Docker: Enable API: Difference between revisions

From wiki.jacobjohns.com
← Older edit
Jjohns (talk | contribs)
Bureaucrats, Interface administrators, Administrators
215 edits
VisualWikitext
jwiki>jjohns
m 7 revisions imported
 
(5 intermediate revisions by one other user not shown)
Line 1: Line 1:
[[File:Docker Logo.png|center|frameless]]
[[File:Docker Logo.png|center|frameless|250x250px]]


== Enable Docker API ==
== Enable Docker API ==


# Edit the docker.service
# Edit the docker.service: <code>sudo systemctl edit docker.service</code>
#* <code>sudo systemctl edit docker.service</code>
#* Add the below above the '''### Lines below this comment will be discarded line''<nowiki/>':
#* Add the below above the '''### Lines below this comment will be discarded line''<nowiki/>':
   [Service]   
   [Service]   
   ExecStart=   
   ExecStart=   
   ExecStart=/usr/bin/dockerd
   ExecStart=/usr/bin/dockerd
#Create <code>/etc/docker/daemon.json</code>  with the below  
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;2. Create <code>/etc/docker/daemon.json</code>  with the below:
   {      
   {      
     "hosts": ["unix:///var/run/docker.sock", "tcp://<HostIP>:2375"]   
     "hosts": ["unix:///var/run/docker.sock", "tcp://<HostIP>:2375"]   
   }
   }
#Restart docker
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;3. Restart docker: <code>systemctl restart docker</code>
#*<code>systemctl restart docker</code>
 
==Securing Docker API==
 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1. To add <code>tls</code> and secure the API create certs for the host, store them, and add them to the <code>daemon.json</code> file as the below:
  {
    "hosts": ["unix:///var/run/docker.sock", "tcp://10.1.31.100:2375"],
    "tls": true,
    "tlscacert": "/server/config/docker-certs/rootCA.pem",
    "tlscert": "/server/config/docker-certs/tndocker.fwe.com.crt",
    "tlskey": "/server/config/docker-certs/tndocker.fwe.com.key",
    "tlsverify": true
  }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;2. Verify the file permissions on the certificate path or set with <code>chmod 700 <PathToCerts></code>

Latest revision as of 16:06, 27 July 2024

Enable Docker API

  1. Edit the docker.service: sudo systemctl edit docker.service
    • Add the below above the '### Lines below this comment will be discarded line':
 [Service]  
 ExecStart=   
 ExecStart=/usr/bin/dockerd

        2. Create /etc/docker/daemon.json with the below: 

 {     
   "hosts": ["unix:///var/run/docker.sock", "tcp://<HostIP>:2375"]   
 }

        3. Restart docker: systemctl restart docker

Securing Docker API

        1. To add tls and secure the API create certs for the host, store them, and add them to the daemon.json file as the below: 

 {
   "hosts": ["unix:///var/run/docker.sock", "tcp://10.1.31.100:2375"],
   "tls": true,
   "tlscacert": "/server/config/docker-certs/rootCA.pem",
   "tlscert": "/server/config/docker-certs/tndocker.fwe.com.crt",
   "tlskey": "/server/config/docker-certs/tndocker.fwe.com.key",
   "tlsverify": true
 }

        2. Verify the file permissions on the certificate path or set with chmod 700 <PathToCerts>

Retrieved from "https://wiki.jacobjohns.com/index.php?title=Docker:_Enable_API&oldid=264"