centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-28 23:08:49 +07:00
Code Issues Packages Projects Releases Wiki Activity
Files
a28a30fac0c605aa226e009b18a6a157286f5f39
docker-docs/engine/articles/https/index.html
Misty Stanley-Jones a28a30fac0 Fix broken link by using absolute URL (#2787)
2017-04-14 10:39:00 -07:00

2507 lines
101 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="description" content="How to setup and run Docker with HTTPS">
<meta name="keywords" content="[docker, docs, article, example, https, daemon, tls, ca, certificate]">
<title>Protect the Docker daemon socket </title>
<link rel="shortcut icon" href="https://docs.docker.com/images/favicon.png" type="image/x-icon">
<link rel="stylesheet" href="/dist/assets/css/bootstrap-custom.css"/>
<link rel="stylesheet" href="/dist/assets/css/app.css" />
<link rel="stylesheet" href="/dist/assets/css/bootstrap-custom.css"/>
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/animate.css/3.2.6/animate.min.css">
<link rel="stylesheet" href="../../../css/custom.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="../../../dist/assets/js/modernizr.js"></script>
</head>
<body>
<div class="off-canvas-wrap" data-offcanvas>
<div class="inner-wrap">
<a class="left-off-canvas-toggle" href="#" >
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="35px" height="35px" viewBox="0 0 35 35" enable-background="new 0 0 35 35" xml:space="preserve">
<path fill="#3597D4" d="M30.583,9.328c0,0.752-0.539,1.362-1.203,1.362H5.113c-0.664,0-1.203-0.61-1.203-1.362l0,0
c0-0.752,0.539-1.362,1.203-1.362H29.38C30.045,7.966,30.583,8.576,30.583,9.328L30.583,9.328z"/>
<path fill="#3597D4" d="M30.583,17.09c0,0.752-0.539,1.362-1.203,1.362H5.113c-0.664,0-1.203-0.61-1.203-1.362l0,0
c0-0.752,0.539-1.362,1.203-1.362H29.38C30.045,15.728,30.583,16.338,30.583,17.09L30.583,17.09z"/>
<path fill="#3597D4" d="M30.583,24.387c0,0.752-0.539,1.362-1.203,1.362H5.113c-0.664,0-1.203-0.61-1.203-1.362l0,0
c0-0.752,0.539-1.362,1.203-1.362H29.38C30.045,23.025,30.583,23.635,30.583,24.387L30.583,24.387z"/>
</svg>
</a>
<a class="button secondary small get-started-cta">Get Started</a>
<header class="main-header">
<div class="row">
<div class="large-3 columns">
<a href="../../../"><img class="logo" src="../../../dist/assets/images/logo.png"></a>
</div>
<div class="large-9 columns">
<ul class="nav-global">
<li><a href="https://www.docker.com/support">Support</a></li>
<li><a href="https://training.docker.com/">Training</a></li>
<li><a href="https://docs.docker.com/">Docs</a></li>
<li><a href="http://blog.docker.com/">Blog</a></li>
<li><a href="https://hub.docker.com/">Docker Hub</a></li>
<li><a class="button" href="../../../mac/started/">Get Started</a></li>
</ul>
<ul class="nav-main">
<li><a href="https://www.docker.com/products">Products</a>
<ul>
<li><a href="https://www.docker.com/pricing">Pricing</a></li>
<li><a href="https://www.docker.com/whatisdocker">What is Docker?</a></li>
</ul>
</li>
<li><a href="https://www.docker.com/customers">Customers</a></li>
<li><a href="https://www.docker.com/community">Community</a>
<ul>
<li><a href="https://www.docker.com/community/meetups">Meetups</a></li>
<li><a href="https://www.docker.com/community/events">Events</a></li>
<li><a href="https://forums.docker.com">Forums</a></li>
<li><a href="http://www.scoop.it/t/docker-by-docker">Community News</a></li>
</ul>
</li>
<li><a href="https://www.docker.com/partners">Partners</a>
<ul>
<li><a href="https://www.docker.com/partners/partner-programs">Partner Programs</a></li>
</ul>
</li>
<li><a href="https://www.docker.com/company">Company</a>
<ul>
<li><a href="https://www.docker.com/news-and-press">News &amp; Press</a></li>
<li><a href="https://www.docker.com/work-docker">Work at Docker</a></li>
<li><a href="https://www.docker.com/company/management">Management</a></li>
<li><a href="https://www.docker.com/company/contact">Contact</a></li>
</ul>
</li>
<li><a href="https://www.docker.com/open-source">Open Source</a>
<ul>
<li><a href="https://www.docker.com/contribute">Contribute</a></li>
</ul>
</li>
</ul>
</div>
</div>
</header>
<aside class="left-off-canvas-menu">
<ul class="off-canvas-list">
<li class="has-submenu"><a href="#">Products</a>
<ul class="left-submenu">
<li class="back"><a href="#">Back</a></li>
<li><a href="#">Pricing</a></li>
<li><a href="#">What Is Docker</a></li>
<li><a href="#">Products</a></li>
<li><a href="#">Docker Engine</a></li>
<li><a href="#">Docker Hub</a></li>
<li><a href="#">Docker Registry</a></li>
<li><a href="#">Docker Machine</a></li>
<li><a href="#">Docker Swarm</a></li>
<li><a href="#">Docker Compose</a></li>
<li><a href="#">Kitematic</a></li>
</ul>
</li>
<li><a href="#">Customers</a></li>
<li class="has-submenu"><a href="#">Community</a>
<ul class="left-submenu">
<li class="back"><a href="#">Back</a></li>
<li><a href="#">Community</a></li>
<li><a href="#">Meetups</a></li>
<li><a href="https://www.docker.com/community/events">Events</a></li>
<li><a href="#">Forum</a></li>
<li><a href="#">Scoop.it</a></li>
</ul>
</li>
<li class="has-submenu"><a href="#">Partners</a>
<ul class="left-submenu">
<li class="back"><a href="#">Back</a></li>
<li><a href="#">Partners</a></li>
<li><a href="https://www.docker.com/partners/partner-programs">Partners Programs</a></li>
</ul>
</li>
<li><a href="#">Company</a></li>
<li class="has-submenu"><a href="#">Open Source</a>
<ul class="left-submenu">
<li class="back"><a href="#">Back</a></li>
<li><a href="#">Open Source</a></li>
<li><a href="#">Contribute</a></li>
<li><a href="#">Governance</a></li>
</ul>
</li>
</ul>
<ul class="nav-global-off-canvas">
<li><a href="#">Support</a></li>
<li><a href="#">Training</a></li>
<li><a href="#">Docs</a></li>
<li><a href="#">Blog</a></li>
<li><a href="#">Sign in</a></li>
<li><a href="#">Sign up</a></li>
</ul>
</aside>
<a class="exit-off-canvas"></a>
<div id="docs" class="row">
<div class="large-3 columns">
<section id="multiple" data-accordion-group>
<section data-accordion>
<article data-accordion>
<button data-control> Install</button>
<div data-content>
<article data-accordion>
<button data-control> Docker Engine</button>
<div data-content>
<a data-link href="../../../engine/installation/mac/" class=""> Installation on Mac OS X</a>
<a data-link href="../../../engine/installation/windows/" class=""> Installation on Windows</a>
<article data-accordion>
<button data-control> Linux</button>
<div data-content>
<a data-link href="../../../engine/installation/ubuntulinux/" class=""> Installation on Ubuntu </a>
<a data-link href="../../../engine/installation/rhel/" class=""> Installation on Red Hat Enterprise Linux</a>
<a data-link href="../../../engine/installation/centos/" class=""> Installation on CentOS</a>
<a data-link href="../../../engine/installation/fedora/" class=""> Installation on Fedora</a>
<a data-link href="../../../engine/installation/debian/" class=""> Installation on Debian</a>
<a data-link href="../../../engine/installation/archlinux/" class=""> Installation on Arch Linux</a>
<a data-link href="../../../engine/installation/cruxlinux/" class=""> Installation on CRUX Linux</a>
<a data-link href="../../../engine/installation/frugalware/" class=""> Installation on FrugalWare</a>
<a data-link href="../../../engine/installation/gentoolinux/" class=""> Installation on Gentoo</a>
<a data-link href="../../../engine/installation/oracle/" class=""> Installation on Oracle Linux</a>
<a data-link href="../../../engine/installation/SUSE/" class=""> Installation on openSUSE and SUSE Linux Enterprise</a>
</div>
</article>
<article data-accordion>
<button data-control> Cloud</button>
<div data-content>
<a data-link href="../../../engine/installation/amazon/" class=""> Amazon EC2 Installation</a>
<a data-link href="../../../engine/installation/google/" class=""> Installation on Google Cloud Platform</a>
