-
Remotely Administering the Docker Engine on Windows Server 2016 | DBA From The Cold
"Open up a admin powershell session on your server and navigate to the root of the C: drive. First we’ll create a folder to download the necessary certificates to: – 1 2 cd C:\ mkdir docker Now we’re going to follow some of the steps outlined by Stefan Scherer here So first, we need to create a couple more directories: – 1 2 3 4 cd C:\docker mkdir server\certs.d mkdir server\config mkdir client\.docker And now we’re going to download a image from Stephan’s docker hub to create the required TLS certificates on our server and drop them in the folders we just created (replace the second IP address with the IP address of your server): – 1 2 3 4 5 6 7 8 docker run --rm ` -e SERVER_NAME=$(hostname) ` -e IP_ADDRESSES=127.0.0.1,192.168.XX.XX ` -v "$(pwd)\server:c:\programdata\docker" ` -v "$(pwd)\client\.docker:c:\users\containeradministrator\.docker" stefanscherer/dockertls-windows dir server\certs.d dir server\config dir client\.docker Once complete you’ll see: – Now we need to copy the created certs (and the daemon.json file) to the following locations: – 1 2 3 4 5 mkdir C:\ProgramData\docker\certs.d copy-item C:\docker\server\certs.d\ca.pem C:\ProgramData\docker\certs.d copy-item C:\docker\server\certs.d\server-cert.pem C:\ProgramData\docker\certs.d copy-item C:\docker\server\certs.d\server-key.pem C:\ProgramData\docker\certs.d copy-item C:\docker\server\config\daemon.json C:\ProgramData\docker\config Also open up the daemon.json file and make sure it looks like this: – 1 2 3 4 5 6 7 8 9 10 { "hosts": [ "tcp://0.0.0.0:2375", "npipe://" ], "tlscert": "C:\\ProgramData\\docker\\certs.d\\server-cert.pem", "tlskey": "C:\\ProgramData\\docker\\certs.d\\server-key.pem", "tlscacert": "C:\\ProgramData\\docker\\certs.d\\ca.pem", "tlsverify": true } Now restart the docker engine: – 1 restart-service docker N.B. – If you get an error, have a look in the application event log. The error messages generated are pretty good in letting you know what’s gone wrong (for a freaking change…amiright??) Next we need to copy the docker certs to our local machine so that we can reference them when trying to connect to the docker engine remotely So copy all the certs from C:\ProgramData\docker\certs.d to your user location on your machine, mine is C:\Users\Andrew.Pruski\.docker We can then connect remotely via: – 1 2 3 4 5 docker --tlsverify ` --tlscacert=$env:USERPROFILE\.docker\ca.pem ` --tlscert=$env:USERPROFILE\.docker\server-cert.pem ` --tlskey=$env:USERPROFILE\.docker\server-key.pem ` -H=tcp://192.168.XX.XX:2375 version Remember that you’ll need to open up port 2375 on the server’s firewall and you’ll need the Docker client on your local machine (if not already installed). Also Microsoft’s article advises that the following warning is benign: – level=info msg=”Unable to use system certificate pool: crypto/x509: system root pool is not available on Windows” Whatever that means. Maybe I’ll just stick to the remote powershell sessions "
-
How to run encrypted Windows websites with Docker and Træfɪk
"$ips = ((Get-NetIPAddress -AddressFamily IPv4).IPAddress) -Join ','"
Sunday, July 16, 2017
Weekly link roll (weekly)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment