docker_api https fix for secured docker #673
Conversation
The certificate path is also needed when docker daemon mode is `tlsverify` see https://docs.docker.com/engine/security/https/#connecting-to-the-secure-docker-port-using-curl
|
Hi. Thanks for the contribution. Have you tested it ? Do you think you could add documentation for this feature to your PR ? |
|
Hi, I tested this on my own servers, which are configured with daemon mode I added a short documentation under |
Yep, that's perfect, thanks.
Okay this is going to be pretty hard to test on Travis. |
buchdag
added
type/feat
| @@ -201,6 +201,14 @@ function docker_api { | |||
| else | |||
| scheme="http://${DOCKER_HOST#*://}" | |||
| fi | |||
|
|
|||
| if [[ -v DOCKER_TLS_VERIFY && -v DOCKER_CERT_PATH && ! -z "$DOCKER_TLS_VERIFY" ]]; then | |||
There was a problem hiding this comment.
For the sake of consistency with the other features, could we check if DOCKER_TLS_VERIFY is set to true/True/TRUE (using the lc() function) instead of just setting the variable to any value ?
| If the docker host daemon socket is [protected](https://docs.docker.com/engine/security/https/): | ||
|
|
||
| * `DOCKER_TLS_VERIFY` - set it to value `1` if the docker host requires client TLS authentication | ||
| * `DOCKER_CERT_PATH` - path to TLS client certificates for the docker host. This folder should contain `cert.pem`, `key.pem` and `ca.pem` files. See [Create a CA, server and client keys with OpenSSL](https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl) |
There was a problem hiding this comment.
I think we should be a bit more clearer about the fact that this environment variable set a path that will be looked upon inside the container and that the expected file will have to be mounted to this path somehow.
The certificate path is also needed when docker daemon mode is
tlsverifysee https://docs.docker.com/engine/security/https/#connecting-to-the-secure-docker-port-using-curl