<a data-link href="../../../engine/installation/softlayer/" class=""> Installation on IBM SoftLayer </a>
<a data-link href="../../../engine/installation/azure/" class=""> Installation on Microsoft Azure platform</a>
<a data-link href="../../../engine/installation/rackspace/" class=""> Installation on Rackspace Cloud</a>
<a data-link href="../../../engine/installation/joyent/" class=""> Joyent Triton Elastic Container Service</a>
</div>
</article>
<a data-link href="../../../engine/installation/binaries/" class=""> Installation from binaries</a>
</div>
</article>
<a data-link href="../../../kitematic/" class=""> Kitematic</a>
<a data-link href="../../../machine/install-machine/" class=""> Docker Machine</a>
<a data-link href="../../../compose/install/" class=""> Docker Compose</a>
<a data-link href="../../../swarm/install-w-machine/" class=""> Docker Swarm</a>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Docker Fundamentals</button>
<div data-content>
<a data-link href="../../../engine/userguide/basics/" class=""> Quickstart containers</a>
<a data-link href="../../../engine/userguide/" class=""> The Docker user guide</a>
<article data-accordion>
<button data-control> Work with Docker Images</button>
<div data-content>
<a data-link href="../../../engine/articles/dockerfile_best-practices/" class=""> Best practices for writing Dockerfiles</a>
<a data-link href="../../../engine/articles/baseimages/" class=""> Create a base image</a>
</div>
</article>
<article data-accordion>
<button data-control> Work with Docker Containers</button>
<div data-content>
<a data-link href="../../../engine/userguide/dockerizing/" class=""> Hello world in a container</a>
<a data-link href="../../../engine/userguide/usingdocker/" class=""> Run a simple application</a>
<a data-link href="../../../engine/userguide/dockerimages/" class=""> Build your own images</a>
<a data-link href="../../../engine/userguide/networkingcontainers/" class=""> Networking containers</a>
<a data-link href="../../../engine/userguide/dockervolumes/" class=""> Manage data in containers</a>
<a data-link href="../../../engine/userguide/dockerrepos/" class=""> Store images on Docker Hub</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker on Windows &amp; OSX</button>
<div data-content>
<a data-link href="../../../engine/articles/dsc/" class=""> PowerShell DSC Usage</a>
</div>
</article>
<article data-accordion>
<button data-control> Use the Kitematic GUI</button>
<div data-content>
<a data-link href="../../../kitematic/userguide/" class=""> Kitematic User Guide: Intro &amp; Overview</a>
<a data-link href="../../../kitematic/nginx-web-server/" class=""> Set up an Nginx web server</a>
<a data-link href="../../../kitematic/minecraft-server/" class=""> Set up a Minecraft Server</a>
<a data-link href="../../../kitematic/rethinkdb-dev-database/" class=""> Creating a Local RethinkDB Database for Development</a>
<a data-link href="../../../kitematic/faq/" class=""> Frequently Asked Questions</a>
<a data-link href="../../../kitematic/known-issues/" class=""> Known Issues</a>
</div>
</article>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Use Docker</button>
<div data-content>
<a data-link href="../../../engine/misc/" class=""> About Docker</a>
<a data-link href="../../../engine/userguide/labels-custom-metadata/" class=""> Apply custom metadata</a>
<a data-link href="../../../engine/misc/deprecated/" class=""> Docker Deprecated Features</a>
<a data-link href="/engine/introduction/understanding-docker/" class=""> Understand the architecture</a>
<article data-accordion>
<button data-control> Provision &amp; set up Docker hosts</button>
<div data-content>
<a data-link href="../../../machine/" class=""> Overview of Docker Machine</a>
<a data-link href="../../../machine/get-started/" class=""> Get started with Docker Machine and a local VM</a>
<a data-link href="../../../machine/get-started-cloud/" class=""> Using Docker Machine with a cloud provider</a>
<a data-link href="../../../machine/migrate-to-machine/" class=""> Migrate from Boot2Docker to Docker Machine</a>
</div>
</article>
<article data-accordion>
<button data-control> Create multi-container applications</button>
<div data-content>
<a data-link href="../../../compose/" class=""> Overview of Docker Compose</a>
<a data-link href="../../../compose/production/" class=""> Using Compose in production</a>
<a data-link href="../../../compose/extends/" class=""> Extending services in Compose</a>
<a data-link href="../../../compose/gettingstarted/" class=""> Getting Started</a>
<a data-link href="../../../compose/django/" class=""> Quickstart Guide: Compose and Django</a>
<a data-link href="../../../compose/rails/" class=""> Quickstart Guide: Compose and Rails</a>
<a data-link href="../../../compose/networking/" class=""> Networking in Compose</a>
<a data-link href="../../../compose/wordpress/" class=""> Quickstart Guide: Compose and WordPress</a>
<a data-link href="../../../compose/completion/" class=""> Command-line Completion</a>
</div>
</article>
<article data-accordion>
<button data-control> Cluster Docker containers</button>
<div data-content>
<a data-link href="../../../swarm/" class=""> Docker Swarm</a>
<a data-link href="../../../swarm/install-manual/" class=""> Create a swarm for development</a>
<a data-link href="../../../swarm/multi-manager-setup/" class=""> High availability in Docker Swarm</a>
<a data-link href="../../../swarm/networking/" class=""> Docker Swarm Networking</a>
<a data-link href="../../../swarm/discovery/" class=""> Docker Swarm discovery</a>
<a data-link href="../../../swarm/scheduler/filter/" class=""> Docker Swarm filters</a>
<a data-link href="../../../swarm/scheduler/strategy/" class=""> Docker Swarm strategies</a>
</div>
</article>
<article data-accordion>
<button data-control> Administrate Docker</button>
<div data-content>
<a data-link href="../../../engine/articles/host_integration/" class=""> Automatically start containers</a>
<a data-link href="../../../engine/articles/security/" class=""> Docker security</a>
<a data-link href="../../../engine/articles/configuring/" class=""> Configuring and running Docker</a>
<a data-link href="../../../engine/articles/runmetrics/" class=""> Runtime metrics</a>
<a data-link href="../../../engine/articles/https/" class=" active"> Protect the Docker daemon socket</a>
<a data-link href="../../../engine/articles/ambassador_pattern_linking/" class=""> Link via an ambassador container</a>
<a data-link href="../../../engine/articles/systemd/" class=""> Control and configure Docker with systemd</a>
<article data-accordion>
<button data-control> Logging</button>
<div data-content>
<a data-link href="../../../engine/reference/logging/overview/" class=""> Configuring Logging Drivers</a>
<a data-link href="../../../engine/reference/logging/awslogs/" class=""> Amazon CloudWatch Logs logging driver</a>
<a data-link href="../../../engine/reference/logging/log_tags/" class=""> Log tags for logging driver</a>
<a data-link href="../../../engine/reference/logging/fluentd/" class=""> Fluentd logging driver</a>
<a data-link href="../../../engine/reference/logging/splunk/" class=""> Splunk logging driver</a>
<a data-link href="../../../engine/reference/logging/journald/" class=""> journald logging driver</a>
</div>
</article>
<article data-accordion>
<button data-control> Applications and Services</button>
<div data-content>
<a data-link href="../../../engine/examples/running_riak_service/" class=""> Dockerizing a Riak service</a>
<a data-link href="../../../engine/examples/running_ssh_service/" class=""> Dockerizing an SSH service</a>
</div>
</article>
<article data-accordion>
<button data-control> Integrate with Third-party Tools</button>
<div data-content>
<a data-link href="../../../engine/articles/cfengine_process_management/" class=""> Process management with CFEngine</a>
<a data-link href="../../../engine/articles/chef/" class=""> Using Chef</a>
