美文网首页
在Ubuntu16.10上开启docker17.03.0-ce的

在Ubuntu16.10上开启docker17.03.0-ce的

作者: cn華少 | 来源:发表于2017-08-10 09:06 被阅读14次

    1、生成CA私钥和公钥:

    $ openssl genrsa -aes256 -out ca-key.pem 4096

    效果如下:

    Generating RSA private key,4096bit long modulus............................................................................................................................................................................................++........++e is65537(0x10001)

    Enter pass phraseforca-key.pem: cloud

    Verifying - Enter pass phraseforca-key.pem: cloud

    需要记住设置的key,下面要用

    2、进行证书生成

    $ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem

    Enter pass phrase for ca-key.pem:

    You are about to be asked to enter information that will be incorporated

    into your certificate request.

    What you are about to enter is what is called a Distinguished Name or a DN.

    There are quite a few fields but you can leave some blank

    For some fields there will be a default value,

    If you enter '.', the field will be left blank.

    -----

    Country Name (2 letter code) [AU]:cn

    State or Province Name (full name) [Some-State]:shandong

    Locality Name (eg, city) []:jinan

    Organization Name (eg, company) [Internet Widgits Pty Ltd]:zhangyc

    Organizational Unit Name (eg, section) []:zhangyc

    Common Name (e.g. server FQDN or YOUR name) []:zhangyc

    Email Address []:lz2392504@gmail.com

    3、根据根证书,生成服务器证书、客户端证书

    $ openssl genrsa -out server-key.pem 4096

    $ openssl req -subj "/CN=cloudtop" -sha256 -new -key server-key.pem -out server.csr

    $ echo subjectAltName = DNS:cloudtop,IP:172.31.142.210,IP:127.0.0.1 > extfile.cnf

    $ openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf

    $ openssl genrsa -out key.pem 4096

    $ openssl req -subj '/CN=client' -new -key key.pem -out client.csr

    $ echo extendedKeyUsage = clientAuth > extfile.cnf
    $ openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf

    $ rm -v client.csr server.csr

    $ chmod -v 0400 ca-key.pem key.pem server-key.pem

    $ chmod -v 0444 ca.pem server-cert.pem cert.pem

    $ sudo vim /etc/systemd/system/docker.service.d/http-proxy.conf

    新版需要编辑/etc/systemd/system/docker.service.d/docker.conf

    $ sudo cat /etc/systemd/system/docker.service.d/docker.conf

    [Service]

    ExecStart=

    ExecStart=/usr/bin/dockerd  -H fd:// --tlsverify --tlscacert=/home/zhangyc/ca.pem --tlscert=/home/zhangyc/server-cert.pem --tlskey=/home/zhangyc/server-key.pem -H=172.31.142.111:4096

    4、启动配置参考

    在ubuntu16.10上开启docker 17.03.0-ce的http远程访问

    相关文章

      网友评论

          本文标题:在Ubuntu16.10上开启docker17.03.0-ce的

          本文链接:https://www.haomeiwen.com/subject/kbmxottx.html