docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/articles/https/index.html

1954 lines
72 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Protect the Docker daemon socket </title>
<link rel="shortcut icon" href="/images/favicon.png" type="image/x-icon">
<link rel="stylesheet" href="/dist/assets/css/bootstrap-custom.css" />
<link rel="stylesheet" href="/dist/assets/css/app.css" />
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/animate.css/3.2.6/animate.min.css">
<link rel="stylesheet" href="/css/custom.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script href="/dist/assets/js/modernizr.js"></script>
</head>
<body>
<div class="off-canvas-wrap" data-offcanvas>
<div class="inner-wrap">
<a class="left-off-canvas-toggle" href="#" >
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="35px" height="35px" viewBox="0 0 35 35" enable-background="new 0 0 35 35" xml:space="preserve">
<path fill="#3597D4" d="M30.583,9.328c0,0.752-0.539,1.362-1.203,1.362H5.113c-0.664,0-1.203-0.61-1.203-1.362l0,0
c0-0.752,0.539-1.362,1.203-1.362H29.38C30.045,7.966,30.583,8.576,30.583,9.328L30.583,9.328z"/>
<path fill="#3597D4" d="M30.583,17.09c0,0.752-0.539,1.362-1.203,1.362H5.113c-0.664,0-1.203-0.61-1.203-1.362l0,0
c0-0.752,0.539-1.362,1.203-1.362H29.38C30.045,15.728,30.583,16.338,30.583,17.09L30.583,17.09z"/>
<path fill="#3597D4" d="M30.583,24.387c0,0.752-0.539,1.362-1.203,1.362H5.113c-0.664,0-1.203-0.61-1.203-1.362l0,0
c0-0.752,0.539-1.362,1.203-1.362H29.38C30.045,23.025,30.583,23.635,30.583,24.387L30.583,24.387z"/>
</svg>
</a>
<a class="button secondary small get-started-cta">Get Started</a>
<header class="main-header">
<div class="row">
<div class="large-3 columns">
<a href="/"><img class="logo" src="/dist/assets/images/logo.png"></a>
</div>
<div class="large-9 columns">
<ul class="nav-global">
<li><a href="https://www.docker.com/support">Support</a></li>
<li><a href="https://training.docker.com/">Training</a></li>
<li><a href="/">Docs</a></li>
<li><a href="http://blog.docker.com/">Blog</a></li>
<li><a href="https://hub.docker.com/account/signup/">Docker Hub</a></li>
<li><a class="button" href="/mac/started/">Get Started</a></li>
</ul>
<ul class="nav-main">
<li><a href="https://www.docker.com/products">Products</a>
<ul>
<li><a href="https://www.docker.com/pricing">Pricing</a></li>
<li><a href="https://www.docker.com/whatisdocker">What is Docker?</a></li>
</ul>
</li>
<li><a href="https://www.docker.com/customers">Customers</a></li>
<li><a href="https://www.docker.com/community">Community</a>
<ul>
<li><a href="https://www.docker.com/community/meetups">Meetups</a></li>
<li><a href="https://www.docker.com/community/events">Events</a></li>
<li><a href="https://forums.docker.com">Forums</a></li>
<li><a href="http://www.scoop.it/t/docker-by-docker">Community News</a></li>
</ul>
</li>
<li><a href="https://www.docker.com/partners">Partners</a>
<ul>
<li><a href="https://www.docker.com/partners/partner-programs">Partner Programs</a></li>
</ul>
</li>
<li><a href="https://www.docker.com/company">Company</a>
<ul>
<li><a href="https://www.docker.com/news-and-press">News &amp; Press</a></li>
<li><a href="https://www.docker.com/work-docker">Work at Docker</a></li>
<li><a href="https://www.docker.com/company/management">Management</a></li>
<li><a href="https://www.docker.com/company/contact">Contact</a></li>
</ul>
</li>
<li><a href="https://www.docker.com/open-source">Open Source</a>
<ul>
<li><a href="https://www.docker.com/contribute">Contribute</a></li>
</ul>
</li>
</ul>
</div>
</div>
</header>
<aside class="left-off-canvas-menu">
<ul class="off-canvas-list">
<li class="has-submenu"><a href="#">Products</a>
<ul class="left-submenu">
<li class="back"><a href="#">Back</a></li>
<li><a href="#">Pricing</a></li>
<li><a href="#">What Is Docker</a></li>
<li><a href="#">Products</a></li>
<li><a href="#">Docker Engine</a></li>
<li><a href="#">Docker Hub</a></li>
<li><a href="#">Docker Registry</a></li>
<li><a href="#">Docker Machine</a></li>
<li><a href="#">Docker Swarm</a></li>
<li><a href="#">Docker Compose</a></li>
<li><a href="#">Kitematic</a></li>
</ul>
</li>
<li><a href="#">Customers</a></li>
<li class="has-submenu"><a href="#">Community</a>
<ul class="left-submenu">
<li class="back"><a href="#">Back</a></li>
<li><a href="#">Community</a></li>
<li><a href="#">Meetups</a></li>
<li><a href="https://www.docker.com/community/events">Events</a></li>
<li><a href="#">Forum</a></li>
<li><a href="#">Scoop.it</a></li>
</ul>
</li>
<li class="has-submenu"><a href="#">Partners</a>
<ul class="left-submenu">
<li class="back"><a href="#">Back</a></li>
<li><a href="#">Partners</a></li>
<li><a href="https://www.docker.com/partners/partner-programs">Partners Programs</a></li>
</ul>
</li>
<li><a href="#">Company</a></li>
<li class="has-submenu"><a href="#">Open Source</a>
<ul class="left-submenu">
<li class="back"><a href="#">Back</a></li>
<li><a href="#">Open Source</a></li>
<li><a href="#">Contribute</a></li>
<li><a href="#">Governance</a></li>
</ul>
</li>
</ul>
<ul class="nav-global-off-canvas">
<li><a href="#">Support</a></li>
<li><a href="#">Training</a></li>
<li><a href="#">Docs</a></li>
<li><a href="#">Blog</a></li>
<li><a href="#">Sign in</a></li>
<li><a href="#">Sign up</a></li>
</ul>
</aside>
<a class="exit-off-canvas"></a>
<div id="docs" class="row">
<div class="large-3 columns">
<section id="multiple" data-accordion-group>
<section data-accordion>
<article data-accordion>
<button data-control> Install</button>
<div data-content>
<article data-accordion>
<button data-control> Docker Engine</button>
<div data-content>
<a data-link href="/docker/installation/mac/" class=""> Installation on Mac OS X</a>
<a data-link href="/docker/installation/windows/" class=""> Installation on Windows</a>
<article data-accordion>
<button data-control> Linux</button>
<div data-content>
<a data-link href="/docker/installation/archlinux/" class=""> Installation on Arch Linux</a>
<a data-link href="/docker/installation/cruxlinux/" class=""> Installation on CRUX Linux</a>
<a data-link href="/docker/installation/centos/" class=""> Installation on CentOS</a>
<a data-link href="/docker/installation/debian/" class=""> Installation on Debian</a>
<a data-link href="/docker/installation/fedora/" class=""> Installation on Fedora</a>
<a data-link href="/docker/installation/frugalware/" class=""> Installation on FrugalWare</a>
<a data-link href="/docker/installation/gentoolinux/" class=""> Installation on Gentoo</a>
<a data-link href="/docker/installation/oracle/" class=""> Installation on Oracle Linux</a>
<a data-link href="/docker/installation/rhel/" class=""> Installation on Red Hat Enterprise Linux</a>
<a data-link href="/docker/installation/ubuntulinux/" class=""> Installation on Ubuntu </a>
<a data-link href="/docker/installation/SUSE/" class=""> Installation on openSUSE and SUSE Linux Enterprise</a>
</div>
</article>
<article data-accordion>
<button data-control> Cloud</button>
<div data-content>
<a data-link href="/docker/installation/amazon/" class=""> Amazon EC2 Installation</a>
<a data-link href="/docker/installation/joyent/" class=""> Install on Joyent Public Cloud</a>
<a data-link href="/docker/installation/google/" class=""> Installation on Google Cloud Platform</a>
<a data-link href="/docker/installation/softlayer/" class=""> Installation on IBM SoftLayer </a>
<a data-link href="/docker/installation/azure/" class=""> Installation on Microsoft Azure platform</a>
<a data-link href="/docker/installation/rackspace/" class=""> Installation on Rackspace Cloud</a>
</div>
</article>
<a data-link href="/docker/installation/binaries/" class=""> Installation from binaries</a>
</div>
</article>
<a data-link href="/kitematic/" class=""> Kitematic</a>
<a data-link href="/machine/install-machine/" class=""> Docker Machine</a>
<a data-link href="/compose/install/" class=""> Docker Compose</a>
<a data-link href="/swarm/install-w-machine/" class=""> Docker Swarm</a>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Docker Fundamentals</button>
<div data-content>
<a data-link href="/docker/userguide/" class=""> The Docker user guide</a>
<article data-accordion>
<button data-control> Work with Docker Images</button>
<div data-content>
<a data-link href="/articles/dockerfile_best-practices/" class=""> Best practices for writing Dockerfiles</a>
<a data-link href="/articles/baseimages/" class=""> Create a base image</a>
<a data-link href="/docker/userguide/dockerimages/" class=""> Get started with images</a>
<a data-link href="/docker/userguide/dockerrepos/" class=""> Get started with Docker Hub</a>
</div>
</article>
<article data-accordion>
<button data-control> Work with Docker Containers</button>
<div data-content>
<a data-link href="/articles/basics/" class=""> Get started with containers</a>
<a data-link href="/docker/userguide/usingdocker/" class=""> Working with containers</a>
<a data-link href="/docker/userguide/dockervolumes/" class=""> Managing data in containers</a>
<a data-link href="/docker/userguide/dockerlinks/" class=""> Linking containers together</a>
<a data-link href="/articles/host_integration/" class=""> Automatically start containers</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker on Windows &amp; OSX</button>
<div data-content>
<a data-link href="/articles/dsc/" class=""> PowerShell DSC Usage</a>
<a data-link href="/articles/b2d_volume_resize/" class=""> Resizing a Boot2Docker volume </a>
</div>
</article>
<article data-accordion>
<button data-control> Use the Kitematic GUI</button>
<div data-content>
<a data-link href="/kitematic/userguide/" class=""> Kitematic User Guide: Intro &amp; Overview</a>
<a data-link href="/kitematic/nginx-web-server/" class=""> Set up an Nginx web server</a>
<a data-link href="/kitematic/minecraft-server/" class=""> Set up a Minecraft Server</a>
<a data-link href="/kitematic/rethinkdb-dev-database/" class=""> Creating a Local RethinkDB Database for Development</a>
<a data-link href="/kitematic/faq/" class=""> Frequently Asked Questions</a>
<a data-link href="/kitematic/known-issues/" class=""> Known Issues</a>
</div>
</article>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Use Docker</button>
<div data-content>
<a data-link href="/docker/misc/" class=""> About Docker</a>
<a data-link href="/docker/userguide/labels-custom-metadata/" class=""> Apply custom metadata</a>
<a data-link href="/docker/introduction/understanding-docker/" class=""> Understand the architecture</a>
<article data-accordion>
<button data-control> Provision &amp; set up Docker hosts</button>
<div data-content>
<a data-link href="/machine/" class=""> Overview of Docker Machine</a>
</div>
</article>
<article data-accordion>
<button data-control> Create multi-container applications</button>
<div data-content>
<a data-link href="/compose/" class=""> Overview of Docker Compose</a>
<a data-link href="/compose/production/" class=""> Using Compose in production</a>
<a data-link href="/compose/extends/" class=""> Extending services in Compose</a>
<a data-link href="/compose/completion/" class=""> Command Completion</a>
<a data-link href="/compose/django/" class=""> Quickstart Guide: Compose and Django</a>
<a data-link href="/compose/rails/" class=""> Quickstart Guide: Compose and Rails</a>
<a data-link href="/compose/wordpress/" class=""> Quickstart Guide: Compose and Wordpress</a>
</div>
</article>
<article data-accordion>
<button data-control> Cluster Docker containers</button>
<div data-content>
<a data-link href="/swarm/" class=""> Docker Swarm</a>
<a data-link href="/swarm/install-manual/" class=""> Create a swarm for development</a>
<a data-link href="/swarm/discovery/" class=""> Docker Swarm discovery</a>
<a data-link href="/swarm/scheduler/filter/" class=""> Docker Swarm filters</a>
<a data-link href="/swarm/scheduler/strategy/" class=""> Docker Swarm strategies</a>
</div>
</article>
<article data-accordion>
<button data-control> Adminstrate Docker</button>
<div data-content>
<a data-link href="/articles/networking/" class=""> Network configuration</a>
<a data-link href="/articles/security/" class=""> Docker security</a>
<a data-link href="/articles/configuring/" class=""> Configuring and running Docker</a>
<a data-link href="/articles/runmetrics/" class=""> Runtime metrics</a>
<a data-link href="/articles/https/" class=" active"> Protect the Docker daemon socket</a>
<a data-link href="/articles/ambassador_pattern_linking/" class=""> Link via an ambassador container</a>
<a data-link href="/articles/systemd/" class=""> Control and configure Docker with systemd</a>
<article data-accordion>
<button data-control> Applications and Services</button>
<div data-content>
<a data-link href="/docker/examples/running_riak_service/" class=""> Dockerizing a Riak service</a>
<a data-link href="/docker/examples/running_ssh_service/" class=""> Dockerizing an SSH service</a>
</div>
</article>
<article data-accordion>
<button data-control> Integrate with Third-party Tools</button>
<div data-content>
<a data-link href="/articles/cfengine_process_management/" class=""> Process management with CFEngine</a>
<a data-link href="/articles/chef/" class=""> Using Chef</a>
<a data-link href="/articles/puppet/" class=""> Using Puppet</a>
<a data-link href="/articles/using_supervisord/" class=""> Using Supervisor with Docker</a>
</div>
</article>
</div>
</article>
<article data-accordion>
<button data-control> Applied Docker</button>
<div data-content>
<a data-link href="/docker/examples/mongodb/" class=""> Dockerizing MongoDB</a>
<a data-link href="/docker/examples/postgresql_service/" class=""> Dockerizing PostgreSQL</a>
<a data-link href="/docker/examples/couchdb_data_volumes/" class=""> Dockerizing a CouchDB service</a>
<a data-link href="/docker/examples/nodejs_web_app/" class=""> Dockerizing a Node.js web app</a>
<a data-link href="/docker/examples/running_redis_service/" class=""> Dockerizing a Redis service</a>
<a data-link href="/docker/examples/apt-cacher-ng/" class=""> Dockerizing an apt-cacher-ng service</a>
<a data-link href="/docker/userguide/dockerizing/" class=""> Dockerizing applications: A &#39;Hello world&#39;</a>
</div>
</article>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Manage image repositories</button>
<div data-content>
<article data-accordion>
<button data-control> The Public Hub</button>
<div data-content>
<a data-link href="/docker/docker-hub/userguide/" class=""> Docker Hub user guide</a>
<a data-link href="/docker/docker-hub/" class=""> The Docker Hub</a>
<a data-link href="/docker/docker-hub/accounts/" class=""> Accounts on Docker Hub</a>
<a data-link href="/docker/userguide/dockerhub/" class=""> Getting started with Docker Hub</a>
<a data-link href="/docker/docker-hub/repos/" class=""> Your Repositories on Docker Hub</a>
<a data-link href="/docker/docker-hub/builds/" class=""> Automated Builds on Docker Hub</a>
<a data-link href="/docker/docker-hub/official_repos/" class=""> Official Repositories on Docker Hub</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker Trusted Registry</button>
<div data-content>
<a data-link href="/docker-trusted-registry/" class=""> Overview</a>
<a data-link href="/docker-trusted-registry/quick-start/" class=""> Quick-start: Basic Workflow</a>
<a data-link href="/docker-trusted-registry/userguide/" class=""> User guide</a>
<a data-link href="/docker-trusted-registry/adminguide/" class=""> Admin guide</a>
<a data-link href="/docker-trusted-registry/install/" class=""> Installation</a>
<a data-link href="/docker-trusted-registry/configuration/" class=""> Configuration options</a>
<a data-link href="/docker-trusted-registry/support/" class=""> Support</a>
<a data-link href="/docker-trusted-registry/release-notes/" class=""> Release notes</a>
<a data-link href="/docker-trusted-registry/prior-release-notes/" class=""> Prior release notes archive</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker Registry</button>
<div data-content>
<a data-link href="/registry/" class=""> Docker Registry 2.0</a>
<a data-link href="/registry/introduction/" class=""> Understanding the Registry</a>
<a data-link href="/registry/deploying/" class=""> Deploying a registry server</a>
<a data-link href="/registry/configuration/" class=""> Configure a Registry</a>
<a data-link href="/registry/notifications/" class=""> Work with Notifications</a>
<a data-link href="/registry/authentication/" class=""> Authentication for the Registry</a>
<a data-link href="/registry/help/" class=""> Getting help</a>
</div>
</article>
<a data-link href="/articles/certificates/" class=""> Using certificates for repository client verification</a>
<a data-link href="/articles/registry_mirror/" class=""> Run a local registry mirror</a>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Command and API references</button>
<div data-content>
<article data-accordion>
<button data-control> Command line reference</button>
<div data-content>
<a data-link href="/docker/reference/commandline/cli/" class=""> Using the command line</a>
<a data-link href="/docker/reference/commandline/daemon/" class=""> daemon</a>
<a data-link href="/docker/reference/commandline/attach/" class=""> attach</a>
<a data-link href="/docker/reference/commandline/build/" class=""> build</a>
<a data-link href="/docker/reference/commandline/commit/" class=""> commit</a>
<a data-link href="/docker/reference/commandline/cp/" class=""> cp</a>
<a data-link href="/docker/reference/commandline/create/" class=""> create</a>
<a data-link href="/docker/reference/commandline/diff/" class=""> diff</a>
<a data-link href="/docker/reference/commandline/events/" class=""> events</a>
<a data-link href="/docker/reference/commandline/exec/" class=""> exec</a>
<a data-link href="/docker/reference/commandline/export/" class=""> export</a>
<a data-link href="/docker/reference/commandline/history/" class=""> history</a>
<a data-link href="/docker/reference/commandline/images/" class=""> images</a>
<a data-link href="/docker/reference/commandline/import/" class=""> import</a>
<a data-link href="/docker/reference/commandline/info/" class=""> info</a>
<a data-link href="/docker/reference/commandline/inspect/" class=""> inspect</a>
<a data-link href="/docker/reference/commandline/kill/" class=""> kill</a>
<a data-link href="/docker/reference/commandline/load/" class=""> load</a>
<a data-link href="/docker/reference/commandline/login/" class=""> login</a>
<a data-link href="/docker/reference/commandline/logout/" class=""> logout</a>
<a data-link href="/docker/reference/commandline/logs/" class=""> logs</a>
<a data-link href="/docker/reference/commandline/pause/" class=""> pause</a>
<a data-link href="/docker/reference/commandline/port/" class=""> port</a>
<a data-link href="/docker/reference/commandline/ps/" class=""> ps</a>
<a data-link href="/docker/reference/commandline/pull/" class=""> pull</a>
<a data-link href="/docker/reference/commandline/push/" class=""> push</a>
<a data-link href="/docker/reference/commandline/rename/" class=""> rename</a>
<a data-link href="/docker/reference/commandline/restart/" class=""> restart</a>
<a data-link href="/docker/reference/commandline/rm/" class=""> rm</a>
<a data-link href="/docker/reference/commandline/rmi/" class=""> rmi</a>
<a data-link href="/docker/reference/commandline/run/" class=""> run</a>
<a data-link href="/docker/reference/commandline/save/" class=""> save</a>
<a data-link href="/docker/reference/commandline/search/" class=""> search</a>
<a data-link href="/docker/reference/commandline/start/" class=""> start</a>
<a data-link href="/docker/reference/commandline/stats/" class=""> stats</a>
<a data-link href="/docker/reference/commandline/stop/" class=""> stop</a>
<a data-link href="/docker/reference/commandline/tag/" class=""> tag</a>
<a data-link href="/docker/reference/commandline/top/" class=""> top</a>
<a data-link href="/docker/reference/commandline/unpause/" class=""> unpause</a>
<a data-link href="/docker/reference/commandline/version/" class=""> version</a>
<a data-link href="/docker/reference/commandline/wait/" class=""> wait</a>
</div>
</article>
<a data-link href="/docker/reference/run/" class=""> Docker run reference</a>
<a data-link href="/docker/reference/builder/" class=""> Dockerfile reference</a>
<a data-link href="/docker/reference/api/remote_api_client_libraries/" class=""> Remote API client libraries</a>
<a data-link href="/docker/reference/api/docker_io_accounts_api/" class=""> docker.io accounts API</a>
<article data-accordion>
<button data-control> Docker Remote API</button>
<div data-content>
<a data-link href="/docker/reference/api/docker-io_api/" class=""> Docker Hub API</a>
<a data-link href="/docker/reference/api/docker_remote_api/" class=""> Remote API</a>
<a data-link href="/docker/reference/api/docker_remote_api_v1.19/" class=""> Remote API v1.19</a>
<a data-link href="/docker/reference/api/docker_remote_api_v1.18/" class=""> Remote API v1.18</a>
<a data-link href="/docker/reference/api/docker_remote_api_v1.17/" class=""> Remote API v1.17</a>
<a data-link href="/docker/reference/api/docker_remote_api_v1.16/" class=""> Remote API v1.16</a>
<a data-link href="/docker/reference/api/docker_remote_api_v1.15/" class=""> Remote API v1.15</a>
<a data-link href="/docker/reference/api/docker_remote_api_v1.14/" class=""> Remote API v1.14</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker Hub</button>
<div data-content>
<a data-link href="/docker/reference/api/hub_registry_spec/" class=""> The Docker Hub and the Registry v1</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker Compose Reference</button>
<div data-content>
<a data-link href="/compose/cli/" class=""> Compose CLI reference</a>
<a data-link href="/compose/yml/" class=""> docker-compose.yml reference</a>
<a data-link href="/compose/env/" class=""> Compose environment variables reference</a>
</div>