<a data-link href="../../../engine/articles/puppet/" class=""> Using Puppet</a>
<a data-link href="../../../engine/articles/using_supervisord/" class=""> Using Supervisor with Docker</a>
</div>
</article>
</div>
</article>
<article data-accordion>
<button data-control> Docker storage drivers</button>
<div data-content>
<a data-link href="../../../engine/userguide/storagedriver/imagesandcontainers/" class=""> Understand images, containers, and storage drivers</a>
<a data-link href="../../../engine/userguide/storagedriver/selectadriver/" class=""> Select a storage driver</a>
<a data-link href="../../../engine/userguide/storagedriver/aufs-driver/" class=""> AUFS storage driver in practice</a>
<a data-link href="../../../engine/userguide/storagedriver/btrfs-driver/" class=""> BTRFS storage in practice</a>
<a data-link href="../../../engine/userguide/storagedriver/device-mapper-driver/" class=""> Device mapper storage in practice</a>
<a data-link href="../../../engine/userguide/storagedriver/overlayfs-driver/" class=""> OverlayFS storage in practice</a>
<a data-link href="../../../engine/userguide/storagedriver/zfs-driver/" class=""> ZFS storage in practice</a>
</div>
</article>
<article data-accordion>
<button data-control> Network configuration</button>
<div data-content>
<a data-link href="../../../engine/userguide/networking/dockernetworks/" class=""> Docker container networking</a>
<a data-link href="../../../engine/userguide/networking/work-with-networks/" class=""> Work with network commands</a>
<a data-link href="../../../engine/userguide/networking/get-started-overlay/" class=""> Get started with multi-host networking</a>
<article data-accordion>
<button data-control> Default bridge network</button>
<div data-content>
<a data-link href="../../../engine/userguide/networking/default_network/dockerlinks/" class=""> Legacy container links</a>
<a data-link href="../../../engine/userguide/networking/default_network/binding/" class=""> Bind container ports to the host</a>
<a data-link href="../../../engine/userguide/networking/default_network/build-bridges/" class=""> Build your own bridge</a>
<a data-link href="../../../engine/userguide/networking/default_network/configure-dns/" class=""> Configure container DNS</a>
<a data-link href="../../../engine/userguide/networking/default_network/custom-docker0/" class=""> Customize the docker0 bridge</a>
<a data-link href="../../../engine/userguide/networking/default_network/container-communication/" class=""> Understand container communication</a>
<a data-link href="../../../engine/userguide/networking/default_network/ipv6/" class=""> IPv6 with Docker</a>
</div>
</article>
</div>
</article>
<article data-accordion>
<button data-control> Applied Docker</button>
<div data-content>
<a data-link href="../../../engine/examples/mongodb/" class=""> Dockerizing MongoDB</a>
<a data-link href="../../../engine/examples/postgresql_service/" class=""> Dockerizing PostgreSQL</a>
<a data-link href="../../../engine/examples/couchdb_data_volumes/" class=""> Dockerizing a CouchDB service</a>
<a data-link href="../../../engine/examples/nodejs_web_app/" class=""> Dockerizing a Node.js web app</a>
<a data-link href="../../../engine/examples/running_redis_service/" class=""> Dockerizing a Redis service</a>
<a data-link href="../../../engine/examples/apt-cacher-ng/" class=""> Dockerizing an apt-cacher-ng service</a>
</div>
</article>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Manage image repositories</button>
<div data-content>
<a data-link href="../../../engine/userguide/image_management/" class=""> Image management</a>
<article data-accordion>
<button data-control> Docker Hub</button>
<div data-content>
<a data-link href="../../../docker-hub/" class=""> Introducing Docker Hub</a>
<a data-link href="../../../docker-hub/accounts/" class=""> Your Docker Hub account</a>
<a data-link href="../../../docker-hub/repos/" class=""> Repositories on Docker Hub</a>
<a data-link href="../../../docker-hub/builds/" class=""> Automated Builds on Docker Hub</a>
<a data-link href="../../../docker-hub/github/" class=""> Automated Builds from GitHub</a>
<a data-link href="../../../docker-hub/bitbucket/" class=""> Automated Builds with Bitbucket</a>
<a data-link href="../../../docker-hub/orgs/" class=""> Teams &amp; Organizations</a>
<a data-link href="../../../docker-hub/official_repos/" class=""> Official Repositories on Docker Hub</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker Trusted Registry</button>
<div data-content>
<a data-link href="../../../docker-trusted-registry/" class=""> Overview</a>
<article data-accordion>
<button data-control> Trusted Registry installation overview</button>
<div data-content>
<a data-link href="../../../docker-trusted-registry/install/dtr-ami-byol-launch/" class=""> Install Docker Subscription for AWS (BYOL))</a>
<a data-link href="../../../docker-trusted-registry/install/engine-ami-launch/" class=""> Install Docker Engine for AWS AMI (BDS)</a>
<a data-link href="../../../docker-trusted-registry/install/dtr-ami-bds-launch/" class=""> Install Trusted Registry for AWS AMI (BDS)</a>
<a data-link href="../../../docker-trusted-registry/install/install-csengine/" class=""> Manually Install the CS Docker Engine</a>
<a data-link href="../../../docker-trusted-registry/install/install-dtr/" class=""> Manually install Trusted Registry</a>
<a data-link href="../../../docker-trusted-registry/install/upgrade/" class=""> Upgrade Trusted Registry and CS Engine</a>
</div>
</article>
<a data-link href="../../../docker-trusted-registry/quick-start/" class=""> Quick-start: Basic Workflow</a>
<a data-link href="../../../docker-trusted-registry/userguide/" class=""> User guide</a>
<a data-link href="../../../docker-trusted-registry/adminguide/" class=""> Admin guide</a>
<a data-link href="../../../docker-trusted-registry/configuration/" class=""> Configuration options</a>
<a data-link href="../../../docker-trusted-registry/license/" class=""> Trusted Registry License</a>
<article data-accordion>
<button data-control> DTR APIs</button>
<div data-content>
<a data-link href="../../../docker-trusted-registry/api/" class=""> Docker Trusted Registry Accounts &amp; Repos API: Intro &amp; Overview</a>
<a data-link href="../../../docker-trusted-registry/api/dtr_1_3_accounts/" class=""> Docker Trusted Registry Accounts API</a>
<a data-link href="../../../docker-trusted-registry/api/dtr_1_3_teams/" class=""> Docker Trusted Registry User and Org API</a>
<a data-link href="../../../docker-trusted-registry/api/dtr_1_3_repositories/" class=""> Docker Trusted Registry Repository API</a>
<a data-link href="../../../docker-trusted-registry/api/dtr_1_3_user_repo_access/" class=""> Docker Trusted Registry User Repository API</a>
<a data-link href="../../../docker-trusted-registry/api/dtr_1_3_team_repo_access/" class=""> Docker Trusted Registry Org Repository API</a>
<a data-link href="../../../docker-trusted-registry/api/dtr_1_3_team_repo_namespace_access/" class=""> Docker Trusted Registry Org Namespace API</a>
</div>
</article>
<a data-link href="../../../docker-trusted-registry/support/" class=""> Support</a>
<a data-link href="../../../docker-trusted-registry/release-notes/" class=""> Release notes</a>
<a data-link href="../../../docker-trusted-registry/prior-release-notes/" class=""> Prior release notes archive</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker Registry</button>
<div data-content>
<a data-link href="../../../registry/" class=""> Docker Registry</a>
<a data-link href="../../../registry/introduction/" class=""> Understanding the Registry</a>
<a data-link href="../../../registry/deploying/" class=""> Deploying a registry server</a>
<a data-link href="../../../registry/configuration/" class=""> Configuring a registry</a>
