java 访问docker的环境
1. 配置环境
新增 ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
root@ros-OptiPlex-3050:~# nano /lib/systemd/system/docker.service
root@ros-OptiPlex-3050:~# cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
重启docker
root@ros-OptiPlex-3050:~# service docker reload
Warning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.
root@ros-OptiPlex-3050:~# systemctl daemon-reload
root@ros-OptiPlex-3050:~# systemctl docker restart
Unknown operation docker.
root@ros-OptiPlex-3050:~# service docker restart
检测配置的端口
root@ros-OptiPlex-3050:~# netstat -antp | grep 2375
tcp6 0 0 :::2375 :::* LISTEN 19143/dockerd
2. Java访问客户端
加载docker-java的jar
<!-- https://mvnrepository.com/artifact/com.github.docker-java/docker-java -->
<dependency>
<groupId>com.github.docker-java</groupId>
<artifactId>docker-java</artifactId>
<version>3.0.14</version>
</dependency> 初始化客户端访问
DockerClient dockerClient = DockerClientBuilder.getInstance().build();
3. 配置证书认证
新建文件夹并导入证书
配置ca的密码
root@ros-OptiPlex-3050:/home/hett/certs# openssl genrsa -aes256 -out ca-key.pem 4096
Generating RSA private key, 4096 bit long modulus
........................................................................................................................................++
...........................................................................................................................................................................................................................................................................................................................................................................................++
e is 65537 (0x10001)
Enter pass phrase for ca-key.pem:
Verifying - Enter pass phrase for ca-key.pem:
root@ros-OptiPlex-3050:/home/hett/certs# openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
Enter pass phrase for ca-key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:china
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [AU]:ch
State or Province Name (full name) [Some-State]:hett
Locality Name (eg, city) []:hefei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hrg
Organizational Unit Name (eg, section) []:ai
Common Name (e.g. server FQDN or YOUR name) []:192.168.30.240
Email Address []:1771084007@qq.com Common Name,说是要你填写,server FQDN或your name,意味着可以随便写,但是我在这里建议,写Docker所在服务器的IP,这个很重要。这个IP后边还会用到,我这里是192.168.99.101,在生产环境下,用使用你docker宿主机的DNS name替换下面的填入Common name,如api.google.com等
生成私钥
root@ros-OptiPlex-3050:/home/hett/certs# openssl genrsa -out server-key.pem 4096
Generating RSA private key, 4096 bit long modulus
................++
..........................++
e is 65537 (0x10001)
生成证书
root@ros-OptiPlex-3050:/home/hett/certs# openssl req -subj "/CN=192.168.30.240" -sha256 -new -key server-key.pem -out server.csr
下面我们可以用CA来签署证书了。这里我们可以填写IP地址或则DNS name,如,我们需要允许10.10.10.20和127.0.0.1连接:
$echo subjectAltName = IP:10.10.10.20, IP:127.0.0.1 > extfile.cnf,
上述命令有点像一个过滤器,如果地址填的不全,远程API就无法访问该Docker,那么我们就把,地址填的全一些,我的命令是这样滴:
$echo subjectAltName = DNS:192.168.99.101, IP: 192.168.99.101, IP: 192.168.1.101, IP:0.0.0.0, IP:127.0.0.1 > extfile.cnf
然后,将上述多个生成信息,写入文件。用如下命令。
$openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf
再看客户端私钥:
$openssl genrsa -out key.pem 4096
下一步再生成客户端证书请求文件:
$openssl req -subj '/CN=client' -new -key key.pem -out client.csr
用CA为客户端签署证书文件:
$openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf
这时候,还需要输入你的密码,我的密码是
java 访问docker的环境的更多相关文章
- Docker学习笔记之搭建Docker运行环境
0x00 概述 既然 Docker 是一款实用软件,我们就不得不先从它的安装说起,只有让 Docker 运行在我们的计算机上,才能更方便我们对 Docker 相关知识和使用方式的学习.得益于与商业性的 ...
- 服务器部署docker lnmp环境
一.安装dockerDocker要求运行在Centos 7上,要求系统为64位,系统内核版本3.10以上 1.uname -an 查看当前系统版本 2.yum -y install docker 下载 ...
