{"id":16174383,"url":"https://github.com/hellothisisflo/tls-certificates-for-docker---step-by-step","last_synced_at":"2026-05-04T07:40:44.156Z","repository":{"id":93127326,"uuid":"118512526","full_name":"HelloThisIsFlo/TLS-Certificates-for-Docker---Step-by-Step","owner":"HelloThisIsFlo","description":"Generate TLS Certificates for Docker, Step-by-step. And understand everything that is happening.","archived":false,"fork":false,"pushed_at":"2018-01-22T21:39:42.000Z","size":11,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-07T10:03:10.677Z","etag":null,"topics":["certificates","docker","tls","tls-certificates"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HelloThisIsFlo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-22T20:41:32.000Z","updated_at":"2019-08-16T12:18:21.000Z","dependencies_parsed_at":"2023-06-05T02:00:20.564Z","dependency_job_id":null,"html_url":"https://github.com/HelloThisIsFlo/TLS-Certificates-for-Docker---Step-by-Step","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/HelloThisIsFlo/TLS-Certificates-for-Docker---Step-by-Step","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HelloThisIsFlo%2FTLS-Certificates-for-Docker---Step-by-Step","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HelloThisIsFlo%2FTLS-Certificates-for-Docker---Step-by-Step/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HelloThisIsFlo%2FTLS-Certificates-for-Docker---Step-by-Step/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HelloThisIsFlo%2FTLS-Certificates-for-Docker---Step-by-Step/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HelloThisIsFlo","download_url":"https://codeload.github.com/HelloThisIsFlo/TLS-Certificates-for-Docker---Step-by-Step/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HelloThisIsFlo%2FTLS-Certificates-for-Docker---Step-by-Step/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32599410,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T22:12:39.696Z","status":"online","status_checked_at":"2026-05-04T02:00:06.625Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificates","docker","tls","tls-certificates"],"created_at":"2024-10-10T04:24:45.313Z","updated_at":"2026-05-04T07:40:44.140Z","avatar_url":"https://github.com/HelloThisIsFlo.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TLS Certificates for Docker - Step-by-Step\n\n\u003e Confused how to create your own self-signed certificates to secure a remote docker socket?\n\u003e \n\u003e This project generates a set of instructions, as executable scripts, to guide you in\n\u003e that process.\n\n## Usage\n\n### One line installation\nIn an **emtpy folder** run:\n```\nbash \u003c(curl -s https://raw.githubusercontent.com/FlorianKempenich/TLS-Certificates-for-Docker---Step-by-Step/master/generate_steps.sh) \\\n  YOUR_DOMAIN_NAME\n```\n\nThis will create a set of scripts in the current directory each representing \na step to generate the following set of certificates / private keys:\n\n```\n* RootCA - Private Key \n* RootCA - Self-signed Certificate \n* Client - Private Key \n* Client - Certificate signed by Root CA\n  * Used for client authentication with the `docker daemon`\n  * The `docker daemon` is set to trust any certificate issued by the Root CA\n* Server - Private Key \n* Server - Certificate signed by Root CA\n  * Certifies the domain name set by: `YOUR_DOMAIN_NAME`\n```\n\n\n### Generate the certficates\n\nAfter running the installation command, simply **execute each step** to generate the all the certificates.\n\n    # Generate the Root CA Key \u0026 Certificate\n    ./step-1_Generate_RootCA_PrivateKey.sh\n    ./step-2_Generate_RootCA_Certificate.sh\n\n    # Generate the Client Key \u0026 Certificate Signing Request (CSR)\n    cd ./client\n    ./step-3-A_Generate_Client_PrivateKey.sh\n    ./step-3-B_Generate_Server_PrivateKey.sh\n    cd ..