<a data-link href="../../../registry/notifications/" class=""> Working with notifications</a>
<a data-link href="../../../registry/help/" class=""> Getting help</a>
</div>
</article>
<article data-accordion>
<button data-control> Use trusted images</button>
<div data-content>
<a data-link href="../../../engine/security/trust/content_trust/" class=""> Content trust in Docker</a>
<a data-link href="../../../engine/security/trust/trust_automation/" class=""> Automation with content trust</a>
<a data-link href="../../../engine/security/trust/trust_key_mng/" class=""> Manage keys for content trust</a>
<a data-link href="../../../engine/security/trust/trust_sandbox/" class=""> Play in a content trust sandbox</a>
</div>
</article>
<a data-link href="../../../engine/articles/certificates/" class=""> Using certificates for repository client verification</a>
<a data-link href="../../../engine/articles/registry_mirror/" class=""> Run a local registry mirror</a>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Extend Docker</button>
<div data-content>
<a data-link href="../../../engine/extend/plugins_network/" class=""> Docker network driver plugins</a>
<a data-link href="../../../engine/extend/plugins/" class=""> Extending Docker with plugins</a>
<a data-link href="../../../engine/extend/plugins_volume/" class=""> Volume plugins</a>
<a data-link href="../../../engine/extend/plugin_api/" class=""> Plugins API</a>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Command and API references</button>
<div data-content>
<a data-link href="../../../engine/reference/run/" class=""> Docker run reference</a>
<a data-link href="../../../engine/reference/builder/" class=""> Dockerfile reference</a>
<a data-link href="../../../engine/reference/api/remote_api_client_libraries/" class=""> Remote API client libraries</a>
<article data-accordion>
<button data-control> Using the command line</button>
<div data-content>
<a data-link href="../../../engine/reference/commandline/cli/" class=""> Use the Docker command line</a>
<a data-link href="../../../engine/reference/commandline/daemon/" class=""> daemon</a>
<a data-link href="../../../engine/reference/commandline/attach/" class=""> attach</a>
<a data-link href="../../../engine/reference/commandline/build/" class=""> build</a>
<a data-link href="../../../engine/reference/commandline/commit/" class=""> commit</a>
<a data-link href="../../../engine/reference/commandline/cp/" class=""> cp</a>
<a data-link href="../../../engine/reference/commandline/create/" class=""> create</a>
<a data-link href="../../../engine/reference/commandline/diff/" class=""> diff</a>
<a data-link href="../../../engine/reference/commandline/events/" class=""> events</a>
<a data-link href="../../../engine/reference/commandline/exec/" class=""> exec</a>
<a data-link href="../../../engine/reference/commandline/export/" class=""> export</a>
<a data-link href="../../../engine/reference/commandline/history/" class=""> history</a>
<a data-link href="../../../engine/reference/commandline/images/" class=""> images</a>
<a data-link href="../../../engine/reference/commandline/import/" class=""> import</a>
<a data-link href="../../../engine/reference/commandline/info/" class=""> info</a>
<a data-link href="../../../engine/reference/commandline/inspect/" class=""> inspect</a>
<a data-link href="../../../engine/reference/commandline/kill/" class=""> kill</a>
<a data-link href="../../../engine/reference/commandline/load/" class=""> load</a>
<a data-link href="../../../engine/reference/commandline/login/" class=""> login</a>
<a data-link href="../../../engine/reference/commandline/logout/" class=""> logout</a>
<a data-link href="../../../engine/reference/commandline/logs/" class=""> logs</a>
<a data-link href="../../../engine/reference/commandline/network_connect/" class=""> network connect</a>
<a data-link href="../../../engine/reference/commandline/network_create/" class=""> network create</a>
<a data-link href="../../../engine/reference/commandline/network_disconnect/" class=""> network disconnect</a>
<a data-link href="../../../engine/reference/commandline/network_inspect/" class=""> network inspect</a>
<a data-link href="../../../engine/reference/commandline/network_ls/" class=""> network ls</a>
<a data-link href="../../../engine/reference/commandline/network_rm/" class=""> network rm</a>
<a data-link href="../../../engine/reference/commandline/pause/" class=""> pause</a>
<a data-link href="../../../engine/reference/commandline/port/" class=""> port</a>
<a data-link href="../../../engine/reference/commandline/ps/" class=""> ps</a>
<a data-link href="../../../engine/reference/commandline/pull/" class=""> pull</a>
<a data-link href="../../../engine/reference/commandline/push/" class=""> push</a>
<a data-link href="../../../engine/reference/commandline/rename/" class=""> rename</a>
<a data-link href="../../../engine/reference/commandline/restart/" class=""> restart</a>
<a data-link href="../../../engine/reference/commandline/rm/" class=""> rm</a>
<a data-link href="../../../engine/reference/commandline/rmi/" class=""> rmi</a>
<a data-link href="../../../engine/reference/commandline/run/" class=""> run</a>
<a data-link href="../../../engine/reference/commandline/save/" class=""> save</a>
<a data-link href="../../../engine/reference/commandline/search/" class=""> search</a>
<a data-link href="../../../engine/reference/commandline/start/" class=""> start</a>
<a data-link href="../../../engine/reference/commandline/stats/" class=""> stats</a>
<a data-link href="../../../engine/reference/commandline/stop/" class=""> stop</a>
<a data-link href="../../../engine/reference/commandline/tag/" class=""> tag</a>
<a data-link href="../../../engine/reference/commandline/top/" class=""> top</a>
<a data-link href="../../../engine/reference/commandline/unpause/" class=""> unpause</a>
<a data-link href="../../../engine/reference/commandline/version/" class=""> version</a>
<a data-link href="../../../engine/reference/commandline/volume_create/" class=""> volume create</a>
<a data-link href="../../../engine/reference/commandline/volume_inspect/" class=""> volume inspect</a>
<a data-link href="../../../engine/reference/commandline/volume_ls/" class=""> volume ls</a>
<a data-link href="../../../engine/reference/commandline/volume_rm/" class=""> volume rm</a>
<a data-link href="../../../engine/reference/commandline/wait/" class=""> wait</a>
</div>
</article>
<a data-link href="../../../engine/reference/api/docker_io_accounts_api/" class=""> docker.io accounts API</a>
<article data-accordion>
<button data-control> Docker Remote API</button>
<div data-content>
<a data-link href="../../../engine/reference/api/docker_remote_api/" class=""> Remote API</a>
<a data-link href="../../../engine/reference/api/docker_remote_api_v1.21/" class=""> Remote API v1.21</a>
<a data-link href="../../../engine/reference/api/docker_remote_api_v1.20/" class=""> Remote API v1.20</a>
<a data-link href="../../../engine/reference/api/docker_remote_api_v1.19/" class=""> Remote API v1.19</a>
<a data-link href="../../../engine/reference/api/docker_remote_api_v1.18/" class=""> Remote API v1.18</a>
<a data-link href="../../../engine/reference/api/docker_remote_api_v1.17/" class=""> Remote API v1.17</a>
<a data-link href="../../../engine/reference/api/docker_remote_api_v1.16/" class=""> Remote API v1.16</a>
<a data-link href="../../../engine/reference/api/docker_remote_api_v1.15/" class=""> Remote API v1.15</a>
<a data-link href="../../../engine/reference/api/docker_remote_api_v1.14/" class=""> Remote API v1.14</a>
<a data-link href="../../../engine/reference/api/docker-io_api/" class=""> Docker Hub API</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker Hub</button>
<div data-content>
<a data-link href="../../../engine/reference/api/hub_registry_spec/" class=""> The Docker Hub and the Registry v1</a>
</div>
</article>