</article>
<a data-link href="" class=""> Docker Machine Reference</a>
<article data-accordion>
<button data-control> Docker Swarm Reference</button>
<div data-content>
<a data-link href="/swarm/api/swarm-api/" class=""> Docker Swarm API</a>
</div>
</article>
<article data-accordion>
<button data-control> Docker Registry Reference</button>
<div data-content>
<a data-link href="/registry/spec/api/" class=""> Docker Registry HTTP API V2</a>
<a data-link href="/registry/storagedrivers/" class=""> Docker Registry Storage Driver</a>
<a data-link href="/registry/spec/auth/token/" class=""> Docker Registry v2 Authentication</a>
</div>
</article>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> Open Source at Docker</button>
<div data-content>
<a data-link href="/opensource/how-to-contribute/" class=""> Overview of contributing</a>
<a data-link href="/docker/project/get-help/" class=""> Where to chat or get help</a>
<article data-accordion>
<button data-control> Configure Development Environment</button>
<div data-content>
<a data-link href="/docker/project/who-written-for/" class=""> README first</a>
<a data-link href="/docker/project/software-required/" class=""> Get the required software</a>
<a data-link href="/docker/project/software-req-win/" class=""> Set up for development on Windows</a>
<a data-link href="/docker/project/set-up-git/" class=""> Configure Git for contributing</a>
<a data-link href="/docker/project/set-up-dev-env/" class=""> Work with a development container</a>
<a data-link href="/docker/project/test-and-docs/" class=""> Run tests and test documentation</a>
</div>
</article>
<article data-accordion>
<button data-control> Contribution Workflow</button>
<div data-content>
<a data-link href="/docker/project/make-a-contribution/" class=""> Understand how to contribute</a>
<a data-link href="/docker/project/find-an-issue/" class=""> Find and claim an issue</a>
<a data-link href="/docker/project/work-issue/" class=""> Work on your issue</a>
<a data-link href="/docker/project/create-pr/" class=""> Create a pull request (PR)</a>
<a data-link href="/docker/project/review-pr/" class=""> Participate in the PR review</a>
<a data-link href="/docker/project/advanced-contributing/" class=""> Advanced contributing</a>
<a data-link href="/docker/project/coding-style/" class=""> Coding style checklist</a>
</div>
</article>
<a data-link href="/opensource/code/" class=""> Contribute code overview</a>
<a data-link href="/opensource/community/" class=""> Support the community</a>
<a data-link href="/opensource/issues/" class=""> Organize our issues</a>
<a data-link href="/opensource/meetups/" class=""> Organize a Docker Meetup</a>
<a data-link href="/opensource/test/" class=""> Testing contributions</a>
<article data-accordion>
<button data-control> Governance</button>
<div data-content>
<a data-link href="/opensource/governance/dgab-info/" class=""> Docker Governance Advisory Board</a>
<a data-link href="/opensource/governance/board-profiles/" class=""> Board member profiles</a>
<a data-link href="/opensource/governance/conduct-code/" class=""> Code of conduct</a>
</div>
</article>
<a data-link href="/docker/project/doc-style/" class=""> Style guide for Docker documentation</a>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button data-control> About</button>
<div data-content>
<a data-link href="/release-notes/" class=""> Docker Release Notes</a>
<a data-link href="/swarm/release-notes/" class=""> Docker Swarm Release Notes</a>
<a data-link href="/docker/misc/faq/" class=""> FAQ</a>
<a data-link href="/docker/reference/glossary/" class=""> Docker Glossary</a>
</div>
</article>
</section>
<section data-accordion>
<article data-accordion>
<button style="visibility: hidden" data-control> Get older docs</button>
<div data-content>
<a data-link href="https://docs.docker.com/v1.6/" class=""> Version 1.6</a>
<a data-link href="https://docs.docker.com/v1.5/" class=""> Version 1.5</a>
<a data-link href="https://docs.docker.com/v1.4/" class=""> Version 1.4</a>
</div>
</article>
</section>
</section>
<script>
$(document).ready(function () {
var $activeLink = $('#multiple [data-link].active');
var $accordions = $activeLink.parents('article[data-accordion]');
$($accordions.get().reverse()).each(function (index, accordion) {
var $accordion = $(accordion);
var $content = $accordion.find('[data-content]');
$accordion.addClass('open');
$content.css({'max-height': '100%'});
});
});
</script>
</div>
<div class="large-6 columns">
<section id="main">
<article id="content">
<h1 id="protect-the-docker-daemon-socket">Protect the Docker daemon socket</h1>
<p>By default, Docker runs via a non-networked Unix socket. It can also
optionally communicate using a HTTP socket.</p>
<p>If you need Docker to be reachable via the network in a safe manner, you can
enable TLS by specifying the <code>tlsverify</code> flag and pointing Docker&rsquo;s
<code>tlscacert</code> flag to a trusted CA certificate.</p>
<p>In the daemon mode, it will only allow connections from clients
authenticated by a certificate signed by that CA. In the client mode,
it will only connect to servers with a certificate signed by that CA.</p>
<blockquote>
<p><strong>Warning</strong>:
Using TLS and managing a CA is an advanced topic. Please familiarize yourself
with OpenSSL, x509 and TLS before using it in production.</p>
<p><strong>Warning</strong>:
These TLS commands will only generate a working set of certificates on Linux.