- Docker容器环境下ASP.NET Core Web API应用程序的调试
本文主要介绍通过Visual Studio 2015 Tools for Docker – Preview插件,在Docker容器环境下,对ASP.NET Core Web API应用程序进行调试.在 ...
- [THINKING IN JAVA]访问权限控制
6 访问权限控制 6.1 包:库单元 package.import.import *.import static: 修改classpath环境变量可以将自己写的类库添加至环境变量并在任何java程序中 ...
- Java开发和运行环境的搭建
Java开发需要准备的东西? JDK+Eclipse 其中JDK的意思是Java开发工具包,Eclipse是进行用于做Java程序开发的工具(当然你也可以用记事本什么的去做). 其他开发工具:JCre ...
- Java及Android开发环境搭建
前言 自从接触java以来,配置环境变量折腾了好几次,也几次被搞得晕头转向,后来常常是上网查阅相关资料才解决.但是过一段时间后一些细节就会记不清了,当要在其他机子上配置时又得上网查或者查阅相关书籍,如 ...
- eclipse ide for java ee developers 开发环境搭建(j2ee)
转载自:http://www.iteye.com/topic/982182 真的是一片很不错的文章啊! 使用eclipse真的有年头了,相信java程序员没有不知道它的,最近在给团队中新来的应届生做指 ...
- Docker容器环境下ASP.NET Core Web API
Docker容器环境下ASP.NET Core Web API应用程序的调试 本文主要介绍通过Visual Studio 2015 Tools for Docker – Preview插件,在Dock ...
- Hadoop(五)搭建Hadoop与Java访问HDFS集群
前言 上一篇详细介绍了HDFS集群,还有操作HDFS集群的一些命令,常用的命令: hdfs dfs -ls xxx hdfs dfs -mkdir -p /xxx/xxx hdfs dfs -cat ...
随机推荐
- 2.6用tr进行转换
tr可以对来自标准输入的内容进行字符替换.字符删除以及重复字符压缩.它可以将一组字符变成另一组字符,因而通常也被称为转换命令. 1.tr只能通过stdin(标准输入),而无法通过命令行参数来接受输入. ...
- 从零开始Spring项目
Spring Boot是什么 SpringBoot是伴随着Spring4.0诞生的: 从字面理解,Boot是引导的意思,SpringBoot帮助开发者快速搭建Spring框架: SpringBoot帮 ...
- HDU 5547 Sudoku (暴力)
题意:数独. 析:由于只是4*4,完全可以暴力,要注意一下一些条件,比如2*2的小方格也得是1234 代码如下: #pragma comment(linker, "/STACK:102400 ...
- A Beginner's Guide to HTTP and REST
http://code.tutsplus.com/tutorials/a-beginners-guide-to-http-and-rest--net-16340 Hypertext Transfer ...
- HDU - 2689 Sort it与2016蓝桥杯B 交换瓶子 排序(相邻交换与任意交换)
Sort it You want to processe a sequence of n distinct integers by swapping two adjacent sequence ele ...
- Linux绘图函数
gdk_draw_line () gdk_draw_rectangle () gdk_draw_arc () gdk_draw_polygon () gdk_draw_string () gdk_dr ...
- 根据rowid删除最新数据(rowid最大为最新数据)(转)
https://blog.csdn.net/liuyuehui110/article/details/43524379
- 洛谷P3608 [USACO17JAN]Balanced Photo平衡的照片
P3608 [USACO17JAN]Balanced Photo平衡的照片 题目描述 Farmer John is arranging his NN cows in a line to take a ...
- 【JOI Camp 2015】IOIO卡片占卜——最短路
题目 [题目描述]K 理事长是占卜好手,他精通各种形式的占卜.今天,他要用正面写着 `I` ,背面写着 `O` 的卡片占卜一下日本 IOI 国家队的选手选择情况.占卜的方法如下:1. 首先,选取五个正 ...
- PJzhang:web漏洞扫描工具sitadel
猫宁!!! 参考链接:https://www.freebuf.com/sectool/194769.html 转变博客的写作思路,力求精简快捷,不浪费自己或者他人的时间. sitadel是一款精简的w ...