From eb64c011240add8d535c592166f87d0675684bc0 Mon Sep 17 00:00:00 2001 From: Anthony Lapenna Date: Sat, 24 Sep 2016 22:13:48 +1200 Subject: [PATCH] Updated Deployment (markdown) --- Deployment.md | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/Deployment.md b/Deployment.md index e179608..0008805 100644 --- a/Deployment.md +++ b/Deployment.md @@ -28,7 +28,7 @@ You can also specify an alternative socket path by using the `-H` flag and the ` $ docker run -d -p 9000:9000 -v /var/run/docker.sock:/docker/docker.sock portainer/portainer -H unix://docker/docker.sock ``` -### Connect to a remote host +### Connect to a remote Docker engine In order to connect to a remote host, use the `-H` flag and the `tcp://` protocol: @@ -36,6 +36,28 @@ In order to connect to a remote host, use the `-H` flag and the `tcp://` protoco $ docker run -d -p 9000:9000 portainer/portainer -H tcp://: ``` +### Connect to a Docker engine with TLS enabled + +If your Docker engine is protected using TLS, you'll need to ensure that you have access to CA, the certificate and the public key used to access your Docker engine. + +You can then use the `--tlsverify` flag to enable TLS communication with the Docker API. Portainer will try to use the following paths to the files specified previously: + +* CA: `/certs/ca.pem` +* certificate: `/certs/cert.pem` +* public key: `/certs/key.pem` + +You must ensure these files are present in the container using a bind mount: + +```shell +$ docker run -d -p 9000:9000 portainer/portainer -v /path/to/certs:/certs -H tcp://: --tlsverify +``` + +You can also use the `--tlscacert`, `--tlscert` and `--tlskey` flags if you want to change the default path to the CA, certificate and key file respectively: + +```shell +$ docker run -d -p 9000:9000 portainer/portainer -v /path/to/certs:/certs -H tcp://: --tlsverify --tlscacert /certs/myCa.pem --tlscert /certs/myCert.pem --tlskey /certs/myKey.pem +``` + ## Without Docker Deployment strategies: