Docker: Enable API: Difference between revisions
From wiki.jacobjohns.com
jwiki>jjohns No edit summary |
jwiki>jjohns |
||
| Line 12: | Line 12: | ||
"hosts": ["unix:///var/run/docker.sock", "tcp://<HostIP>:2375"] | "hosts": ["unix:///var/run/docker.sock", "tcp://<HostIP>:2375"] | ||
} | } | ||
3.Restart docker: <code>systemctl restart docker</code> | 3. Restart docker: <code>systemctl restart docker</code> | ||
==Securing Docker API== | ==Securing Docker API== | ||
To add tls and secure the API create certs for the host, store them, and add them to the daemon.json file as the below: | 1. To add <code>tls</code> and secure the API create certs for the host, store them, and add them to the <code>daemon.json</code> file as the below: | ||
{ | { | ||
"hosts": ["unix:///var/run/docker.sock", "tcp://10.1.31.100:2375"], | "hosts": ["unix:///var/run/docker.sock", "tcp://10.1.31.100:2375"], | ||
| Line 25: | Line 25: | ||
"tlsverify": true | "tlsverify": true | ||
} | } | ||
2. Verify the file permissions on the certificate path or set with <code>chmod 700 <PathToCerts></code> | |||
Revision as of 14:52, 24 June 2023
Enable Docker API
- Edit the docker.service:
sudo systemctl edit docker.service- Add the below above the '### Lines below this comment will be discarded line':
[Service] ExecStart= ExecStart=/usr/bin/dockerd
2. Create /etc/docker/daemon.json with the below:
{
"hosts": ["unix:///var/run/docker.sock", "tcp://<HostIP>:2375"]
}
3. Restart docker: systemctl restart docker
Securing Docker API
1. To add tls and secure the API create certs for the host, store them, and add them to the daemon.json file as the below:
{
"hosts": ["unix:///var/run/docker.sock", "tcp://10.1.31.100:2375"],
"tls": true,
"tlscacert": "/server/config/docker-certs/rootCA.pem",
"tlscert": "/server/config/docker-certs/tndocker.fwe.com.crt",
"tlskey": "/server/config/docker-certs/tndocker.fwe.com.key",
"tlsverify": true
}
2. Verify the file permissions on the certificate path or set with chmod 700 <PathToCerts>
