Securing Docker with TLS certificates

By default, Docker has no authentication or authorization for its API, instead relying on the filesystem security of its UNIX socket, /var/run/docker.sock, which by default is only accessible by the root user.

This is fine for the basic use case of only accessing the Docker API on the local machine via the socket as the root user. However if you wish to use the Docker API over TCP, you’ll want to secure it so you don’t have to give out root access to anyone that happens to poke you on the TCP port.

Docker supports using TLS certificates (both on the server and the client) to provide proof of identity. When set up correctly it will only allow clients and servers with a certificate signed by a specific CA to talk to eachother.

While not providing fine grained access permissions, it does at least allow us to listen on a TCP socket and


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/pfXncN-u0XI/

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: