Public Repository

Last pushed: 2 days ago
Short Description
Create TLS certs for Docker, inside a Windows Docker container.
Full Description

dockertls

Create TLS certs for Docker, inside a Docker container. This avoids installing LibreSSL 2.4.4 directly on your machine.
Inspired by the script DockerCertificateTools.ps1 and enhanced to update or create the daemon.json for the Docker service.

Usage

Test drive

Just run it in a clean environment creating two folders on your host:

mkdir server
mkdir client\.docker
docker run --rm `
  -e SERVER_NAME=$(hostname) `
  -e IP_ADDRESSES=127.0.0.1,192.168.254.135 `
  -v "$(pwd)\server:c:\programdata\docker" `
  -v "$(pwd)\client\.docker:c:\users\containeradministrator\.docker" stefanscherer/dockertls-windows
dir server\certs.d
dir server\config
dir client\.docker

Create your certs

Now create the certs and let the container

  1. copy the Server certs into Docker service config folder
  2. create or update the Docker service config file daemon.json
  3. copy the Client certs into your home directory.
mkdir $env:USERPROFILE\.docker
docker run --rm `
  -e SERVER_NAME=$(hostname) `
  -e IP_ADDRESSES=127.0.0.1,192.168.254.135 `
  -v "c:\programdata\docker:c:\programdata\docker" `
  -v "$env:USERPROFILE\.docker:c:\users\containeradministrator\.docker" stefanscherer/dockertls-windows

Afterwards restart the Docker service in an administrator SHELL

restart-service docker

Now connect to the TLS secured Docker service with

docker --tlsverify `
  --tlscacert=$env:USERPROFILE\.docker\ca.pem `
  --tlscert=$env:USERPROFILE\.docker\cert.pem `
  --tlskey=$env:USERPROFILE\.docker\key.pem `
  -H=tcp://127.0.0.1:2376 version

Or just set some environment variables

$env:DOCKER_HOST="tcp://127.0.0.1:2376"
$env:DOCKER_TLS_VERIFY="1"
docker version

See also

Docker Pull Command
Owner
stefanscherer

Comments (1)
cesardl
3 days ago

I think there's a bug. No matter what you specify as the user profile or client folder, it is always trying to copy the client files to C:\Users\ContainerAdministrator.docker as the output says after generating the keys:
"=== Copying Client certificates to C:\Users\ContainerAdministrator.docker"

Even worse, it never copies the client files neither to "C:\Users\ContainerAdministrator.docker" even if I create that folder..