在Ubuntu16.10上開啟docker17.03.0-ce的https認(rèn)證

1、生成CA私鑰和公鑰:

$ openssl genrsa -aes256 -out ca-key.pem 4096

效果如下:

Generating RSA private key,4096bit long modulus............................................................................................................................................................................................++........++e is65537(0x10001)

Enter pass phraseforca-key.pem: cloud

Verifying - Enter pass phraseforca-key.pem: cloud


需要記住設(shè)置的key,下面要用

2、進(jìn)行證書生成

$ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem

Enter pass phrase for ca-key.pem:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:cn

State or Province Name (full name) [Some-State]:shandong

Locality Name (eg, city) []:jinan

Organization Name (eg, company) [Internet Widgits Pty Ltd]:cnhuashao

Organizational Unit Name (eg, section) []:cnhuashao

Common Name (e.g. server FQDN or YOUR name) []:cnhuashao

Email Address []:lz2392504@gmail.com


3、根據(jù)根證書,生成服務(wù)器證書、客戶端證書

$ openssl genrsa -out server-key.pem 4096

$ openssl req -subj "/CN=cnhuashao" -sha256 -new -key server-key.pem -out server.csr

$ echo subjectAltName = DNS:cnhuashao,IP:192.168.210.1,IP:127.0.0.1 > extfile.cnf

$ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf

$ openssl genrsa -out key.pem 4096

$ openssl req -subj '/CN=client' -new -key key.pem -out client.csr

$ echo extendedKeyUsage = clientAuth > extfile.cnf
$ openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf

$ rm -v client.csr server.csr

$ chmod -v 0400 ca-key.pem key.pem server-key.pem

$ chmod -v 0444 ca.pem server-cert.pem cert.pem

$ sudo vim /etc/systemd/system/docker.service.d/http-proxy.conf

新版需要編輯/etc/systemd/system/docker.service.d/docker.conf

$ sudo cat /etc/systemd/system/docker.service.d/docker.conf

[Service]

ExecStart=

ExecStart=/usr/bin/dockerd? -H fd:// --tlsverify --tlscacert=/home/zhangyc/ca.pem --tlscert=/home/zhangyc/server-cert.pem --tlskey=/home/zhangyc/server-key.pem -H=192.168.210.1:4096

4、啟動配置參考

在ubuntu16.10上開啟docker 17.03.0-ce的http遠(yuǎn)程訪問 - 簡書

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容