Mac OS X comes with a version of OpenSSL that is incompatible with the
certificates that Docker requires.</p>
</blockquote>
<h2 id="create-a-ca-server-and-client-keys-with-openssl">Create a CA, server and client keys with OpenSSL</h2>
<blockquote>
<p><strong>Note</strong>: replace all instances of <code>$HOST</code> in the following example with the
DNS name of your Docker daemon&rsquo;s host.</p>
</blockquote>
<p>First generate CA private and public keys:</p>
<pre><code>$ openssl genrsa -aes256 -out ca-key.pem 2048
Generating RSA private key, 2048 bit long modulus
......+++
...............+++
e is 65537 (0x10001)
Enter pass phrase for ca-key.pem:
Verifying - Enter pass phrase for ca-key.pem:
$ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
Enter pass phrase for ca-key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:Queensland
Locality Name (eg, city) []:Brisbane
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Docker Inc
Organizational Unit Name (eg, section) []:Boot2Docker
Common Name (e.g. server FQDN or YOUR name) []:$HOST
Email Address []:Sven@home.org.au
</code></pre>
<p>Now that we have a CA, you can create a server key and certificate
signing request (CSR). Make sure that &ldquo;Common Name&rdquo; (i.e., server FQDN or YOUR
name) matches the hostname you will use to connect to Docker:</p>
<blockquote>
<p><strong>Note</strong>: replace all instances of <code>$HOST</code> in the following example with the
DNS name of your Docker daemon&rsquo;s host.</p>
</blockquote>
<pre><code>$ openssl genrsa -out server-key.pem 2048
Generating RSA private key, 2048 bit long modulus
......................................................+++
............................................+++
e is 65537 (0x10001)
$ openssl req -subj &quot;/CN=$HOST&quot; -new -key server-key.pem -out server.csr
</code></pre>
<p>Next, we&rsquo;re going to sign the public key with our CA:</p>
<p>Since TLS connections can be made via IP address as well as DNS name, they need
to be specified when creating the certificate. For example, to allow connections
using <code>10.10.10.20</code> and <code>127.0.0.1</code>:</p>
<pre><code>$ echo subjectAltName = IP:10.10.10.20,IP:127.0.0.1 &gt; extfile.cnf
$ openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf
Signature ok
subject=/CN=your.host.com
Getting CA Private Key
Enter pass phrase for ca-key.pem:
</code></pre>
<p>For client authentication, create a client key and certificate signing
request:</p>
<pre><code>$ openssl genrsa -out key.pem 2048
Generating RSA private key, 2048 bit long modulus
...............................................+++
...............................................................+++
e is 65537 (0x10001)
$ openssl req -subj '/CN=client' -new -key key.pem -out client.csr
</code></pre>
<p>To make the key suitable for client authentication, create an extensions
config file:</p>
<pre><code>$ echo extendedKeyUsage = clientAuth &gt; extfile.cnf
</code></pre>
<p>Now sign the public key:</p>
<pre><code>$ openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out cert.pem -extfile extfile.cnf
Signature ok
subject=/CN=client
Getting CA Private Key
Enter pass phrase for ca-key.pem:
</code></pre>
<p>After generating <code>cert.pem</code> and <code>server-cert.pem</code> you can safely remove the
two certificate signing requests:</p>
<pre><code>$ rm -v client.csr server.csr
</code></pre>
<p>With a default <code>umask</code> of 022, your secret keys will be <em>world-readable</em> and
writable for you and your group.</p>
<p>In order to protect your keys from accidental damage, you will want to remove their
write permissions. To make them only readable by you, change file modes as follows:</p>
<pre><code>$ chmod -v 0400 ca-key.pem key.pem server-key.pem
</code></pre>
<p>Certificates can be world-readable, but you might want to remove write access to
prevent accidental damage:</p>
<pre><code>$ chmod -v 0444 ca.pem server-cert.pem cert.pem
</code></pre>
<p>Now you can make the Docker daemon only accept connections from clients
providing a certificate trusted by our CA:</p>
<pre><code>$ docker -d --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem \
-H=0.0.0.0:2376
</code></pre>
<p>To be able to connect to Docker and validate its certificate, you now
need to provide your client keys, certificates and trusted CA:</p>
<blockquote>
<p><strong>Note</strong>: replace all instances of <code>$HOST</code> in the following example with the
DNS name of your Docker daemon&rsquo;s host.</p>
</blockquote>
<pre><code>$ docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem \
-H=$HOST:2376 version
</code></pre>
<blockquote>
<p><strong>Note</strong>:
Docker over TLS should run on TCP port 2376.</p>
<p><strong>Warning</strong>:
As shown in the example above, you don&rsquo;t have to run the <code>docker</code> client
with <code>sudo</code> or the <code>docker</code> group when you use certificate authentication.
