Docker Image that forwards to the Docker API Socket and requires TLS Client authentication
Home Page: https://hub.docker.com/r/kekru/docker-remote-api-tls
License: MIT License
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
I run the image through docker-compose everything from the logs looks fine but when I try to connect to the Docker daemon from my local computer I have this error, I checked the port with nmap and it's open
I have swarm and traefik running on the server, so I tried to deploy the image on swarm and expose the port using traefik, I had the same issue
Any idea where I can debug this, please?
It seems like /var/run/docker.sock can't be bind-mounted correctly with that setup. A workaround that should work is to set up the proxy inside the WSL instance itself, behind the docker-desktop-proxy Docker Desktop internally uses there (yeah, it's proxies all the way down)
N.B. my use case is allowing JetBrains software (which can't be configured to use the named pipe Docker Desktop uses) to interface with my local Docker server, without exposing the daemon through the insecure HTTP connection on TCP port 2375
Nginx prints the following warning:
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive
instead in /etc/nginx/conf.d/nginx-cert.conf:4This should be corrected.
Additionally the nginx version should be set to a fixed version number. e.g. nginx:1.16.0-alpine to increase stability.
The current image hosted @ the docker hub only works on AMD64. I can build a local copy of this for my odroidXU4 and raspberry pi boards just fine, so you should make those available from the docker hub to just pull.
Is it possible to start, create, delete and collect metrics from containers hosted in other VPS for example securely through this Api?
What is the chance that when using this solution I open a vulnerability in my server?
and how can i use it with docker compose?
We should update to the newest stable Nginx version, to be up to date if there are security issues
Now, if i trying to use auto-generated certs with an IP-address instead of domain name, docker raises an error
error during connect: Get https://192.168.1.1:2376/v1.40/containers/json: x509: cannot validate certificate for 192.168.1.1 because it doesn't contain any IP SANs
Please, add possibility to deal with IP-address as host main address and identifier
Currently the generated certs expire after a year. This should be configurable
We should add a few integrative tests, that ensure, that the container forwards authenticated requests correctly and denies not authenticated requests.
The tests should be available as Docker Hub tests. See https://docs.docker.com/docker-hub/builds/automated-testing/
To preface:
-Using linux subsystem for windows to create CA, server and client keys/certs
-Using linux subsystem to communicate with and control docker engine for windows
-Running "docker for windows" normally with Hyper-V
When i start the docker container, it is immediately stopped.
This is how i run the container:
docker run --name remote-api-tls -d -p 2376:443 -v /home/username/docker-ca-windows/certs:/data/certs:ro -v /var/run/docker.sock:/var/run/docker.sock:ro whiledo/docker-remote-api-tlscontents of /home/username/docker-ca-windows/certs/:
username@DESKTOP-K2NQU24:~/docker-ca-windows/certs$ ls -lah
total 24K
drwxrwxr-x 1 username username 4.0K May 29 12:08 .
drwxrwxr-x 1 username username 4.0K May 29 12:07 ..
-r-------- 1 username username 3.3K May 29 12:07 ca-key.pem
-r--r--r-- 1 username username 2.1K May 29 12:07 ca.pem
-r--r--r-- 1 username username 1.9K May 29 12:08 client-localhost-cert.pem
-r-------- 1 username username 3.2K May 29 12:08 client-localhost-key.pem
-r--r--r-- 1 username username 1.9K May 29 12:07 server-cert.pem
-r-------- 1 username username 3.2K May 29 12:07 server-key.pemAttached below are the logs:
2019/05/29 10:19:28 [warn] 1#1: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/nginx-cert.conf:4
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/nginx-cert.conf:4
2019/05/29 10:19:28 [emerg] 1#1: BIO_new_file("/data/certs/server-cert.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/data/certs/server-cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/data/certs/server-cert.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/data/certs/server-cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)It seems that nginx can't find the file, but the volume should be correctly mounted?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.