X9k87vel6gLxWdvtcQq
YxK43qz2c/kpF9rn8YcaXwuPyxZ9nTwk70OeRPrmSKy/SGqqHpnoCMBBpSiwRaP/
Y9qXlQaaBqk90BQkOo/YvXuRmhT65gXd19SIdOOjj/5oWsnxCJfl6Imzxuf9NAE3
SbezAMVb63Pdp5N/rFDcnSx6LTLxaIMRAJMxYn09kdv4dnAxYSSogFhwihmfUatM
fRDtNExyKfBOhAp0u9JAKTVqxwxX8KMguLjTtghGTGuXWmBtgTuihloo/3nZQBFP
dbtpNwnSVMZ/IndGJoBvN1XwI3idbJAqpY3bvpaH93eMge3Asa8NM0JydQIDAQAB
oxcwFTATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAZQBR
doFElECmWLzb08POWtMZCSQZYoToByLEonpWdgfRzUHDlEZk6tPr5v+0XGehc1l8
/NFF5BiCe80Lxc16BMkP0pSunsRCQjOYY7PZi6O8Dhu6fPqO/tGu6EuYTrSE3La0
JJX9Ba33gz9h3BOq3ZvUAFlOMW29oiZpgRBUHWFSecz/yxHMTcp+iFAeEuBxjQ83
xnrJZ1TJuK/WDNeoE7xX5p7j/sxRUjwU5ree5K15pjfXa8ra8BR+Hc+9Mtq5G2WR
kuQqqNfumR9QG3AQpFSuA0NB9qSt1k3hoyw3p52NWM/FgiOemCtOGUW4Hqu+/+xn
dBh95B3uSdZeyPEWRg==
-----END CERTIFICATE-----

15
articles/https/client.csr Normal file
View File

@@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICVjCCAT4CAQAwETEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAyhx1oTKy+X9k87vel6gLxWdvtcQqYxK43qz2c/kpF9rn
8YcaXwuPyxZ9nTwk70OeRPrmSKy/SGqqHpnoCMBBpSiwRaP/Y9qXlQaaBqk90BQk
Oo/YvXuRmhT65gXd19SIdOOjj/5oWsnxCJfl6Imzxuf9NAE3SbezAMVb63Pdp5N/
rFDcnSx6LTLxaIMRAJMxYn09kdv4dnAxYSSogFhwihmfUatMfRDtNExyKfBOhAp0
u9JAKTVqxwxX8KMguLjTtghGTGuXWmBtgTuihloo/3nZQBFPdbtpNwnSVMZ/IndG
JoBvN1XwI3idbJAqpY3bvpaH93eMge3Asa8NM0JydQIDAQABoAAwDQYJKoZIhvcN
AQEFBQADggEBAF/2ajETxVC4PyFwrecvTrMR+srbAoy87TCwiadXbXyXfK+CkL8s
AjQOuhLpwq7/W8mfwxasE+5SlPSUbeoh+GVs3joLe09zzLFr+Z8AT8ts78OSfjR4
8U5YhQYK/riUSlvZ1087R4ETrf35Y6sAy8Aa3IJGaou0v4yLADXQIddlh9Ipd+LY
DUg5vIe4hUVCDJyMdWXuescQPMG3BV1kK/Wb3AfiOy9glj27royoEPPYVP7Yyg42
SAWVHz2TnOn08I+Eq43cG1lZ4L1MuH/Mn6HOzrdqpa60uehANfKGNXKB9qIHgM8P
WnviuzTMFZnFpJLPh3DBD86GZNpOsmwud6A=
-----END CERTIFICATE REQUEST-----

1
articles/https/extfile.cnf Normal file
View File

@@ -0,0 +1 @@
extendedKeyUsage = clientAuth

917
articles/https/index.html Normal file
View File

@@ -0,0 +1,917 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
<meta name="docker_version" content="1.4.1">
<meta name="docker_git_branch" content="master">
<meta name="docker_git_commit" content="3c097c2">
<meta name="docker_build_date" content="Wed Jan 28 04:30:29 UTC 2015">
<meta name="description" content="How to setup and run Docker with HTTPS">
<meta name="keywords" content="docker, docs, article, example, https, daemon, tls, ca, certificate">
<link rel="canonical" href="/articles/https/">
<link href="/css/bootstrap-custom.css" rel="stylesheet">
<link href="/css/main.css" rel="stylesheet">
<link href="/css/prettify-1.0.css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="/css/dockerfile_tutorial.css">
<link href="/tipuesearch/tipuesearch.css" rel="stylesheet">
<link href="/css/docs.css" rel="stylesheet">
<link rel="shortcut icon" href="/img/favicon.png">
<title>Running Docker with HTTPS - Docker Documentation</title>
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
<script type="text/javascript">
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-6096819-11', 'docker.com');
ga('require', 'linkid', 'linkid.js');
ga('send', 'pageview', {
'page': location.pathname + location.search + location.hash,
});
</script>
</head>
<body>
<div id="topmostnav" class="topmostnav_loggedout navbar navbar-static-top public">
<div class="container">
<a href="http://www.docker.com/" title="Homepage">
<div class="brand logo"><img src="/img/nav/docker-logo-loggedout.png"> </div>
</a>
<ul class="nav">
<li class=""><a href="http://www.docker.com/whatisdocker/" title="What is Docker">What is Docker?</a></li>
<li class=""><a href="http://www.docker.com/resources/usecases/" title="Use Cases">Use Cases</a></li>
<li class=""><a href="http://www.docker.com/tryit/" title="Try It!">Try It!</a></li>
<li class="active"><a href="https://docs.docker.com" title="Install &amp; Docs">Install &amp; Docs</a></li>
<li><a href="https://registry.hub.docker.com" title="Browse">Browse</a></li>
</ul>
<div id="usernav" class="pull-right">
<a href="https://hub.docker.com/account/login" class="btn nav-button2" title="Lg In">Log In</a>
<a href="https://hub.docker.com/account/signup" class="btn nav-button1" title="Sign Up">Sign Up</a>
</div>
</div>
</div>
<div id="topmostnav" class="topmostnav_loggedin navbar navbar-static-top">
<div class="container">
<a href="http://www.docker.com/" title="Docker Docs Home"><div class="brand logo"><img src="/img/nav/docker-logo-loggedin.png"> </div></a>
<form id="search_box_header" class="navbar-index-search pull-right" action="https://registry.hub.docker.com/search">
<span role="status" aria-live="polite" class="ui-helper-hidden-accessible"></span><input type="text" class="search-query ui-autocomplete-input" placeholder="Search..." name="q" value="" autocomplete="off">
</form>
<ul class="nav">
<li><a href="https://registry.hub.docker.com" title="Browse Repos">Browse Repos</a></li>
<li class="active"><a href="http://docs.docker.com" title="Documentation">Documentation</a></li>
<li><a href="http://www.docker.com/community/participate/" title="Community">Community</a></li>
<li><a href="http://www.docker.com/resources/help/" title="Help">Help</a></li>
</ul>
<div id="usernav" class="pull-right">
<ul class="nav user">
<li class="dropdown">
<a id="logged-in-header-username" class="dropdown-toggle" data-toggle="dropdown" href="#">
<img class="profile" src="" alt="profile picture">
</a>
<ul class="dropdown-menu pull-right">
<li><a href="https://hub.docker.com/">View Profile</a></li>
<li><a href="https://hub.docker.com/account/settings/">Settings</a></li>
<li><a href="https://hub.docker.com/repos/">My Repositories</a></li>
<li><a href="https://hub.docker.com/plans/billing-info">Billing</a></li>
<li><a href="https://hub.docker.com/account/logout/?next=/">Log out</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
<div id="wrap">
<nav id="nav_menu" class="clearfix navbar navbar-default navbar-static-top affix" role="navigation">
<div id="docsnav">
<ul id="main-nav" class="pull-left">
<li class="dd_menu pull-left">
<a href="/">About</a>
<ul class="dd_submenu" style="max-height: 75px;">
<li >
<a href="/">Docker</a>
</li>
<li >
<a href="/release-notes/">Release Notes</a>
</li>
<li >
<a href="/introduction/understanding-docker/">Understanding Docker</a>
</li>
</ul>
</li>
<li class="dd_menu pull-left">
<a href="/installation/mac/">Installation</a>
<ul class="dd_submenu" style="max-height: 75px;">
<li >
<a href="/installation/mac/">Mac OS X</a>
</li>
<li >
<a href="/installation/ubuntulinux/">Ubuntu</a>
</li>
<li >
<a href="/installation/rhel/">Red Hat Enterprise Linux</a>
</li>
<li >
<a href="/installation/oracle/">Oracle Linux</a>
</li>
<li >
<a href="/installation/centos/">CentOS</a>
</li>
<li >
<a href="/installation/debian/">Debian</a>
</li>
<li >
<a href="/installation/gentoolinux/">Gentoo</a>
</li>
<li >
<a href="/installation/google/">Google Cloud Platform</a>
</li>
<li >
<a href="/installation/rackspace/">Rackspace Cloud</a>
</li>
<li >
<a href="/installation/amazon/">Amazon EC2</a>
</li>
<li >
<a href="/installation/softlayer/">IBM Softlayer</a>
</li>
<li >
<a href="/installation/archlinux/">Arch Linux</a>
</li>
<li >
<a href="/installation/frugalware/">FrugalWare</a>
</li>
<li >
<a href="/installation/fedora/">Fedora</a>
</li>
<li >
<a href="/installation/SUSE/">SUSE</a>
</li>
<li >
<a href="/installation/cruxlinux/">CRUX Linux</a>
</li>
<li >
<a href="/installation/windows/">Microsoft Windows</a>
</li>
<li >
<a href="/installation/binaries/">Binaries</a>
</li>
</ul>
</li>
<li class="dd_menu pull-left">
<a href="/userguide/">User Guide</a>
<ul class="dd_submenu" style="max-height: 75px;">
<li >
<a href="/userguide/">The Docker User Guide</a>
</li>
<li >
<a href="/userguide/dockerhub/">Getting Started with Docker Hub</a>
</li>
<li >
<a href="/userguide/dockerizing/">Dockerizing Applications</a>
</li>
<li >
<a href="/userguide/usingdocker/">Working with Containers</a>
</li>
<li >
<a href="/userguide/dockerimages/">Working with Docker Images</a>
</li>
<li >
<a href="/userguide/dockerlinks/">Linking containers together</a>
</li>
<li >
<a href="/userguide/dockervolumes/">Managing data in containers</a>
</li>
<li >
<a href="/userguide/dockerrepos/">Working with Docker Hub</a>
</li>
</ul>
</li>
<li class="dd_menu pull-left">
<a href="/docker-hub/">Docker Hub</a>
<ul class="dd_submenu" style="max-height: 75px;">
<li >
<a href="/docker-hub/">Docker Hub</a>
</li>
<li >
<a href="/docker-hub/accounts/">Accounts</a>
</li>
<li >
<a href="/docker-hub/repos/">Repositories</a>
</li>
<li >
<a href="/docker-hub/builds/">Automated Builds</a>
</li>
<li >
<a href="/docker-hub/official_repos/">Official Repo Guidelines</a>
</li>
</ul>
</li>
<li class="dd_menu pull-left">
<a href="/examples/nodejs_web_app/">Examples</a>
<ul class="dd_submenu" style="max-height: 75px;">
<li >
<a href="/examples/nodejs_web_app/">Dockerizing a Node.js web application</a>
</li>
<li >
<a href="/examples/mongodb/">Dockerizing MongoDB</a>
</li>
<li >
<a href="/examples/running_redis_service/">Dockerizing a Redis service</a>
</li>
<li >
<a href="/examples/postgresql_service/">Dockerizing a PostgreSQL service</a>
</li>
<li >
<a href="/examples/running_riak_service/">Dockerizing a Riak service</a>
</li>
<li >
<a href="/examples/running_ssh_service/">Dockerizing an SSH service</a>
</li>
<li >
<a href="/examples/couchdb_data_volumes/">Dockerizing a CouchDB service</a>
</li>
<li >
<a href="/examples/apt-cacher-ng/">Dockerizing an Apt-Cacher-ng service</a>
</li>
</ul>
</li>
<li class="dd_menu pull-left active">
<a href="/articles/basics/">Articles</a>
<ul class="dd_submenu" style="max-height: 75px;">
<li >
<a href="/articles/basics/">Docker basics</a>
</li>
<li >
<a href="/articles/networking/">Advanced networking</a>
</li>
<li >
<a href="/articles/security/">Security</a>
</li>
<li class="active">
<a href="/articles/https/">Running Docker with HTTPS</a>
</li>
<li >
<a href="/articles/registry_mirror/">Run a local registry mirror</a>
</li>
<li >
<a href="/articles/host_integration/">Automatically starting containers</a>
</li>
<li >
<a href="/articles/baseimages/">Creating a base image</a>
</li>
<li >
<a href="/articles/dockerfile_best-practices/">Best practices for writing Dockerfiles</a>
</li>
<li >
