我通过编辑" / etc / default / docker"在非ssl模式下设置了docker。并设置DOCKER_OPTS="-H=0.0.0.0:2375"。现在,当我启动docker并使用curl curl -sv http://10.24.16.17:2375/v1.22/containers/json连接到它时。我收到了一些回复。当我使用证书(ca.pem,server-key.pem,server-cert.pem)和编辑" / etc / default / docker"来保护docker时
DOCKER_OPTS="--tlsverify --tlscacert=/home/ubuntu/certs/ca.pem --tlscert=/home/ubuntu/certs/server-cert.pem --tlskey=/home/ubuntu/certs/server-key.pem -H=0.0.0.0:2376",我无法使用curl" curl -sv https://10.24.16.17:2376/v1.22/containers/json"来连接服务。我得到以下输出
* Hostname was NOT found in DNS cache
* Trying 10.24.16.17...
* Connected to 10.24.16.17 (10.24.16.17) port 2376 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
我能够运行" docker ps -a"但是,使用CLI的命令,只有命中API端点的cURL不起作用。
当我尝试" curl -sv --cacert /home/ubuntu/certs/ca.pem https://10.24.16.17:2376/v1.22/containers/json"时,我得到
* Hostname was NOT found in DNS cache
* Trying 10.24.16.17...
* Connected to 10.24.16.17 (10.24.16.17) port 2376 (#0)
* successfully set certificate verify locations:
* CAfile: /home/ubuntu/certs/ca.pem
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS alert, Server hello (2):
* error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
* Closing connection 0
我在某处读到上述错误可能是由于损坏的ca.pem文件引起的,但可能不是这种情况,因为命令docker ps -a能够使用相同的ca.pem文件连接到docker主机。