Ubuntu18.04下安装Docker并配置SSL证书加密远程连接
2021-06-29 20:13
776 查看
Docker下载与安装
下载安装包
国内网络连接docker镜像还是比较慢的,这里推荐直接下载docker镜像,Ubuntu镜像下载路径为:https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/ ,可以下载合适的版本,我下载的文件列表如下:
containerd.io_1.4.6-1_amd64.deb
docker-ce_20.10.73-0ubuntu-xenial_amd64.deb
docker-ce-cli_20.10.73-0ubuntu-xenial_amd64.deb
安装
dpkg -i [packagename]
注意:
docker-ce_20.10.7~3-0~ubuntu-xenial_amd64.deb这个包需要最后安装
hello-world
# docker run hello-world Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/
启动并加入开机启动
systemctl start docker && systemctl enable docker
验证安装
[root@172 software]# docker version Client: Docker Engine - Community Version: 20.10.7 API version: 1.41 Go version: go1.13.15 Git commit: f0df350 Built: Wed Jun 2 11:58:10 2021 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.7 API version: 1.41 (minimum version 1.12) Go version: go1.13.15 Git commit: b0f5bc3 Built: Wed Jun 2 11:56:35 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.6 GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d runc: Version: 1.0.0-rc95 GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 docker-init: Version: 0.19.0 GitCommit: de40ad0
配置SSL证书
生成证书有效期10年的证书
在服务器中新建一个目录,并切换到该目录下
mkdir /etc/docker && cd /etc/docker
创建根证书RSA私钥
openssl genrsa -aes256 -out ca-key.pem 4096
备注:此处需要两次输入密码,请务必记住该密码,在后面步骤会用到
创建CA证书
openssl req -new -x509 -days 3650 -key ca-key.pem -sha256 -out ca.pem
备注:该步骤以上一步生成的密钥创建证书,也就是自签证书,也可从第三方CA机构签发
创建服务端私钥
openssl genrsa -out server-key.pem 4096
创建服务端签名请求证书文件
openssl req -subj "/CN=172.31.128.152" -sha256 -new -key server-key.pem -out server.csr
备注:其中的IP地址为自己服务器IP地址
创建extfile.cnf的配置文件
echo subjectAltName = IP:172.31.128.152,IP:0.0.0.0 >> extfile.cnf \ echo extendedKeyUsage = serverAuth >> extfile.cnf
备注:其中IP地址改为自己服务器IP地址
创建签名生效的服务端证书文件
openssl x509 -req -days 3650 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \-CAcreateserial -out server-cert.pem -extfile extfile.cnf
创建客户端私钥
openssl genrsa -out key.pem 4096
创建客户端签名请求证书文件
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
extfile.cnf文件中增加配置
echo extendedKeyUsage = clientAuth >> extfile.cnf
创建签名生效的客户端证书文件
openssl x509 -req -days 3650 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \-CAcreateserial -out cert.pem -extfile extfile.cnf
删除无用文件
rm -v client.csr server.csr
为证书文件授权
chmod -v 0400 ca-key.pem key.pem server-key.pem chmod -v 0444 ca.pem server-cert.pem cert.pem
查看证书有效期
openssl x509 -in ca.pem -noout -dates notBefore=Jun 5 03:23:23 2021 GMT notAfter=Jun 3 03:23:23 2031 GMT
配置Docker支持TLS连接
编辑docker.service配置文件
vim /lib/systemd/system/docker.service
找到ExecStart=开头的一行代码,将其替换为如下内容
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 --tlsverify --tlscacert=/etc/docker/cert/ca.pem --tlscert=/etc/docker/cert/server-cert.pem --tlskey=/etc/docker/cert/server-key.pem --containerd=/run/containerd/containerd.sock
备注:此处设置docker远程端口为2375,可根据需要修改
刷新配置,重启Docker
systemctl daemon-reload && systemctl restart docker
重启后查看服务状态
systemctl status docker
ca.pem cert.pem key.pem这三个是我们客户端调用所需的证书文件
参考链接
Docker启用TLS进行安全配置:https://www.cnblogs.com/xiaoqi/p/docker-tls.html
相关文章推荐
- 阿里云esc ubuntu18.04安装mysql;配置mysql环境;通过navicat远程连接
- Docker 安装 Redis 详细步骤及配置远程连接注意事项
- eclipse远程连接Linux(Ubuntu18.04)的hadoop2.7.7配置
- ubuntu下MySQL的安装及远程连接配置等配置
- Ubuntu16.04 下安装MySQL并配置远程连接访问
- Ubuntu中Mysql安装/配置/远程连接/用户创建(用户权限设置)
- ubuntu下MySQL的安装及远程连接配置(转)
- Docker 配置SSL证书加密远程链接 Remote/Rest API
- docker-compose一键安装bitnami-redmine项目管理系统 配置修改 (ubuntu 18.04)
- Ubuntu下MySQL的安装及远程连接配置等配置
- Ubuntu下MySQL的安装及远程连接配置等配置
- ubuntu用ppa安装mysql并配置远程连接
- ubuntu下MySQL的安装及远程连接配置(转)
- Ubuntu简单安装mysql 并配置远程连接
- Ubuntu安装Mysql以及配置远程连接(笔记)
- Ubuntu下MySQL的安装及远程连接配置等配置
- Ubuntu16.04下mongodb的安装、用户配置、远程连接
- Ubuntu服务器版安装MySQL数据库(转载)以及配置远程连接
- Ubuntu下MySQL的安装及远程连接配置等配置
- 在Ubuntu使用anaconda安装TensorFlow2.0,配置jupyter并连接远程主机