Copy #### Server config [ Docker Daemon ]
# Docker config root in Windows
cd /mnt/c/ProgramData/Docker
mkdir certs
cd certs
# Generate Server keys and cert
openssl genrsa -aes256 -out ca-key.pem 4096
openssl req -new -x509 -days 3650 -key ca-key.pem -sha256 -out ca.pem
openssl genrsa -out server-key.pem 4096 @bathindahelper I had the same issue as you on Ubuntu 18.04.x. Removing (or commenting out) RANDFILE = $ENV::HOME/.rnd from /etc/ssl/openssl.cnf worked for me. Source :
Copy # Create Server CSR (Certificate Signing Request)
openssl req -subj "/CN=127.0.0.1" -sha256 -new -key server-key.pem -out server.csr
# Set attributes
echo subjectAltName = IP:127.0.0.1 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
# Generate signed cert
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf
#### Client Config
# Create a key
openssl genrsa -out key.pem 4096
# Create Client CSR (Certificate Signing Request)
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth >> client-extfile.cnf
# Generate signed cert
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile client-extfile.cnf
# Copy to Client
cp ca.pem ~/.docker
cp cert.pem ~/.docker
cp key.pem ~/.docker
# Set ENV variables
export DOCKER_HOST=tcp://127.0.0.1:2376
export DOCKER_TLS_VERIFY=1
C:\ProgramData\Docker\config\daemon.json
Copy {
"registry-mirrors": [],
"insecure-registries": [],
"debug": true,
"experimental": true,
"hosts": [
"tcp://127.0.0.1:2376",
"npipe://"
],
"tlsverify": true,
"tlscacert": "c:\\ProgramData\\docker\\certs\\ca.pem",
"tlscert": "c:\\ProgramData\\docker\\certs\\server-cert.pem",
"tlskey": "c:\\ProgramData\\docker\\certs\\server-key.pem"
}
Copy sudo dockerd \
--debug \
--tls=true \
--tlscert=/home/username/.docker/server-cert.pem \
--tlskey=/home/username/.docker/server-key.pem \
--host tcp://192.168.142.128:2376 I was able to manually specify the above and get things running. However, I'd much rather have the config load when I start the VM.
Set a static IP. You will need to do this in the above steps when creating the CA and certs.
Copy {
"debug": true,
"hosts": [
"tcp://192.168.142.128:2376"
],
"tls": true,
"tlscert": "/home/username/.docker/server-cert.pem",
"tlskey": "/home/username/.docker/server-key.pem"
}
Copy [Service]
ExecStart=
ExecStart=/usr/bin/dockerd