<a href="/articles/certificates/">Using certificates for repository client verification</a>
</li>
<li >
<a href="/articles/using_supervisord/">Using Supervisor</a>
</li>
<li >
<a href="/articles/cfengine_process_management/">Process management with CFEngine</a>
</li>
<li >
<a href="/articles/puppet/">Using Puppet</a>
</li>
<li >
<a href="/articles/chef/">Using Chef</a>
</li>
<li >
<a href="/articles/dsc/">Using PowerShell DSC</a>
</li>
<li >
<a href="/articles/ambassador_pattern_linking/">Cross-Host linking using ambassador containers</a>
</li>
<li >
<a href="/articles/runmetrics/">Runtime metrics</a>
</li>
<li >
<a href="/articles/b2d_volume_resize/">Increasing a Boot2Docker volume</a>
</li>
<li >
<a href="/articles/systemd/">Controlling and configuring Docker using Systemd</a>
</li>
</ul>
</li>
<li class="dd_menu pull-left">
<a href="/reference/commandline/cli/">Reference</a>
<ul class="dd_submenu" style="max-height: 75px;">
<li >
<a href="/reference/commandline/cli/">Command line</a>
</li>
<li >
<a href="/reference/builder/">Dockerfile</a>
</li>
<li >
<a href="/faq/">FAQ</a>
</li>
<li >
<a href="/reference/run/">Run Reference</a>
</li>
<li >
<a href="/reference/api/docker-io_api/">Docker Hub API</a>
</li>
<li >
<a href="/reference/api/registry_api/">Docker Registry API</a>
</li>
<li >
<a href="/reference/api/registry_api_client_libraries/">Docker Registry API Client Libraries</a>
</li>
<li >
<a href="/reference/api/hub_registry_spec/">Docker Hub and Registry Spec</a>
</li>
<li >
<a href="/reference/api/docker_remote_api/">Docker Remote API</a>
</li>
<li >
<a href="/reference/api/docker_remote_api_v1.16/">Docker Remote API v1.16</a>
</li>
<li >
<a href="/reference/api/docker_remote_api_v1.15/">Docker Remote API v1.15</a>
</li>
<li >
<a href="/reference/api/docker_remote_api_v1.14/">Docker Remote API v1.14</a>
</li>
<li >
<a href="/reference/api/docker_remote_api_v1.13/">Docker Remote API v1.13</a>
</li>
<li >
<a href="/reference/api/docker_remote_api_v1.12/">Docker Remote API v1.12</a>
</li>
<li >
<a href="/reference/api/docker_remote_api_v1.11/">Docker Remote API v1.11</a>
</li>
<li >
<a href="/reference/api/remote_api_client_libraries/">Docker Remote API Client Libraries</a>
</li>
<li >
<a href="/reference/api/docker_io_accounts_api/">Docker Hub Accounts API</a>
</li>
</ul>
</li>
<li class="dd_menu pull-left">
<a href="/contributing/contributing/">Contribute</a>
<ul class="dd_submenu" style="max-height: 75px;">
<li >
<a href="/contributing/contributing/">Contributing</a>
</li>
<li >
<a href="/contributing/devenvironment/">Development environment</a>
</li>
<li >
<a href="/contributing/docs_style-guide/">Documentation style guide</a>
</li>
</ul>
</li>
</ul>
<form id="nav_search" class="pull-right" action="/jsearch/">
<span role="status" aria-live="polite" class="ui-helper-hidden-accessible"></span>
<input name="q" id="tipue_search_input" type="text" class="search_input search-query ui-autocomplete-input" placeholder="Search the Docs" autocomplete="off">
</form>
</div>
</nav>
<div id="content" class="container">
<div class="row">
<div class="span3" id="leftnav">
<div id="toc_table">
<ul class="nav nav-tabs nav-stacked">
<li class=""><a href="#create-a-ca-server-and-client-keys-with-openssl">Create a CA, server and client keys with OpenSSL</a></li>
<li class=""><a href="#secure-by-default">Secure by default</a></li>
<li class=""><a href="#other-modes">Other modes</a></li>
<h3><a href="#daemon-modes">Daemon modes</a></h3>
<h3><a href="#client-modes">Client modes</a></h3>
<h3><a href="#connecting-to-the-secure-docker-port-using-curl">Connecting to the Secure Docker port using curl</a></h3>
</ul>
</div>
</div>
<div class="span9 content-body">
<div id="versionnav" class="span3 pull-right">
<ul class="nav version pull-right">
<li class="dropdown">
<a id="document-version-number" class="dropdown-toggle" data-toggle="dropdown" href="#">
Version v1.4
</a>
<ul id="documentation-version-list" class="dropdown-menu pull-right">
<li role="presentation" class="divider"></li>
<li> <a class="home-link3 tertiary-nav" href="https://github.com/docker/docker/blob/master/docs/sources/articles/https.md" >Edit on GitHub</a></li>
</ul>
</li>
</ul>
</div>
<h1 id="protecting-the-docker-daemon-socket-with-https">Protecting the Docker daemon Socket with HTTPS</h1>
<p>By default, Docker runs via a non-networked Unix socket. It can also
optionally communicate using a HTTP socket.</p>
<p>If you need Docker to be reachable via the network in a safe manner, you can
enable TLS by specifying the <code>tlsverify</code> flag and pointing Docker's
<code>tlscacert</code> flag to a trusted CA certificate.</p>
<p>In the daemon mode, it will only allow connections from clients
authenticated by a certificate signed by that CA. In the client mode,
it will only connect to servers with a certificate signed by that CA.</p>
<blockquote>
<p><strong>Warning</strong>:
Using TLS and managing a CA is an advanced topic. Please familiarize yourself
with OpenSSL, x509 and TLS before using it in production.</p>
<p><strong>Warning</strong>:
These TLS commands will only generate a working set of certificates on Linux.
