Public | Automated Build

Last pushed: 2 years ago
Short Description
Secure Docker ambassador tunnel.
Full Description

A busybox-based image that allows two Docker containers to communicate with each other over an untrusted network using an encrypted connection. Relies on an etcd cluster to coordinate container information. Encryption is provided via OpenSSL.

See http://www.cs.toronto.edu/~lungj/blog/?p=1417 for more details.

Convenience wrappers can be found at https://github.com/SojournLabs/ambassador.

Server

docker run -t -i --rm -v /var/run/docker.sock:/var/run/docker.sock
                      -v path/to/ca/certificate:/vapr/certstore/ca.crt:ro \
                      -v path/to/server/certificate:/vapr/certstore/peer.crt:ro \
                      -v path/to/server/key:/vapr/keys/peer.key:ro \
                      -p p1 -p p2 -p p3 ... -p pn \
                      sojournlabs/ambassador server container external_ip

where container is the name of the container to expose and external_ip is the ip
address of the host computer. p1 ... pn are arbitrary port numbers. n must be at least
equal to the number of ports exposed by container.

Client

docker run -t -i --rm -v /var/run/docker.sock:/var/run/docker.sock
                      -v path/to/ca/certificate:/vapr/certstore/ca.crt:ro \
                      -v path/to/client/certificate:/vapr/certstore/peer.crt:ro \
                      -v path/to/client/key:/vapr/keys/peer.key:ro \
                      sojournlabs/ambassador client container external_ip

where container is the name of the container to connect to and external_ip is the ip
address of the host computer.

Docker Pull Command
Owner
sojournlabs
Source Repository