\n\n    # Generate the Server Key \u0026 Certificate Signing Request (CSR)\n    cd ./server\n    ./step-4-A_Generate_Client_CSR.sh\n    ./step-4-B_Generate_Server_CSR.sh\n    cd ..\n\n    # Sign the Client \u0026 Server Certificates with the Root CA\n    ./step-5-A_Sign_Client_Certificate.sh\n    ./step-5-B_Sign_Server_Certificate.sh\n\n    # Copy the certificate in a 'docker_format' directory\n    #\n    # This follow the naming convention expected by docker when\n    # setting the 'DOCKER_CERT_PATH' environment variable\n    ./step-6_Copy_clients_certificates_using_docker_naming_format.sh\n\n**And you're done :)**\n\nTo make understanding the process easier:  \nWhen running each step, **the command being executed will be displayed.**\n\nFeel free to inspect the content of each script before running them ;)\n\n## Activation / Deactivation scripts\n\nOnce your `docker` machine is setup to use the certificates, to run `docker` commands\ndirectly on that machine a pair of activation / deactivation scripts is provided.\n\n### Activate the remote machine\n```\neval $(./activate.sh)\n```\nAny `docker` command ran after the activating the machine will be executed **on the remote machine**\n\n### Deactivate the remote machine\n```\neval $(./deactivate.sh)\n```\n`docker` commands are now running locally again.\n\n\u003e ### More details on Activation / Deactivation\n\u003e #### Before activation:\n\u003e ```\n\u003e docker run \\\n\u003e   --rm \\\n\u003e   --name=hello-world\\\n\u003e   -eWORLD=Mundo \\\n\u003e   -p\"80:80\" \\\n\u003e   -d floriankempenich/hello-world\n\u003e ```\n\u003e Would run a **hello-world** web server on the port `80` of your local machine.\n\u003e \n\u003e #### After activation:\n\u003e After runnning `eval $(./activate.sh)`, the **same command**:\n\u003e ```\n\u003e docker run \\\n\u003e   --rm \\\n\u003e   --name=hello-world\\\n\u003e   -eWORLD=Mundo \\\n\u003e   -p\"80:80\" \\\n\u003e   -d floriankempenich/hello-world\n\u003e ```\n\u003e Will now run a **hello-world** web server on the port `80` of the **remote machine** accessible through `YOUR_DOMAIN_NAME`\n \n-------------\n\n## Optional: One click `docker` setup\nOn top of the step-by-step instructions, a **one click `docker` setup** ansible \nproject has been created.\n\nIt allows to setup a **working remote `docker` socket** using the generated **certificates** in **one click**.\n\n\u003e **The only requirements are:**\n\u003e * `ansible` is installed on the **local** machine\n\u003e * You have SSH access with that `username` on the **remote** machine \n\u003e * Python 2 is installed on the **remote** machine\n\n### Usage\n\n\u003e 1. **Enter** the directory: `cd ./ansible`\n\u003e 2. **Edit** the `ansible_user` field in the `inventory` file.\n\u003e    * To indicate the `username` you use to connect to the remote machine.\n\u003e    * Default: `root`\n\u003e 3. **Install** the role dependency: `ansible-galaxy install -r requirements.yml`\n\u003e 4. **Run** the playbook: `ansible-playbook playbook.yml`\n\u003e    * Or `ansible-playbook playbook.yml -K` if using a **non-root** user\n\nThe machine accessible at `YOUR_DOMAIN_NAME` is now a **fully configured, remotely accessible, secured with TLS** `docker` machine.\n\nAfter you ensure that `YOUR_DOMAIN_NAME` is actually pointing to that machine, \nyou can simply activate it by running: `eval $(./activate.sh)`\n\nFor more info, see: [Activation / Deactivation](http://)\n\n--- \n\n## Credits\n\n**Antonio Pires:**  \n    For helping me figure out how TLS Certificates work.  \n    As well as how they are used in the context of Docker.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhellothisisflo%2Ftls-certificates-for-docker---step-by-step","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhellothisisflo%2Ftls-certificates-for-docker---step-by-step","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhellothisisflo%2Ftls-certificates-for-docker---step-by-step/lists"}