Mac OS X comes with a version of OpenSSL that is incompatible with the
certificates that Docker requires.</p>
</blockquote>
<h2 id="create-a-ca-server-and-client-keys-with-openssl">Create a CA, server and client keys with OpenSSL</h2>
<blockquote>
<p><strong>Note</strong>: replace all instances of <code>$HOST</code> in the following example with the
DNS name of your Docker daemon's host.</p>
</blockquote>
<p>First generate CA private and public keys:</p>
<pre class="prettyprint well"><code>$ openssl genrsa -aes256 -out ca-key.pem 2048
Generating RSA private key, 2048 bit long modulus
......+++
...............+++
e is 65537 (0x10001)
Enter pass phrase for ca-key.pem:
Verifying - Enter pass phrase for ca-key.pem:
$ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
Enter pass phrase for ca-key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:Queensland
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Docker Inc
Organizational Unit Name (eg, section) []:Boot2Docker
Common Name (e.g. server FQDN or YOUR name) []:$HOST
Email Address []:Sven@home.org.au
</code></pre>
<p>Now that we have a CA, you can create a server key and certificate
signing request (CSR). Make sure that "Common Name" (i.e., server FQDN or YOUR
name) matches the hostname you will use to connect to Docker:</p>
<blockquote>
<p><strong>Note</strong>: replace all instances of <code>$HOST</code> in the following example with the
DNS name of your Docker daemon's host.</p>
</blockquote>
<pre class="prettyprint well"><code>$ openssl genrsa -out server-key.pem 2048
Generating RSA private key, 2048 bit long modulus
......................................................+++
............................................+++
e is 65537 (0x10001)
$ openssl req -subj "/CN=$HOST" -new -key server-key.pem -out server.csr
</code></pre>
<p>Next, we're going to sign the public key with our CA:</p>
<pre class="prettyprint well"><code>$ openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem
Signature ok
subject=/CN=your.host.com
Getting CA Private Key
Enter pass phrase for ca-key.pem:
</code></pre>
<p>For client authentication, create a client key and certificate signing
request:</p>
<pre class="prettyprint well"><code>$ openssl genrsa -out key.pem 2048
Generating RSA private key, 2048 bit long modulus
...............................................+++
...............................................................+++
e is 65537 (0x10001)
$ openssl req -subj '/CN=client' -new -key key.pem -out client.csr
</code></pre>
<p>To make the key suitable for client authentication, create an extensions
config file:</p>
<pre class="prettyprint well"><code>$ echo extendedKeyUsage = clientAuth &gt; extfile.cnf
</code></pre>
<p>Now sign the public key:</p>
<pre class="prettyprint well"><code>$ openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out cert.pem -extfile extfile.cnf
Signature ok
subject=/CN=client
Getting CA Private Key
Enter pass phrase for ca-key.pem:
</code></pre>
<p>After generating <code>cert.pem</code> and <code>server-cert.pem</code> you can safely remove the
two certificate signing requests:</p>
<pre class="prettyprint well"><code>$ rm -v client.csr server.csr
</code></pre>
<p>With a default <code>umask</code> of 022, your secret keys will be <em>world-readable</em> and
writable for you and your group.</p>
<p>In order to protect your keys from accidental damage, you will want to remove their
write permissions. To make them only readable by you, change file modes as follows:</p>
<pre class="prettyprint well"><code>$ chmod -v 0400 ca-key.pem key.pem server-key.pem
</code></pre>
<p>Certificates can be world-readable, but you might want to remove write access to
prevent accidental damage:</p>
<pre class="prettyprint well"><code>$ chmod -v 0444 ca.pem server-cert.pem cert.pem
</code></pre>
<p>Now you can make the Docker daemon only accept connections from clients
providing a certificate trusted by our CA:</p>
<pre class="prettyprint well"><code>$ docker -d --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \
-H=0.0.0.0:2376
</code></pre>
<p>To be able to connect to Docker and validate its certificate, you now
need to provide your client keys, certificates and trusted CA:</p>
<blockquote>
<p><strong>Note</strong>: replace all instances of <code>$HOST</code> in the following example with the
DNS name of your Docker daemon's host.</p>
</blockquote>
<pre class="prettyprint well"><code>$ docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \
-H=$HOST:2376 version
</code></pre>
<blockquote>
<p><strong>Note</strong>:
Docker over TLS should run on TCP port 2376.</p>
<p><strong>Warning</strong>:
As shown in the example above, you don't have to run the <code>docker</code> client
with <code>sudo</code> or the <code>docker</code> group when you use certificate authentication.