<a data-link href="../../../docker-trusted-registry/api/dtr_api/" class=""> Docker Trusted Registry</a>
<article data-accordion>
<button data-control> Docker Compose Reference</button>
<div data-content>
<article data-accordion>
<button data-control> Compose CLI reference</button>
<div data-content>
<a data-link href="../../../compose/reference/overview/" class=""> Introduction to the CLI</a>
<a data-link href="../../../compose/reference/docker-compose/" class=""> docker-compose</a>
<a data-link href="../../../compose/reference/build/" class=""> build</a>
<a data-link href="../../../compose/reference/help/" class=""> help</a>
<a data-link href="../../../compose/reference/kill/" class=""> kill</a>
<a data-link href="../../../compose/reference/logs/" class=""> logs</a>
<a data-link href="../../../compose/reference/pause/" class=""> pause</a>
<a data-link href="../../../compose/reference/port/" class=""> port</a>
<a data-link href="../../../compose/reference/ps/" class=""> ps</a>
<a data-link href="../../../compose/reference/pull/" class=""> pull</a>
<a data-link href="../../../compose/reference/restart/" class=""> restart</a>
<a data-link href="../../../compose/reference/rm/" class=""> rm</a>
<a data-link href="../../../compose/reference/run/" class=""> run</a>
<a data-link href="../../../compose/reference/scale/" class=""> scale</a>
<a data-link href="../../../compose/reference/start/" class=""> start</a>
<a data-link href="../../../compose/reference/stop/" class=""> stop</a>
<a data-link href="../../../compose/reference/unpause/" class=""> unpause</a>
<a data-link href="../../../compose/reference/up/" class=""> up</a>
</div>
</article>
<a data-link href="../../../compose/compose-file/" class=""> Compose file reference</a>
<a data-link href="../../../compose/env/" class=""> Compose environment variables reference</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker Machine Reference</button>
<div data-content>
<article data-accordion>
<button data-control> Drivers</button>
<div data-content>
<a data-link href="../../../machine/drivers/os-base/" class=""> Driver options and operating system defaults</a>
<a data-link href="../../../machine/drivers/aws/" class=""> Amazon Web Services</a>
<a data-link href="../../../machine/drivers/digital-ocean/" class=""> Digital Ocean</a>
<a data-link href="../../../machine/drivers/generic/" class=""> Generic</a>
<a data-link href="../../../machine/drivers/gce/" class=""> Google Compute Engine</a>
<a data-link href="../../../machine/drivers/soft-layer/" class=""> IBM Softlayer</a>
<a data-link href="../../../machine/drivers/azure/" class=""> Microsoft Azure</a>
<a data-link href="../../../machine/drivers/hyper-v/" class=""> Microsoft Hyper-V</a>
<a data-link href="../../../machine/drivers/openstack/" class=""> OpenStack</a>
<a data-link href="../../../machine/drivers/virtualbox/" class=""> Oracle VirtualBox</a>
<a data-link href="../../../machine/drivers/rackspace/" class=""> Rackspace</a>
<a data-link href="../../../machine/drivers/vm-fusion/" class=""> VMware Fusion</a>
<a data-link href="../../../machine/drivers/vm-cloud/" class=""> VMware vCloud Air</a>
<a data-link href="../../../machine/drivers/vsphere/" class=""> VMware vSphere</a>
<a data-link href="../../../machine/drivers/exoscale/" class=""> exoscale</a>
</div>
</article>
<article data-accordion>
<button data-control> Subcommands</button>
<div data-content>
<a data-link href="../../../machine/reference/active/" class=""> active</a>
<a data-link href="../../../machine/reference/config/" class=""> config</a>
<a data-link href="../../../machine/reference/create/" class=""> create</a>
<a data-link href="../../../machine/reference/env/" class=""> env</a>
<a data-link href="../../../machine/reference/help/" class=""> help</a>
<a data-link href="../../../machine/reference/inspect/" class=""> inspect</a>
<a data-link href="../../../machine/reference/ip/" class=""> ip</a>
<a data-link href="../../../machine/reference/kill/" class=""> kill</a>
<a data-link href="../../../machine/reference/ls/" class=""> ls</a>
<a data-link href="../../../machine/reference/regenerate-certs/" class=""> regenerate-certs</a>
<a data-link href="../../../machine/reference/restart/" class=""> restart</a>
<a data-link href="../../../machine/reference/rm/" class=""> rm</a>
<a data-link href="../../../machine/reference/scp/" class=""> scp</a>
<a data-link href="../../../machine/reference/ssh/" class=""> ssh</a>
<a data-link href="../../../machine/reference/start/" class=""> start</a>
<a data-link href="../../../machine/reference/status/" class=""> status</a>
<a data-link href="../../../machine/reference/stop/" class=""> stop</a>
<a data-link href="../../../machine/reference/upgrade/" class=""> upgrade</a>
<a data-link href="../../../machine/reference/url/" class=""> url</a>
</div>
</article>
</div>
</article>
<article data-accordion>
<button data-control> Docker Swarm Reference</button>
<div data-content>
<a data-link href="../../../swarm/api/swarm-api/" class=""> Docker Swarm API</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker Registry Reference</button>
<div data-content>
<a data-link href="../../../registry/spec/api/" class=""> HTTP API V2</a>
<a data-link href="../../../registry/storagedrivers/" class=""> Storage Drivers</a>
<a data-link href="../../../registry/spec/auth/jwt/" class=""> Token Authentication Implementation</a>
<a data-link href="../../../registry/spec/auth/token/" class=""> Token Authentication Specification</a>
</div>
</article>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Open Source at Docker</button>
<div data-content>
<a data-link href="../../../opensource/code/" class=""> Quickstart contribution</a>
<article data-accordion>
<button data-control> Set up for Engine Development</button>
<div data-content>
<a data-link href="../../../opensource/project/who-written-for/" class=""> README first</a>
<a data-link href="../../../opensource/project/software-required/" class=""> Get the required software</a>
<a data-link href="../../../opensource/project/software-req-win/" class=""> Set up for development on Windows</a>
<a data-link href="../../../opensource/project/set-up-git/" class=""> Configure Git for contributing</a>
<a data-link href="../../../opensource/project/set-up-dev-env/" class=""> Work with a development container</a>
<a data-link href="../../../opensource/project/test-and-docs/" class=""> Run tests and test documentation</a>
</div>
</article>
<article data-accordion>
<button data-control> Contribution workflow</button>
<div data-content>
<a data-link href="../../../opensource/workflow/make-a-contribution/" class=""> Understand how to contribute</a>
<a data-link href="../../../opensource/workflow/find-an-issue/" class=""> Find and claim an issue</a>
<a data-link href="../../../opensource/workflow/work-issue/" class=""> Work on your issue</a>
<a data-link href="../../../opensource/workflow/create-pr/" class=""> Create a pull request (PR)</a>
<a data-link href="../../../opensource/workflow/review-pr/" class=""> Participate in the PR review</a>
<a data-link href="../../../opensource/workflow/advanced-contributing/" class=""> Advanced contributing</a>
<a data-link href="../../../opensource/workflow/coding-style/" class=""> Coding style checklist</a>
</div>
</article>
<article data-accordion>
<button data-control> Other ways to contribute</button>
<div data-content>
<a data-link href="../../../opensource/ways/meetups/" class=""> Organize a Docker Meetup</a>
<a data-link href="../../../opensource/ways/issues/" class=""> Organize our issues</a>
<a data-link href="../../../opensource/ways/community/" class=""> Support the community</a>
<a data-link href="../../../opensource/ways/test/" class=""> Testing contributions</a>
</div>
</article>
<article data-accordion>
<button data-control> Governance</button>
<div data-content>
<a data-link href="../../../opensource/governance/dgab-info/" class=""> Docker Governance Advisory Board</a>
<a data-link href="../../../opensource/governance/board-profiles/" class=""> Board member profiles</a>
<a data-link href="../../../opensource/governance/conduct-code/" class=""> Code of conduct</a>
</div>
</article>
<a data-link href="../../../opensource/FAQ/" class=""> FAQ for contributors</a>
<a data-link href="../../../opensource/get-help/" class=""> Where to chat or get help</a>
<a data-link href="../../../opensource/doc-style/" class=""> Style guide for Docker documentation</a>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> About</button>
<div data-content>
<a data-link href="../../../release-notes/" class=""> Docker Release Notes</a>
<a data-link href="../../../engine/misc/faq/" class=""> FAQ</a>
<a data-link href="../../../engine/reference/glossary/" class=""> Docker Glossary</a>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button style="visibility: hidden" data-control> Docs archive</button>
<div data-content>
<a data-link href="http://docs.docker.com/v1.7/" class=""> Version 1.7</a>
<a data-link href="http://docs.docker.com/v1.6/" class=""> Version 1.6</a>
<a data-link href="http://docs.docker.com/v1.5/" class=""> Version 1.5</a>
<a data-link href="http://docs.docker.com/v1.4/" class=""> Version 1.4</a>
</div>
</article>
</section>
</section>
<script>
$(document).ready(function () {
var $activeLink = $('#multiple [data-link].active');
var $accordions = $activeLink.parents('article[data-accordion]');
$($accordions.get().reverse()).each(function (index, accordion) {
var $accordion = $(accordion);
var $content = $accordion.find('[data-content]');
$accordion.addClass('open');
$content.css({'max-height': '100%'});
});
});
</script>
</div>
<div class="large-6 columns">
<section id="main">
<article id="content">
<h1 id="protect-the-docker-daemon-socket">Protect the Docker daemon socket</h1>
<p>By default, Docker runs via a non-networked Unix socket. It can also
optionally communicate using a HTTP socket.</p>
<p>If you need Docker to be reachable via the network in a safe manner, you can
enable TLS by specifying the <code>tlsverify</code> flag and pointing Docker&rsquo;s
<code>tlscacert</code> flag to a trusted CA certificate.</p>
<p>In the daemon mode, it will only allow connections from clients
authenticated by a certificate signed by that CA. In the client mode,
it will only connect to servers with a certificate signed by that CA.</p>
<blockquote>
<p><strong>Warning</strong>:
Using TLS and managing a CA is an advanced topic. Please familiarize yourself
with OpenSSL, x509 and TLS before using it in production.</p>
<p><strong>Warning</strong>:
These TLS commands will only generate a working set of certificates on Linux.
Mac OS X comes with a version of OpenSSL that is incompatible with the
certificates that Docker requires.</p>
</blockquote>
<h2 id="create-a-ca-server-and-client-keys-with-openssl">Create a CA, server and client keys with OpenSSL</h2>
<blockquote>
<p><strong>Note</strong>: replace all instances of <code>$HOST</code> in the following example with the
DNS name of your Docker daemon&rsquo;s host.</p>
</blockquote>
<p>First generate CA private and public keys:</p>
<pre><code>$ openssl genrsa -aes256 -out ca-key.pem 4096
Generating RSA private key, 4096 bit long modulus
............................................................................................................................................................................................++
........++
e is 65537 (0x10001)
Enter pass phrase for ca-key.pem:
Verifying - Enter pass phrase for ca-key.pem:
$ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
Enter pass phrase for ca-key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:Queensland
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Docker Inc
Organizational Unit Name (eg, section) []:Sales
Common Name (e.g. server FQDN or YOUR name) []:$HOST
Email Address []:Sven@home.org.au
</code></pre>
<p>Now that we have a CA, you can create a server key and certificate
signing request (CSR). Make sure that &ldquo;Common Name&rdquo; (i.e., server FQDN or YOUR
name) matches the hostname you will use to connect to Docker:</p>
<blockquote>
<p><strong>Note</strong>: replace all instances of <code>$HOST</code> in the following example with the
DNS name of your Docker daemon&rsquo;s host.</p>
</blockquote>
<pre><code>$ openssl genrsa -out server-key.pem 4096
Generating RSA private key, 4096 bit long modulus
.....................................................................++
.................................................................................................++
e is 65537 (0x10001)
$ openssl req -subj &quot;/CN=$HOST&quot; -sha256 -new -key server-key.pem -out server.csr
</code></pre>
<p>Next, we&rsquo;re going to sign the public key with our CA:</p>
<p>Since TLS connections can be made via IP address as well as DNS name, they need
to be specified when creating the certificate. For example, to allow connections
using <code>10.10.10.20</code> and <code>127.0.0.1</code>:</p>
<pre><code>$ echo subjectAltName = IP:10.10.10.20,IP:127.0.0.1 &gt; extfile.cnf
$ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf
Signature ok
subject=/CN=your.host.com
Getting CA Private Key
Enter pass phrase for ca-key.pem:
</code></pre>
<p>For client authentication, create a client key and certificate signing
request:</p>
<pre><code>$ openssl genrsa -out key.pem 4096
Generating RSA private key, 4096 bit long modulus
.........................................................++
................++
e is 65537 (0x10001)
$ openssl req -subj '/CN=client' -new -key key.pem -out client.csr
</code></pre>
<p>To make the key suitable for client authentication, create an extensions
config file:</p>
<pre><code>$ echo extendedKeyUsage = clientAuth &gt; extfile.cnf
</code></pre>
<p>Now sign the public key:</p>
<pre><code>$ openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out cert.pem -extfile extfile.cnf
Signature ok
subject=/CN=client
Getting CA Private Key
Enter pass phrase for ca-key.pem:
</code></pre>
<p>After generating <code>cert.pem</code> and <code>server-cert.pem</code> you can safely remove the
two certificate signing requests:</p>
<pre><code>$ rm -v client.csr server.csr
</code></pre>
<p>With a default <code>umask</code> of 022, your secret keys will be <em>world-readable</em> and
writable for you and your group.</p>
<p>In order to protect your keys from accidental damage, you will want to remove their
write permissions. To make them only readable by you, change file modes as follows:</p>
<pre><code>$ chmod -v 0400 ca-key.pem key.pem server-key.pem
</code></pre>
<p>Certificates can be world-readable, but you might want to remove write access to
prevent accidental damage:</p>
<pre><code>$ chmod -v 0444 ca.pem server-cert.pem cert.pem
</code></pre>
<p>Now you can make the Docker daemon only accept connections from clients
providing a certificate trusted by our CA:</p>
<pre><code>$ docker daemon --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \
-H=0.0.0.0:2376
</code></pre>
<p>To be able to connect to Docker and validate its certificate, you now
need to provide your client keys, certificates and trusted CA:</p>
<blockquote>
<p><strong>Note</strong>: replace all instances of <code>$HOST</code> in the following example with the
DNS name of your Docker daemon&rsquo;s host.</p>
</blockquote>
<pre><code>$ docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \
-H=$HOST:2376 version
</code></pre>
<blockquote>
<p><strong>Note</strong>:
Docker over TLS should run on TCP port 2376.</p>
<p><strong>Warning</strong>:
As shown in the example above, you don&rsquo;t have to run the <code>docker</code> client
with <code>sudo</code> or the <code>docker</code> group when you use certificate authentication.
That means anyone with the keys can give any instructions to your Docker
daemon, giving them root access to the machine hosting the daemon. Guard
these keys as you would a root password!</p>
</blockquote>
<h2 id="secure-by-default">Secure by default</h2>
<p>If you want to secure your Docker client connections by default, you can move
the files to the <code>.docker</code> directory in your home directory &ndash; and set the
<code>DOCKER_HOST</code> and <code>DOCKER_TLS_VERIFY</code> variables as well (instead of passing
<code>-H=tcp://$HOST:2376</code> and <code>--tlsverify</code> on every call).</p>
<pre><code>$ mkdir -pv ~/.docker
$ cp -v {ca,cert,key}.pem ~/.docker
$ export DOCKER_HOST=tcp://$HOST:2376 DOCKER_TLS_VERIFY=1
</code></pre>
<p>Docker will now connect securely by default:</p>
<pre><code>$ docker ps
</code></pre>
<h2 id="other-modes">Other modes</h2>
<p>If you don&rsquo;t want to have complete two-way authentication, you can run
Docker in various other modes by mixing the flags.</p>
<h3 id="daemon-modes">Daemon modes</h3>
<ul>
<li><code>tlsverify</code>, <code>tlscacert</code>, <code>tlscert</code>, <code>tlskey</code> set: Authenticate clients</li>
<li><code>tls</code>, <code>tlscert</code>, <code>tlskey</code>: Do not authenticate clients</li>
</ul>
<h3 id="client-modes">Client modes</h3>
<ul>
<li><code>tls</code>: Authenticate server based on public/default CA pool</li>
<li><code>tlsverify</code>, <code>tlscacert</code>: Authenticate server based on given CA</li>
<li><code>tls</code>, <code>tlscert</code>, <code>tlskey</code>: Authenticate with client certificate, do not
authenticate server based on given CA</li>
<li><code>tlsverify</code>, <code>tlscacert</code>, <code>tlscert</code>, <code>tlskey</code>: Authenticate with client
certificate and authenticate server based on given CA</li>
</ul>
<p>If found, the client will send its client certificate, so you just need
to drop your keys into <code>~/.docker/{ca,cert,key}.pem</code>. Alternatively,
if you want to store your keys in another location, you can specify that
location using the environment variable <code>DOCKER_CERT_PATH</code>.</p>
<pre><code>$ export DOCKER_CERT_PATH=~/.docker/zone1/
$ docker --tlsverify ps
</code></pre>
<h3 id="connecting-to-the-secure-docker-port-using-curl">Connecting to the secure Docker port using <code>curl</code></h3>
<p>To use <code>curl</code> to make test API requests, you need to use three extra command line
flags:</p>
<pre><code>$ curl https://$HOST:2376/images/json \
--cert ~/.docker/cert.pem \
--key ~/.docker/key.pem \
--cacert ~/.docker/ca.pem
</code></pre>
</article>
</section>
</div>
<div id="toc" class="large-3 columns toc ">
On this page:
<nav id="TableOfContents">
<ul>
<li><a href="#protect-the-docker-daemon-socket">Protect the Docker daemon socket</a>
<ul>
<li><a href="#create-a-ca-server-and-client-keys-with-openssl">Create a CA, server and client keys with OpenSSL</a></li>
<li><a href="#secure-by-default">Secure by default</a></li>
<li><a href="#other-modes">Other modes</a>
<ul>
<li><a href="#daemon-modes">Daemon modes</a></li>
<li><a href="#client-modes">Client modes</a></li>
<li><a href="#connecting-to-the-secure-docker-port-using-curl">Connecting to the secure Docker port using <code>curl</code></a></li>
</ul></li>
</ul></li>
</ul>
</nav>
</div>
</div>
<footer class="main-footer">
<div class="row">
</div>
<div class="row">
</div>
<div id="buildinfo">
Nov 3, 2015 at 7:59pm (PST)
{
"docker/compose": {
"ref": "docs",
"repos": [
"git@github.com:docker/compose.git"
],
"sha": "9c8173dbfda93baef214359991b6a8a54172f6ae"
},
"docker/docker-hub": {
"ref": "master",
"repos": [
"git@github.com:docker/hub2-demo.git"
],
"sha": "4b2e522c81c860d63b126342a6b981ac0ff1605c"
},
"docker/docker-trusted-registry": {
"ref": "docs",
"repos": [
"git@github.com:docker/dhe-deploy.git"
],
"sha": "b8988465878952f2e2c2472e8fc5fd35e5975fbf"
},
"docker/docs-base": {
"ref": "hugo-github-linking",
"repos": [
"git@github.com:docker/docs-base.git"
],
"sha": "dc98c0381a6cc311c9e3189dc78a3c7e62e5a205"
},
"docker/engine": {
"ref": "master",
"repos": [
"git@github.com:docker/docker.git"
],
"sha": "474b16af8ecfe94ec635dfac60025348d3186aa3"
},
"docker/machine": {
"ref": "master",
"repos": [
"git@github.com:docker/machine.git"
],
"sha": "786437901c0c883ecb59c1e0531654c1d89b326d"
},
"docker/opensource": {
"ref": "master",
"repos": [
"git@github.com:docker/opensource.git"
],
"sha": "0cd99bcdd876ca0293d8944980c79f32064b6354"
},
"docker/registry": {
"ref": "master",
"repos": [
"git@github.com:docker/distribution.git"
],
"sha": "a9da0e510032314910b5405acc50873ab2fa2e5a"
},
"docker/swarm": {
"ref": "master",
"repos": [
"git@github.com:docker/swarm.git"
],
"sha": "087e2452f3ec474f112b4e5b8c52b8dacb5751be"
},
"docker/tutorials": {
"ref": "master",
"repos": [
"git@github.com:docker/tutorials.git"
],
"sha": "cb55d4de0df55e22f443aac664d66f092f06c56b"
},
"docs.docker.com": {
"ref": "refs/heads/1-9-release",
"repos": [
"git@github.com:moxiegirl/docs.docker.com.git",
"git@github.com:docker/docs.docker.com.git"
],
"sha": "5878eae5de6f012c67a2a4772327c9948274c351"
},
"kitematic/kitematic": {
"ref": "master",
"repos": [
"git@github.com:kitematic/kitematic.git"
],
"sha": "e533ed35d2eab31ce528675b0665f97516b4147b"
}
} </div>
</footer>
<link rel="stylesheet" href="../../../highlight/styles/github.css">
<script src="../../../highlight/highlight.pack.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
<script src="../../../dist/assets/js/all.js"></script>
<script>
$( 'nav li:has(ul)' ).doubleTapToGo();
</script>
<script>
;(function ( $, window, document, undefined ) {
var pluginName = 'accordion',
defaults = {
transitionSpeed: 300,
transitionEasing: 'ease',
controlElement: '[data-control]',
contentElement: '[data-content]',
groupElement: '[data-accordion-group]',
singleOpen: true
};
function Accordion(element, options) {
this.element = element;
this.options = $.extend({}, defaults, options);
this._defaults = defaults;
this._name = pluginName;
this.init();
}
Accordion.prototype.init = function () {
var self = this,
opts = self.options;
var $accordion = $(self.element),
$controls = $accordion.find('> ' + opts.controlElement),
$content = $accordion.find('> ' + opts.contentElement);
var accordionParentsQty = $accordion.parents('[data-accordion]').length,
accordionHasParent = accordionParentsQty > 0;