That means anyone with the keys can give any instructions to your Docker
daemon, giving them root access to the machine hosting the daemon. Guard
these keys as you would a root password!</p>
</blockquote>
<h2 id="secure-by-default">Secure by default</h2>
<p>If you want to secure your Docker client connections by default, you can move
the files to the <code>.docker</code> directory in your home directory &ndash; and set the
<code>DOCKER_HOST</code> and <code>DOCKER_TLS_VERIFY</code> variables as well (instead of passing
<code>-H=tcp://$HOST:2376</code> and <code>--tlsverify</code> on every call).</p>
<pre><code>$ mkdir -pv ~/.docker
$ cp -v {ca,cert,key}.pem ~/.docker
$ export DOCKER_HOST=tcp://$HOST:2376 DOCKER_TLS_VERIFY=1
</code></pre>
<p>Docker will now connect securely by default:</p>
<pre><code>$ docker ps
</code></pre>
<h2 id="other-modes">Other modes</h2>
<p>If you don&rsquo;t want to have complete two-way authentication, you can run
Docker in various other modes by mixing the flags.</p>
<h3 id="daemon-modes">Daemon modes</h3>
<ul>
<li><code>tlsverify</code>, <code>tlscacert</code>, <code>tlscert</code>, <code>tlskey</code> set: Authenticate clients</li>
<li><code>tls</code>, <code>tlscert</code>, <code>tlskey</code>: Do not authenticate clients</li>
</ul>
<h3 id="client-modes">Client modes</h3>
<ul>
<li><code>tls</code>: Authenticate server based on public/default CA pool</li>
<li><code>tlsverify</code>, <code>tlscacert</code>: Authenticate server based on given CA</li>
<li><code>tls</code>, <code>tlscert</code>, <code>tlskey</code>: Authenticate with client certificate, do not
authenticate server based on given CA</li>
<li><code>tlsverify</code>, <code>tlscacert</code>, <code>tlscert</code>, <code>tlskey</code>: Authenticate with client
certificate and authenticate server based on given CA</li>
</ul>
<p>If found, the client will send its client certificate, so you just need
to drop your keys into <code>~/.docker/{ca,cert,key}.pem</code>. Alternatively,
if you want to store your keys in another location, you can specify that
location using the environment variable <code>DOCKER_CERT_PATH</code>.</p>
<pre><code>$ export DOCKER_CERT_PATH=~/.docker/zone1/
$ docker --tlsverify ps
</code></pre>
<h3 id="connecting-to-the-secure-docker-port-using-curl">Connecting to the secure Docker port using <code>curl</code></h3>
<p>To use <code>curl</code> to make test API requests, you need to use three extra command line
flags:</p>
<pre><code>$ curl https://$HOST:2376/images/json \
--cert ~/.docker/cert.pem \
--key ~/.docker/key.pem \
--cacert ~/.docker/ca.pem
</code></pre>
</article>
</section>
</div>
<div id="toc" class="large-3 columns toc ">
On this page:
<nav id="TableOfContents">
<ul>
<li><a href="#protect-the-docker-daemon-socket">Protect the Docker daemon socket</a>
<ul>
<li><a href="#create-a-ca-server-and-client-keys-with-openssl">Create a CA, server and client keys with OpenSSL</a></li>
<li><a href="#secure-by-default">Secure by default</a></li>
<li><a href="#other-modes">Other modes</a>
<ul>
<li><a href="#daemon-modes">Daemon modes</a></li>
<li><a href="#client-modes">Client modes</a></li>
<li><a href="#connecting-to-the-secure-docker-port-using-curl">Connecting to the secure Docker port using <code>curl</code></a></li>
</ul></li>
</ul></li>
</ul>
</nav>
</div>
</div>
<footer class="main-footer">
<div class="row">
</div>
<div class="row">
</div>
<div id="buildinfo">
Jul 8, 2015 at 6:45pm (PST)
BUILD_DATA
</div>
</footer>
<link rel="stylesheet" href="/highlight/styles/github.css">
<script src="/highlight/highlight.pack.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
<script src="/dist/assets/js/all.js"></script>
<script>
$( 'nav li:has(ul)' ).doubleTapToGo();
</script>
<script>
;(function ( $, window, document, undefined ) {
var pluginName = 'accordion',
defaults = {
transitionSpeed: 300,
transitionEasing: 'ease',
controlElement: '[data-control]',
contentElement: '[data-content]',
groupElement: '[data-accordion-group]',
singleOpen: true
};
function Accordion(element, options) {
this.element = element;
this.options = $.extend({}, defaults, options);
this._defaults = defaults;
this._name = pluginName;
this.init();
}
Accordion.prototype.init = function () {
var self = this,
opts = self.options;
var $accordion = $(self.element),
$controls = $accordion.find('> ' + opts.controlElement),
$content = $accordion.find('> ' + opts.contentElement);
var accordionParentsQty = $accordion.parents('[data-accordion]').length,
accordionHasParent = accordionParentsQty > 0;
var closedCSS = { 'max-height': 0, 'overflow': 'hidden' };
var CSStransitions = supportsTransitions();
function debounce(func, threshold, execAsap) {
var timeout;
return function debounced() {
var obj = this,
args = arguments;
function delayed() {
if (!execAsap) func.apply(obj, args);
timeout = null;
};
if (timeout) clearTimeout(timeout);
else if (execAsap) func.apply(obj, args);
timeout = setTimeout(delayed, threshold || 100);
};
}
function supportsTransitions() {
var b = document.body || document.documentElement,
s = b.style,
p = 'transition';
if (typeof s[p] == 'string') {
return true;
}
var v = ['Moz', 'webkit', 'Webkit', 'Khtml', 'O', 'ms'];
p = 'Transition';
for (var i=0; i<v.length; i++) {
if (typeof s[v[i] + p] == 'string') {
return true;
}
}
return false;
}
function requestAnimFrame(cb) {
if(window.requestAnimationFrame || window.webkitRequestAnimationFrame || window.mozRequestAnimationFrame) {