That means anyone with the keys can give any instructions to your Docker
daemon, giving them root access to the machine hosting the daemon. Guard
these keys as you would a root password!</p>
</blockquote>
<h2 id="secure-by-default">Secure by default</h2>
<p>If you want to secure your Docker client connections by default, you can move
the files to the <code>.docker</code> directory in your home directory -- and set the
<code>DOCKER_HOST</code> and <code>DOCKER_TLS_VERIFY</code> variables as well (instead of passing
<code>-H=tcp://:2376</code> and <code>--tlsverify</code> on every call).</p>
<pre class="prettyprint well"><code>$ mkdir -pv ~/.docker
$ cp -v {ca,cert,key}.pem ~/.docker
$ export DOCKER_HOST=tcp://:2376 DOCKER_TLS_VERIFY=1
</code></pre>
<p>Docker will now connect securely by default:</p>
<pre class="prettyprint well"><code>$ docker ps
</code></pre>
<h2 id="other-modes">Other modes</h2>
<p>If you don't want to have complete two-way authentication, you can run
Docker in various other modes by mixing the flags.</p>
<h3 id="daemon-modes">Daemon modes</h3>
<ul>
<li><code>tlsverify</code>, <code>tlscacert</code>, <code>tlscert</code>, <code>tlskey</code> set: Authenticate clients</li>
<li><code>tls</code>, <code>tlscert</code>, <code>tlskey</code>: Do not authenticate clients</li>
</ul>
<h3 id="client-modes">Client modes</h3>
<ul>
<li><code>tls</code>: Authenticate server based on public/default CA pool</li>
<li><code>tlsverify</code>, <code>tlscacert</code>: Authenticate server based on given CA</li>
<li><code>tls</code>, <code>tlscert</code>, <code>tlskey</code>: Authenticate with client certificate, do not
authenticate server based on given CA</li>
<li><code>tlsverify</code>, <code>tlscacert</code>, <code>tlscert</code>, <code>tlskey</code>: Authenticate with client
certificate and authenticate server based on given CA</li>
</ul>
<p>If found, the client will send its client certificate, so you just need
to drop your keys into <code>~/.docker/{ca,cert,key}.pem</code>. Alternatively,
if you want to store your keys in another location, you can specify that
location using the environment variable <code>DOCKER_CERT_PATH</code>.</p>
<pre class="prettyprint well"><code>$ export DOCKER_CERT_PATH=~/.docker/zone1/
$ docker --tlsverify ps
</code></pre>
<h3 id="connecting-to-the-secure-docker-port-using-curl">Connecting to the Secure Docker port using <code>curl</code></h3>
<p>To use <code>curl</code> to make test API requests, you need to use three extra command line
flags:</p>
<pre class="prettyprint well"><code>$ curl https://$HOST:2376/images/json \
--cert ~/.docker/cert.pem \
--key ~/.docker/key.pem \
--cacert ~/.docker/ca.pem
</code></pre>
</div>
</div>
</div>
<div id="push-footer"></div>
</div>
<div id="footer-container" class="container">
<div id="footer" class="grey-body">
<div class="row">
<div class="span2">
<span class="footer-title">Community</span>
<ul class="unstyled">
<li><a class="primary-button" href="https://www.docker.com/community/events/">Events</a></li>
<li><a class="primary-button" href="http://posts.docker.com">Friends' Posts</a></li>
<li><a class="primary-button" href="https://www.docker.com/community/meetups/">Meetups</a></li>
<li><a class="primary-button" href="https://www.docker.com/community/governance/">Governance</a></li>
<li><a class="primary-button" href="http://forums.docker.com">Forums</a></li>
<li><a class="primary-button" href="http://botbot.me/freenode/docker">IRC</a></li>
<li><a class="primary-button" href="https://github.com/docker/docker">GitHub</a></li>
<li><a class="primary-button" href="http://stackoverflow.com/search?q=docker">Stackoverflow</a></li>
<li><a class="primary-button" href="http://www.cafepress.com/docker">Swag</a></li>
</ul>
</div>
<div class="span2">
<span class="footer-title">Enterprise</span>
<ul class="unstyled">
<li><a class="primary-button" href="https://www.docker.com/enterprise/support/">Support</a></li>
<li><a class="primary-button" href="https://www.docker.com/enterprise/education/">Education</a></li>
<li><a class="primary-button" href="https://www.docker.com/enterprise/services/">Services</a></li>
</ul>
<span class="footer-title">Partner Solutions</span>
<ul class="unstyled">
<li><a class="primary-button" href="https://www.docker.com/partners/find/">Find a Partner</a></li>
<li><a class="primary-button" href="https://www.docker.com/partners/program/">Partner Program</a></li>
<li><a class="primary-button" href="https://www.docker.com/partners/learn/">Learn More</a></li>
</ul>
</div>
<div class="span2">
<span class="footer-title">Resources</span>
<ul class="unstyled">
<li><a class="primary-button" href="https://docs.docker.com">Documentation</a></li>
<li><a class="primary-button" href="https://www.docker.com/resources/help/">Help</a></li>
<li><a class="primary-button" href="https://www.docker.com/resources/usecases/">Use Cases</a></li>
<li><a class="primary-button" href="http://www.docker.com/tryit/">Online Tutorial</a></li>
<li><a class="primary-button" href="https://www.docker.com/resources/howtobuy/">How To Buy</a></li>
<li><a class="primary-button" href="http://status.docker.com">Status</a></li>
<li><a class="primary-button" href="https://www.docker.com/resources/security/">Security</a></li>
</ul>
</div>
<div class="span2">
<span class="footer-title">Company</span>
<ul class="unstyled">
<li><a class="primary-button" href="https://www.docker.com/company/aboutus/">About Us</a></li>
<li><a class="primary-button" href="https://www.docker.com/company/team/">Team</a></li>
<li><a class="primary-button" href="https://www.docker.com/company/news/">News</a></li>
<li><a class="primary-button" href="https://www.docker.com/company/press/">Press</a></li>
<li><a class="primary-button" href="https://www.docker.com/company/careers/">Careers</a></li>
<li><a class="primary-button" href="https://www.docker.com/company/contact/">Contact</a></li>
</ul>
</div>
<div class="span3">
<span class="footer-title">Connect</span>
<div class="search">
<span>Subscribe to our newsletter</span>
<form action="https://www.docker.com/subscribe_newsletter/" method="post">
<input type='hidden' name='csrfmiddlewaretoken' value='aWL78QXQkY8DSKNYh6cl08p5eTLl7sOa' />
<tr><th><label for="id_email">Email:</label></th><td><input class="form-control" id="id_email" name="email" placeholder="Enter your email" type="text" /></td></tr>
<button type="submit"><i class="icon-arrow-right"></i> </button>
</form>
</div>
<ul class="unstyled social">
<li><a title="Docker on Twitter" class="primary-button blog" href="http://blog.docker.com">Blog</a></li>
<li><a title="Docker on Twitter" class="primary-button twitter" href="http://twitter.com/docker">Twitter</a></li>
<li><a title="Docker on Google+" class="primary-button googleplus" href="https://plus.google.com/u/0/communities/108146856671494713993">Google+</a></li>
<li><a title="Docker on Facebook" class="primary-button facebook" href="https://www.facebook.com/docker.run">Facebook</a></li>
<li><a title="Docker on Youtube" class="primary-button youtube" href="http://www.youtube.com/user/dockerrun">YouTube</a></li>
</ul>
<ul class="unstyled social">
<li><a title="Docker on SlideShare" class="primary-button slideshare" href="http://www.slideshare.net/Docker">Slideshare</a></li>
<li>
<a title="Docker on LinkedIn" class="primary-button" href="https://www.linkedin.com/company/docker">
<span class="linkedin"></span>
LinkedIn
</a>
</li>
<li>
<a title="Docker on GitHub" class="primary-button" href="https://github.com/docker/">
<span class="github"></span>
GitHub
</a>
</li>
<li>
<a title="Docker on Reddit" class="primary-button" href="http://www.reddit.com/r/docker">
<span class="reddit"></span>
Reddit
</a>
</li>
<li>
<a title="Docker on AngelList" class="primary-button" href="https://angel.co/docker-inc-1">
<span class="angellist"></span>
AngelList
</a>
</li>
</ul>
</div>
</div>
<div class="row clearfix">
<div class="span6 pagination-right copyright">
<span>&copy; 2014-2015 Docker, Inc.</span>
</div>
<div class="span6 pagination-left copyright">
<a href="http://www.docker.com/legal/terms_of_service">Terms</a> &middot;
<a href="http://www.docker.com/legal/privacy_policy">Privacy</a> &middot;
<a href="http://www.docker.com/legal/trademark_guidelines">Trademarks</a>
</div>
</div>
</div>
</div>
<script src="/js/jquery-1.10.2.min.js"></script>
<script src="/js/jquery.cookie.js" ></script>
<script src="/js/jquery-scrolltofixed-min.js"></script>
<script src="/js/bootstrap-3.0.3.min.js"></script>
<script src="/js/prettify-1.0.min.js"></script>
<script src="/js/dockerfile_tutorial.js"></script>
<script src="/js/dockerfile_tutorial_level.js"></script>
<script src="/js/base.js"></script>
<script src="/tipuesearch/tipuesearch_set.js"></script>
<script src="/tipuesearch/tipuesearch.min.js"></script>
<script type="text/javascript">
piAId = '45082';
piCId = '1482';
(function() {
function async_load(){
var s = document.createElement('script'); s.type = 'text/javascript';
s.src = ('https:' == document.location.protocol ? 'https://pi' : 'http://cdn') + '.pardot.com/pd.js';
var c = document.getElementsByTagName('script')[0]; c.parentNode.insertBefore(s, c);
}
if(window.attachEvent) { window.attachEvent('onload', async_load); }
else { window.addEventListener('load', async_load, false); }
})();
</script>
<script type="text/javascript">
$(document).ready(function() {
$('#content').css("min-height", $(window).height() - 553 );
// if the URL contains a version string, update the version picker to reflect that
version = document.location.pathname.match(/^\/(v\d\.\d)\/.*/)
if (version && version[1]) {
$('#document-version-number')[0].text = 'Version '+version[1];
} else {
$('#document-version-number')[0].text = $('#document-version-number')[0].text + " (Latest)"
}
// load the complete versions list
$.get("/versions.html_fragment", function( data ) {
$('#documentation-version-list').prepend(data);
//remove any "/v1.1/" bits from front, so we can add the path to the version selection dropdown.
path = document.location.pathname.replace(/^\/v\d\.\d/, "");
$('#documentation-version-list a.version').each(function(i, e) {
e.href = e.href+path;
$(e).removeClass()
});
});
})
var userName = getCookie('docker_sso_username');
if (userName) {
$('.topmostnav_loggedout').hide();
$('.topmostnav_loggedin').show();
$('#logged-in-header-username').text(userName);
} else {
$('.topmostnav_loggedout').show();
$('.topmostnav_loggedin').hide();
}
</script>
</body>
</html>

27
articles/https/key.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAyhx1oTKy+X9k87vel6gLxWdvtcQqYxK43qz2c/kpF9rn8Yca
XwuPyxZ9nTwk70OeRPrmSKy/SGqqHpnoCMBBpSiwRaP/Y9qXlQaaBqk90BQkOo/Y
vXuRmhT65gXd19SIdOOjj/5oWsnxCJfl6Imzxuf9NAE3SbezAMVb63Pdp5N/rFDc
nSx6LTLxaIMRAJMxYn09kdv4dnAxYSSogFhwihmfUatMfRDtNExyKfBOhAp0u9JA
KTVqxwxX8KMguLjTtghGTGuXWmBtgTuihloo/3nZQBFPdbtpNwnSVMZ/IndGJoBv
N1XwI3idbJAqpY3bvpaH93eMge3Asa8NM0JydQIDAQABAoIBACuAeKkbmn4tN3Nm
qoCGARKaMucys9TjQLtdCybnKDskOOw5oil2+ZpC2wKu4VxGd5htUIev9vQFUVyI
z/KiPv7nhRlYNS4u7JV8+EYaw104GJwqPgJ6yFobze0Ysik0a7KNFLV3ksqH0MOC
vk+Q5AsZ/9vjrxzE11iBIknJhJn+uNtJnu4EcW+3yjxUA+IguuWtvnp19lbigrig
gZsevAjIMVlAps3mPWI4Y4NJBmzOaoE3BD/FIVgoCWnYNPCII71Tb8XszecQDejq
1gfMWgYBdWy7Ncb4AxSAiMFhVzjbfV6ZEF6bpmnKoL9GTzRQwB7MSNkedEE4EMxE
FVyMcjkCgYEA/vqpRKBYYn/S9j0q1YWp06dGzQKUBIghoq3mHz1Y7Nq7omqmn3RM
T/yqPb8IWqnMDiC3SqKZWiAOmPMSVueWZlKBAjKhGxNrj10QTB7nK4PqCpEEA8fL
omixWZjvLJa0qWAiDc6EwOFMupPsFvGzgduYpCPK193GRRHOMskJxPcCgYEAyuuc
l4W24jWcMrNz0F3BGDdDSSyVJCdZhrG73Tj5W/w9PvjpmP0Pwtk68hwPYDy8zFDQ
mNimt02RTLHSShyvN4jIncPUgabHxQrt+qJ/MGZ7mbk9YSCjQy9o5CMRIcvGRjSz
12pp8EH4ltfJdCroGYEzivKAzFADS308QTtUZPMCgYEA0BviX+LHgM13cAcImPHZ
ZKiY/ublzLUXTuHEeyblF5yHnM6TZH3Vc0tz36W1udnwdG97am0/4PFdOLTb+RZY
CPe52ANevuyg04hPrvFiGIA4W5t0vWkq6UmtxsUuISR4G+4cnUw7yfmZWIc3IJrx
ukFzWjTkcD/QfbtEouq3EI0CgYA70R6VEAasQi9sRrgSKUD9mXTNQkYopSzf5s7B
VMU1F3MaeBesUJTv1EdrDVh+/wiMlhoXpG3oxQXa/ORHkpMYJMs2rn6bRYXIEQO8
CWDC7MLsus1cL1nROU2LSscHFmG5WlnVW3olJ91W4f9xriBDPHHsOLY9BC0keKNl
e07SfwKBgGynm+tSXDV4JN5jCI7dVWL4hQLmKlLKebKKxxSHZ7MuZCDXbnI88gfe
u2XpVpvt4bK+fY8OLvMYy7btMujNZL69OV7TIwqhhRy3WnLCOCiYgQNfBk5qJAMi
cvgZSiByjiJTCuxoMcrh9wj+Z3MpMJ3d6fFXI//D21lgxelU5fBj
-----END RSA PRIVATE KEY-----

23
articles/https/make_certs.sh Normal file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
openssl genrsa -aes256 -out ca-key.pem 2048
echo "enter your Docker daemon's hostname as the 'Common Name'= ($HOST)"
#TODO add this as an ENV to docker run?
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
# server cert
openssl genrsa -out server-key.pem 2048
openssl req -subj "/CN=$HOST" -new -key server-key.pem -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem
#client cert
openssl genrsa -out key.pem 2048
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile.cnf
openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out cert.pem -extfile extfile.cnf

4
articles/https/parsedocs.sh Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
echo "#!/bin/sh"
cat ../https.md | awk '{if (sub(/\\$/,"")) printf "%s", $0; else print $0}' | grep ' $ ' | sed 's/ $ //g' | sed 's/2375/7777/g' | sed 's/2376/7778/g'

18
articles/https/server-cert.pem Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC8DCCAdgCCQDk/d1ylfbThDANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UECgwJMTI3LjAuMC4xMRIwEAYD
VQQLDAkxMjcuMC4wLjExEjAQBgNVBAMMCTEyNy4wLjAuMTAeFw0xNTAxMjMwMTUw
MzVaFw0xNjAxMjMwMTUwMzVaMBYxFDASBgNVBAMMC2Jvb3QyZG9ja2VyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/LTauqju9S++SG3t9R2qdCpmHeX
