美文网首页
docker daemon mode & tls

docker daemon mode & tls

作者: 偷油考拉 | 来源:发表于2023-01-12 17:02 被阅读0次

    daemon mode

    tcp:// -> TCP 连接到 127.0.0.1 ,开启TLS时端口为2376,明文时端口为2375。
    tcp://host:2375 -> TCP 连接到 host:2375
    tcp://host:2375/path -> TCP 连接到 host:2375 ,并且 prepend path to all requests
    unix://path/to/socket -> Unix socket ,socket路径是 path/to/socket

    sudo dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock &

    如下范例:

    [root@harbor ~]# dockerd -H tcp:// 
INFO[2022-08-16T00:16:39.956170852+08:00] Starting up                                  
WARN[2022-08-16T00:16:39.960460670+08:00] Binding to IP address without --tlsverify is insecure and gives root access on this machine to everyone who has access to your network.  host="tcp://localhost:2375"
WARN[2022-08-16T00:16:39.960500100+08:00] Binding to an IP address, even on localhost, can also give access to scripts run in a browser. Be safe out there!  host="tcp://localhost:2375"
INFO[2022-08-16T00:16:40.966803061+08:00] parsed scheme: "unix"                         module=grpc
INFO[2022-08-16T00:16:40.966869034+08:00] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2022-08-16T00:16:40.966914957+08:00] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2022-08-16T00:16:40.966947401+08:00] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2022-08-16T00:16:40.973137568+08:00] parsed scheme: "unix"                         module=grpc
INFO[2022-08-16T00:16:40.973175281+08:00] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2022-08-16T00:16:40.973201668+08:00] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2022-08-16T00:16:40.973216361+08:00] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2022-08-16T00:16:40.991689843+08:00] [graphdriver] using prior storage driver: overlay2 
INFO[2022-08-16T00:16:41.202437009+08:00] Loading containers: start.                   
INFO[2022-08-16T00:16:41.230780696+08:00] Firewalld: docker zone already exists, returning 
INFO[2022-08-16T00:16:41.707660531+08:00] Firewalld: interface docker0 already part of docker zone, returning 
INFO[2022-08-16T00:16:41.760673912+08:00] Firewalld: interface docker0 already part of docker zone, returning 
INFO[2022-08-16T00:16:42.101350623+08:00] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address 
INFO[2022-08-16T00:16:42.233490138+08:00] Firewalld: interface docker0 already part of docker zone, returning 
INFO[2022-08-16T00:16:42.366557998+08:00] Loading containers: done.                    
INFO[2022-08-16T00:16:42.424528745+08:00] Docker daemon                                 commit=a89b842 graphdriver(s)=overlay2 version=20.10.17
INFO[2022-08-16T00:16:42.424644223+08:00] Daemon has completed initialization          
INFO[2022-08-16T00:16:42.455568279+08:00] API listen on 127.0.0.1:2375

    客户端连接

    [root@harbor system]# docker -H :2375 ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

    daemon mode with TLS

    启动deamon

     dockerd -H :2376 --tls --tlscert /data/tls/server-cert.pem --tlskey /data/tls/server-key.pem --tlscaert /data/tls/ca.pem

    [root@harbor ~]# dockerd -H :2376 --tls --tlscert /data/tls/server-cert.pem --tlskey /data/tls/server-key.pem --tlscacert /data/tls/ca.pem 
INFO[2022-08-16T22:53:54.492328269+08:00] Starting up                                  
INFO[2022-08-16T22:53:54.499845381+08:00] parsed scheme: "unix"                         module=grpc
INFO[2022-08-16T22:53:54.499905168+08:00] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2022-08-16T22:53:54.499951288+08:00] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2022-08-16T22:53:54.499980758+08:00] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2022-08-16T22:53:54.507336170+08:00] parsed scheme: "unix"                         module=grpc
INFO[2022-08-16T22:53:54.507391553+08:00] scheme "unix" not registered, fallback to default scheme  module=grpc
INFO[2022-08-16T22:53:54.507434300+08:00] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc
INFO[2022-08-16T22:53:54.507455357+08:00] ClientConn switching balancer to "pick_first"  module=grpc
INFO[2022-08-16T22:53:54.529733679+08:00] [graphdriver] using prior storage driver: overlay2 
INFO[2022-08-16T22:53:54.537409042+08:00] Loading containers: start.                   
INFO[2022-08-16T22:53:54.567828680+08:00] Firewalld: docker zone already exists, returning 
INFO[2022-08-16T22:53:54.975933928+08:00] Firewalld: interface docker0 already part of docker zone, returning 
INFO[2022-08-16T22:53:55.016530813+08:00] Firewalld: interface docker0 already part of docker zone, returning 
INFO[2022-08-16T22:53:55.297333481+08:00] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address 
INFO[2022-08-16T22:53:55.439717695+08:00] Firewalld: interface docker0 already part of docker zone, returning 
INFO[2022-08-16T22:53:55.583709845+08:00] Loading containers: done.                    
INFO[2022-08-16T22:53:55.608869469+08:00] Docker daemon                                 commit=a89b842 graphdriver(s)=overlay2 version=20.10.17
INFO[2022-08-16T22:53:55.609086848+08:00] Daemon has completed initialization          
INFO[2022-08-16T22:53:55.639051690+08:00] API listen on 127.0.0.1:2376

    客户端

    [root@harbor ~]# docker -H :2376 --tls --tlscacert /data/tls/ca.pem --tlscert /data/tls/cert.pem --tlskey /data/tls/key.pem ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

    相关文章

      网友评论

          本文标题:docker daemon mode & tls

          本文链接:https://www.haomeiwen.com/subject/ttklgrtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|docker daemon mode & tls|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!