var closedCSS = { 'max-height': 0, 'overflow': 'hidden' };
var CSStransitions = supportsTransitions();
function debounce(func, threshold, execAsap) {
var timeout;
return function debounced() {
var obj = this,
args = arguments;
function delayed() {
if (!execAsap) func.apply(obj, args);
timeout = null;
};
if (timeout) clearTimeout(timeout);
else if (execAsap) func.apply(obj, args);
timeout = setTimeout(delayed, threshold || 100);
};
}
function supportsTransitions() {
var b = document.body || document.documentElement,
s = b.style,
p = 'transition';
if (typeof s[p] == 'string') {
return true;
}
var v = ['Moz', 'webkit', 'Webkit', 'Khtml', 'O', 'ms'];
p = 'Transition';
for (var i=0; i<v.length; i++) {
if (typeof s[v[i] + p] == 'string') {
return true;
}
}
return false;
}
function requestAnimFrame(cb) {
if(window.requestAnimationFrame || window.webkitRequestAnimationFrame || window.mozRequestAnimationFrame) {
return requestAnimationFrame(cb) ||
webkitRequestAnimationFrame(cb) ||
mozRequestAnimationFrame(cb);
} else {
return setTimeout(cb, 1000 / 60);
}
}
function toggleTransition($el, remove) {
if(!remove) {
$content.css({
'-webkit-transition': 'max-height ' + opts.transitionSpeed + 'ms ' + opts.transitionEasing,
'transition': 'max-height ' + opts.transitionSpeed + 'ms ' + opts.transitionEasing
});
} else {
$content.css({
'-webkit-transition': '',
'transition': ''
});
}
}
function calculateHeight($el) {
var height = 0;
$el.children().each(function() {
height = height + $(this).outerHeight(true);
});
$el.data('oHeight', height);
}
function updateParentHeight($parentAccordion, $currentAccordion, qty, operation) {
var $content = $parentAccordion.filter('.open').find('> [data-content]'),
$childs = $content.find('[data-accordion].open > [data-content]'),
$matched;
if(!opts.singleOpen) {
$childs = $childs.not($currentAccordion.siblings('[data-accordion].open').find('> [data-content]'));
}
$matched = $content.add($childs);
if($parentAccordion.hasClass('open')) {
$matched.each(function() {
var currentHeight = $(this).data('oHeight');
switch (operation) {
case '+':
$(this).data('oHeight', currentHeight + qty);
break;
case '-':
$(this).data('oHeight', currentHeight - qty);
break;
default:
throw 'updateParentHeight method needs an operation';
}
$(this).css('max-height', $(this).data('oHeight'));
});
}
}
function refreshHeight($accordion) {
if($accordion.hasClass('open')) {
var $content = $accordion.find('> [data-content]'),
$childs = $content.find('[data-accordion].open > [data-content]'),
$matched = $content.add($childs);
calculateHeight($matched);
$matched.css('max-height', $matched.data('oHeight'));
}
}
function closeAccordion($accordion, $content) {
$accordion.trigger('accordion.close');
if(CSStransitions) {
if(accordionHasParent) {
var $parentAccordions = $accordion.parents('[data-accordion]');
updateParentHeight($parentAccordions, $accordion, $content.data('oHeight'), '-');
}
$content.css(closedCSS);
$accordion.removeClass('open');
} else {
$content.css('max-height', $content.data('oHeight'));
$content.animate(closedCSS, opts.transitionSpeed);
$accordion.removeClass('open');
}
}
function openAccordion($accordion, $content) {
$accordion.trigger('accordion.open');
if(CSStransitions) {
toggleTransition($content);
if(accordionHasParent) {
var $parentAccordions = $accordion.parents('[data-accordion]');
updateParentHeight($parentAccordions, $accordion, $content.data('oHeight'), '+');
}
requestAnimFrame(function() {
$content.css('max-height', $content.data('oHeight'));
});
$accordion.addClass('open');
} else {
$content.animate({
'max-height': $content.data('oHeight')
}, opts.transitionSpeed, function() {
$content.css({'max-height': 'none'});
});
$accordion.addClass('open');
}
}
function closeSiblingAccordions($accordion) {
var $accordionGroup = $accordion.closest(opts.groupElement);
var $siblings = $accordion.siblings('[data-accordion]').filter('.open'),
$siblingsChildren = $siblings.find('[data-accordion]').filter('.open');
var $otherAccordions = $siblings.add($siblingsChildren);
$otherAccordions.each(function() {
var $accordion = $(this),
$content = $accordion.find(opts.contentElement);
closeAccordion($accordion, $content);
});
$otherAccordions.removeClass('open');
}
function toggleAccordion() {
var isAccordionGroup = (opts.singleOpen) ? $accordion.parents(opts.groupElement).length > 0 : false;
calculateHeight($content);
if(isAccordionGroup) {
closeSiblingAccordions($accordion);
}
if($accordion.hasClass('open')) {
closeAccordion($accordion, $content);
} else {
openAccordion($accordion, $content);
}
}
function addEventListeners() {
$controls.on('click', toggleAccordion);
$controls.on('accordion.toggle', function() {
if(opts.singleOpen && $controls.length > 1) {
return false;
}
toggleAccordion();
});
$(window).on('resize', debounce(function() {
refreshHeight($accordion);
}));
}
function setup() {
$content.each(function() {
var $curr = $(this);
if($curr.css('max-height') != 0) {
if(!$curr.closest('[data-accordion]').hasClass('open')) {
$curr.css({ 'max-height': 0, 'overflow': 'hidden' });
} else {
toggleTransition($curr);
calculateHeight($curr);
$curr.css('max-height', $curr.data('oHeight'));
}
}
});
if(!$accordion.attr('data-accordion')) {
$accordion.attr('data-accordion', '');
$accordion.find(opts.controlElement).attr('data-control', '');
$accordion.find(opts.contentElement).attr('data-content', '');
}
}
setup();
addEventListeners();
};
$.fn[pluginName] = function ( options ) {
return this.each(function () {
if (!$.data(this, 'plugin_' + pluginName)) {
$.data(this, 'plugin_' + pluginName,
new Accordion( this, options ));
}
});
}
})( jQuery, window, document );
$(document).ready(function() {
$('#multiple [data-accordion]').accordion({
singleOpen: false
});
});
</script>
<script src="/dist/assets/js/bootstrap-3.0.3.min.js"></script>
<script src="/dist/assets/js/archive.js"></script>
<script type="text/javascript">
!function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","once","off","on"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t){var e=document.createElement("script");e.type="text/javascript";e.async=!0;e.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(e,n)};analytics.SNIPPET_VERSION="4.0.0";
analytics.load("IWj9D0UpZHZdZUZX9jl98PcpBFWBnBMy");
analytics.page();
}}();
</script>
Reference in New Issue View Git Blame Copy Permalink