8dHOxvoCyXQjKlyOIN6trz8GgN28viVzDGURuWLmPz0IVFqstTqc/XF0/3xIQRJm
ABQI60KTgEIhI2gYwQxdmvcDALgsNOZAT5VI9xXUQlPvRPUN4dYD4DiMpw3dzDeh
fEwc+CGVsVV6/ubNaR6MBQ9u8hqeQPTe1Rftq5JrQgaeQnPyA9QWnVe9p5T4S0yN
2ar6yFjeYX6Pe1j0SwhINieD6gDvshtfwMRLEqzCFuR33B2D/uj1DNopExOMusYo
jR6q7gN0AHO0NNHd6usBKfAGAgQf6Te8JugByNR4c+a/z2kWbfXiWfnLeQIDAQAB
MA0GCSqGSIb3DQEBBQUAA4IBAQCFqUgMLssgkmChl1OkRYltC658oQ1SeHJChrvu
Sw+A8HYkD366g81atbrMKqn4aEqKW8m4lnKo4LazuY1zfb70bACSVKCN2uOhITAR
RA+br2Ch1UehWWX0hVAIpi5L4rhoGHx33AINDLwakp43BNGPBGjHSdqcFqSGWSgJ
Ere1dGUug6CQ2wu32ydMx95vHBD4owTh0bYj0IZuq5hj9/mtIVHMIhWTgm3WVQZj
P8NAsf8itlVqYCbhz3nr9AGwVOpFe0civjDUTUjRTKAYtXi0101XUkD0dSz8th2+
HeC8ELDUfR38cO6ZBn8vaJIPelrM2Ry3FhVYO9xe+2F6Z4j+
-----END CERTIFICATE-----

27
articles/https/server-key.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAq/LTauqju9S++SG3t9R2qdCpmHeX8dHOxvoCyXQjKlyOIN6t
rz8GgN28viVzDGURuWLmPz0IVFqstTqc/XF0/3xIQRJmABQI60KTgEIhI2gYwQxd
mvcDALgsNOZAT5VI9xXUQlPvRPUN4dYD4DiMpw3dzDehfEwc+CGVsVV6/ubNaR6M
BQ9u8hqeQPTe1Rftq5JrQgaeQnPyA9QWnVe9p5T4S0yN2ar6yFjeYX6Pe1j0SwhI
NieD6gDvshtfwMRLEqzCFuR33B2D/uj1DNopExOMusYojR6q7gN0AHO0NNHd6usB
KfAGAgQf6Te8JugByNR4c+a/z2kWbfXiWfnLeQIDAQABAoIBAHwlHNmjwUV668sJ
uhBCmM4wdlI7fnu8hHOKzHpQnJcYLhGzVGkjsvlVntEWTsNTMYHM0vozgZENyoYq
ZHBj+xn+zFgXBYfm7y2UatR+alia7sxqtiaNUyCw2FH1L9eFrCGhJBgja6w41aYJ
E9FOYta2Hz4zqCcK+Rt5fA+F7QCdyeMl/HVwp1401ca7/tOn6ad2lVUcchkA8SZq
uP/2gqQVj5LsxU5Zi+/PCoLvu3z+PdTrr+935vXMWkL6p8cZg+ePes47kLOrC9zB
rJp8SCZ4rBmnibpAQ51hKrMGhR6jKjKOaY+alUVZteLGSwXqE6b7A8izVkOqII3t
gf3BAZECgYEA2b/bPSzXCLGoECHs8jvhktSuUzlZnm2U4HWSZfb9WWHP5QC/6dXe
vZp7t77BmjTUxagPAUuWaNKOMp0511pH4GSpxB8w36GkoTKPbRQNBGrzTZWVbokN
hivYut0IFqdzhqsa2vAHXUfqZdfxEui/hBV0VcyPl4aJTT8fC+SmGG0CgYEAyidQ
LQRaBoylMiHFEkAyoYBlHAMatsuTgz2h+wm4vSvx/mCxIy8G7FNQcAmf83sQE+R9
aJg7xaBdi8qx9hGc3ibX+P8/NrICVmxXOtSpOd82+66oW4U6PxptNGq0nbazqZRf
gB5ZDyJBLti4k5FlNp6fk/ls1jGj4FEzJiU8770CgYAft4xtqrxfrdD3GJn05rgC
tSv3P2FIbFnFIBsE8ycP/+lSR/usSdS59WiT6Rs2JP/hEous+p+cAR9pS/GC5smV
a9Q2lvx9doQOXtj5YHRM8m8iG+m6QghQRM662Ts2YYm4UfAFd/T6p2EDGKMqx/At
gxqA7Nz1i0kwkUMqblGrOQKBgEvRmtyHeUxji8HVsJg7w8GW6lUrROWyTM04XHxP
FR6+ULDbixRrGumgBdc/hOJJEaqkU/Taw/BHSU6Y404rJO6dGvukoAzfjsjjMYQ7
Jo0yDukuhK5utX3dZ3/1VXChiZjcsUTYHQb0DgaH+hI+wftOWwOg1RUw4QnM6qYv
6T7xAoGAH/A9MPEC7kgxuqLtfwNNB3UKyuc662NBB/6snSQy9GHUth850dsYbQ7k
KIzuipfZPP3fhc4mS1o1W7rw0LGEyJbVT9JQBbrxCkN5MJP+thpVoUtxcGE6aJbh
f8WZ/uiWV6CzBR6fgchhpufCkGzuU0ITtg6KcZx+4jVjBMJmnFI=
-----END RSA PRIVATE KEY-----

15
articles/https/server.csr Normal file
View File

@@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICWzCCAUMCAQAwFjEUMBIGA1UEAwwLYm9vdDJkb2NrZXIwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCr8tNq6qO71L75Ibe31Hap0KmYd5fx0c7G+gLJ
dCMqXI4g3q2vPwaA3by+JXMMZRG5YuY/PQhUWqy1Opz9cXT/fEhBEmYAFAjrQpOA
QiEjaBjBDF2a9wMAuCw05kBPlUj3FdRCU+9E9Q3h1gPgOIynDd3MN6F8TBz4IZWx
VXr+5s1pHowFD27yGp5A9N7VF+2rkmtCBp5Cc/ID1BadV72nlPhLTI3ZqvrIWN5h
fo97WPRLCEg2J4PqAO+yG1/AxEsSrMIW5HfcHYP+6PUM2ikTE4y6xiiNHqruA3QA
c7Q00d3q6wEp8AYCBB/pN7wm6AHI1Hhz5r/PaRZt9eJZ+ct5AgMBAAGgADANBgkq
hkiG9w0BAQUFAAOCAQEAQArrnW0Wp89YNP8Wzsb5E2lgUoNuFzoS00sM3083gcKX
csPMtIz3TRwPofDkeFI/X8awjVUhXiIPHhBO3E19K1+uOWRc0Kl6rZBK1aNcu75g
9kNSiT2xWvXjWydGE4/O2ibUJJNJmT43D4Ab3ITVcxoVfv7bPRYmqjBKr7Rjb46v
TsNNhv90K6MuS2A48pBOTPvZ+UKohzKMA1mpl1n+ogjqGUrsorjC868mHl1GdY6l
YV/BRdDqmVyPVdwXr2Hh+U26a5RKmmL2PSq3bFYvSEcXE2sieYNGPT5ydyYCB5CM
4QekC1fbuvMv2PHYb7WsQZfeh8oZa5vrUVtbnjRXag==
-----END CERTIFICATE REQUEST-----