docker机不能build立到外部主机的TLS连接
我已经为我的主机和客户端机器创build了tls证书,TLS连接确实可以工作,但不能由docker-machinebuild立。
- 在我的主机上有docker引擎运行
- 在我的客户端有
docker-machine可用
我到目前为止做了什么
- 为主机和客户端机器生成TLS证书和密钥
-
通过此命令testing从客户端到主机的连接:
curl https://192.168.0.103:2376/images/json \ --cert /sslkeys/cert.pem \ --key /sslkeys/key.pem \ --cacert /sslkeys/ca.pem -
自从我收到以下内容,连接成功了:
[{ “容器”: – 1, “创build”:1504129533, “ID”: “SHA256:14a81e00cf72fa2cdc3fd7d9a398fe7c74ad7dc9b5301b5e7d79829d60ee2b6a”, “标签”:{} “的ParentId”: “SHA256:06c38bd816aa257504c4cdf088bbed6d08ded0ae731fcdf5692233bad91959cf”, “RepoDigests”:NULL,“RepoTags “:” env_test2:最新的 “]”,SharedSize “: – 1,” 大小 “:672091921,” VirtualSize “:672091921},{” 容器 “ – 1”,创build “:1504129507,” ID “:” SHA256 :09de364b3da28acd549c2e0b7928a74f17b40e3ebec035bb452d38040c …
-
将密钥
ce.pem,key.pem,cert.pem(我生成的)移动到以下目录~/.docker/machine/certs -
然后我创build了一个没有驱动程序的新docker机,因为我的主机上已经有一个引擎运行了。 执行以下操作:
root@924599b8da81:~/.docker/machine/certs# docker-machine create dev --driver none -url=tcp://192.168.0.103:2376 Running pre-create checks... Creating machine... To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env dev -
如上所述,我现在将运行
docker-machine env dev:root@924599b8da81:~/.docker/machine/certs# docker-machine env dev Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.0.103:2376": x509: cannot validate certificate for 192.168.0.103 because it doesn't contain any IP SANs You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'. Be advised that this will trigger a Docker daemon restart which might stop running containers.
我真的不知道为什么这不起作用。 由于curl确实工作,我认为问题在于docker-machine而不是我所做的tlsconfiguration?