return requestAnimationFrame(cb) ||
webkitRequestAnimationFrame(cb) ||
mozRequestAnimationFrame(cb);
} else {
return setTimeout(cb, 1000 / 60);
}
}
function toggleTransition($el, remove) {
if(!remove) {
$content.css({
'-webkit-transition': 'max-height ' + opts.transitionSpeed + 'ms ' + opts.transitionEasing,
'transition': 'max-height ' + opts.transitionSpeed + 'ms ' + opts.transitionEasing
});
} else {
$content.css({
'-webkit-transition': '',
'transition': ''
});
}
}
function calculateHeight($el) {
var height = 0;
$el.children().each(function() {
height = height + $(this).outerHeight(true);
});
$el.data('oHeight', height);
}
function updateParentHeight($parentAccordion, $currentAccordion, qty, operation) {
var $content = $parentAccordion.filter('.open').find('> [data-content]'),
$childs = $content.find('[data-accordion].open > [data-content]'),
$matched;
if(!opts.singleOpen) {
$childs = $childs.not($currentAccordion.siblings('[data-accordion].open').find('> [data-content]'));
}
$matched = $content.add($childs);
if($parentAccordion.hasClass('open')) {
$matched.each(function() {
var currentHeight = $(this).data('oHeight');
switch (operation) {
case '+':
$(this).data('oHeight', currentHeight + qty);
break;
case '-':
$(this).data('oHeight', currentHeight - qty);
break;
default:
throw 'updateParentHeight method needs an operation';
}
$(this).css('max-height', $(this).data('oHeight'));
});
}
}
function refreshHeight($accordion) {
if($accordion.hasClass('open')) {
var $content = $accordion.find('> [data-content]'),
$childs = $content.find('[data-accordion].open > [data-content]'),
$matched = $content.add($childs);
calculateHeight($matched);
$matched.css('max-height', $matched.data('oHeight'));
}
}
function closeAccordion($accordion, $content) {
$accordion.trigger('accordion.close');
if(CSStransitions) {
if(accordionHasParent) {
var $parentAccordions = $accordion.parents('[data-accordion]');
updateParentHeight($parentAccordions, $accordion, $content.data('oHeight'), '-');
}
$content.css(closedCSS);
$accordion.removeClass('open');
} else {
$content.css('max-height', $content.data('oHeight'));
$content.animate(closedCSS, opts.transitionSpeed);
$accordion.removeClass('open');
}
}
function openAccordion($accordion, $content) {
$accordion.trigger('accordion.open');
if(CSStransitions) {
toggleTransition($content);
if(accordionHasParent) {
var $parentAccordions = $accordion.parents('[data-accordion]');
updateParentHeight($parentAccordions, $accordion, $content.data('oHeight'), '+');
}
requestAnimFrame(function() {
$content.css('max-height', $content.data('oHeight'));
});
$accordion.addClass('open');
} else {
$content.animate({
'max-height': $content.data('oHeight')
}, opts.transitionSpeed, function() {
$content.css({'max-height': 'none'});
});
$accordion.addClass('open');
}
}
function closeSiblingAccordions($accordion) {
var $accordionGroup = $accordion.closest(opts.groupElement);
var $siblings = $accordion.siblings('[data-accordion]').filter('.open'),
$siblingsChildren = $siblings.find('[data-accordion]').filter('.open');
var $otherAccordions = $siblings.add($siblingsChildren);
$otherAccordions.each(function() {
var $accordion = $(this),
$content = $accordion.find(opts.contentElement);
closeAccordion($accordion, $content);
});
$otherAccordions.removeClass('open');
}
function toggleAccordion() {
var isAccordionGroup = (opts.singleOpen) ? $accordion.parents(opts.groupElement).length > 0 : false;
calculateHeight($content);
if(isAccordionGroup) {
closeSiblingAccordions($accordion);
}
if($accordion.hasClass('open')) {
closeAccordion($accordion, $content);
} else {
openAccordion($accordion, $content);
}
}
function addEventListeners() {
$controls.on('click', toggleAccordion);
$controls.on('accordion.toggle', function() {
if(opts.singleOpen && $controls.length > 1) {
return false;
}
toggleAccordion();
});
$(window).on('resize', debounce(function() {
refreshHeight($accordion);
}));
}
function setup() {
$content.each(function() {
var $curr = $(this);
if($curr.css('max-height') != 0) {
if(!$curr.closest('[data-accordion]').hasClass('open')) {
$curr.css({ 'max-height': 0, 'overflow': 'hidden' });
} else {
toggleTransition($curr);
calculateHeight($curr);
$curr.css('max-height', $curr.data('oHeight'));
}
}
});
if(!$accordion.attr('data-accordion')) {
$accordion.attr('data-accordion', '');
$accordion.find(opts.controlElement).attr('data-control', '');
$accordion.find(opts.contentElement).attr('data-content', '');
}
}
setup();
addEventListeners();
};
$.fn[pluginName] = function ( options ) {
return this.each(function () {
if (!$.data(this, 'plugin_' + pluginName)) {
$.data(this, 'plugin_' + pluginName,
new Accordion( this, options ));
}
});
}
})( jQuery, window, document );
$(document).ready(function() {
$('#multiple [data-accordion]').accordion({
singleOpen: false
});
});
</script>
<script src="/dist/assets/js/bootstrap-3.0.3.min.js"></script>
<script src="/dist/assets/js/archive.js"></script>
<script type="text/javascript">
!function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","debug","page","once","off","on"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t){var e=document.createElement("script");e.type="text/javascript";e.async=!0;e.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(e,n)};analytics.SNIPPET_VERSION="4.0.0";
analytics.load("IWj9D0UpZHZdZUZX9jl98PcpBFWBnBMy");
analytics.page();
}}();
</script>
Reference in New Issue View Git Blame Copy Permalink