1.   配置环境

新增 ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock

root@ros-OptiPlex-3050:~# nano /lib/systemd/system/docker.service
root@ros-OptiPlex-3050:~# cat  /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target
重启docker

root@ros-OptiPlex-3050:~# service docker reload
Warning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.
root@ros-OptiPlex-3050:~# systemctl daemon-reload
root@ros-OptiPlex-3050:~# systemctl docker restart
Unknown operation docker.
root@ros-OptiPlex-3050:~# service docker restart
检测配置的端口

root@ros-OptiPlex-3050:~# netstat -antp | grep 2375
tcp6       0      0 :::2375                 :::*                    LISTEN      19143/dockerd

2. Java访问客户端

加载docker-java的jar

<!-- https://mvnrepository.com/artifact/com.github.docker-java/docker-java -->
<dependency>
   <groupId>com.github.docker-java</groupId>
   <artifactId>docker-java</artifactId>
   <version>3.0.14</version>
</dependency>

初始化客户端访问
DockerClient dockerClient = DockerClientBuilder.getInstance().build();
3. 配置证书认证
新建文件夹并导入证书
配置ca的密码  
root@ros-OptiPlex-3050:/home/hett/certs#  openssl genrsa -aes256 -out ca-key.pem 4096
Generating RSA private key, 4096 bit long modulus
........................................................................................................................................++
...........................................................................................................................................................................................................................................................................................................................................................................................++
e is 65537 (0x10001)
Enter pass phrase for ca-key.pem:
Verifying - Enter pass phrase for ca-key.pem:
root@ros-OptiPlex-3050:/home/hett/certs# openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
Enter pass phrase for ca-key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:china
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [AU]:ch
State or Province Name (full name) [Some-State]:hett
Locality Name (eg, city) []:hefei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hrg
Organizational Unit Name (eg, section) []:ai
Common Name (e.g. server FQDN or YOUR name) []:192.168.30.240
Email Address []:1771084007@qq.com

Common Name,说是要你填写,server FQDN或your  name,意味着可以随便写,但是我在这里建议,写Docker所在服务器的IP,这个很重要。这个IP后边还会用到,我这里是192.168.99.101,在生产环境下,用使用你docker宿主机的DNS name替换下面的填入Common name,如api.google.com等
生成私钥
root@ros-OptiPlex-3050:/home/hett/certs# openssl genrsa -out server-key.pem 4096
Generating RSA private key, 4096 bit long modulus
................++
..........................++
e is 65537 (0x10001)
生成证书
root@ros-OptiPlex-3050:/home/hett/certs# openssl req -subj "/CN=192.168.30.240" -sha256 -new -key server-key.pem -out server.csr

下面我们可以用CA来签署证书了。这里我们可以填写IP地址或则DNS name,如,我们需要允许10.10.10.20和127.0.0.1连接:

$echo subjectAltName = IP:10.10.10.20, IP:127.0.0.1 > extfile.cnf,

上述命令有点像一个过滤器,如果地址填的不全,远程API就无法访问该Docker,那么我们就把,地址填的全一些,我的命令是这样滴:

$echo subjectAltName = DNS:192.168.99.101, IP: 192.168.99.101, IP: 192.168.1.101, IP:0.0.0.0, IP:127.0.0.1 > extfile.cnf

然后,将上述多个生成信息,写入文件。用如下命令。

$openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf

再看客户端私钥:

$openssl genrsa -out key.pem 4096

下一步再生成客户端证书请求文件:

$openssl req -subj '/CN=client' -new -key key.pem -out client.csr

用CA为客户端签署证书文件:

$openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf

这时候,还需要输入你的密码,我的密码是

java 访问docker的环境的更多相关文章

  1. Docker学习笔记之搭建Docker运行环境

    0x00 概述 既然 Docker 是一款实用软件,我们就不得不先从它的安装说起,只有让 Docker 运行在我们的计算机上,才能更方便我们对 Docker 相关知识和使用方式的学习.得益于与商业性的 ...

  2. 服务器部署docker lnmp环境

    一.安装dockerDocker要求运行在Centos 7上,要求系统为64位,系统内核版本3.10以上 1.uname -an 查看当前系统版本 2.yum -y install docker 下载 ...

  3. Docker容器环境下ASP.NET Core Web API应用程序的调试

    本文主要介绍通过Visual Studio 2015 Tools for Docker – Preview插件,在Docker容器环境下,对ASP.NET Core Web API应用程序进行调试.在 ...

  4. [THINKING IN JAVA]访问权限控制

    6 访问权限控制 6.1 包:库单元 package.import.import *.import static: 修改classpath环境变量可以将自己写的类库添加至环境变量并在任何java程序中 ...

  5. Java开发和运行环境的搭建

    Java开发需要准备的东西? JDK+Eclipse 其中JDK的意思是Java开发工具包,Eclipse是进行用于做Java程序开发的工具(当然你也可以用记事本什么的去做). 其他开发工具:JCre ...

  6. Java及Android开发环境搭建

    前言 自从接触java以来,配置环境变量折腾了好几次,也几次被搞得晕头转向,后来常常是上网查阅相关资料才解决.但是过一段时间后一些细节就会记不清了,当要在其他机子上配置时又得上网查或者查阅相关书籍,如 ...

  7. eclipse ide for java ee developers 开发环境搭建(j2ee)

    转载自:http://www.iteye.com/topic/982182 真的是一片很不错的文章啊! 使用eclipse真的有年头了,相信java程序员没有不知道它的,最近在给团队中新来的应届生做指 ...

  8. Docker容器环境下ASP.NET Core Web API

    Docker容器环境下ASP.NET Core Web API应用程序的调试 本文主要介绍通过Visual Studio 2015 Tools for Docker – Preview插件,在Dock ...

  9. Hadoop(五)搭建Hadoop与Java访问HDFS集群

    前言 上一篇详细介绍了HDFS集群,还有操作HDFS集群的一些命令,常用的命令: hdfs dfs -ls xxx hdfs dfs -mkdir -p /xxx/xxx hdfs dfs -cat ...

随机推荐

  1. Linux&nbsp;shell脚本全面学习

    Linux shell脚本全面学习 1. Linux 脚本编写基础 1.1 语法基本介绍 1.1.1 开头 程序必须以下面的行开始(必须方在文件的第一行): #!/bin/sh 符号#!用来告诉系统它 ...

  2. Hive与表操作有关的语句

    Hive与表操作有关的语句 1.创建表的语句: Create [EXTERNAL] TABLE [IF NOT EXISTS] table_name [(col_name data_type [COM ...

  3. “找女神要QQ号码”——跟风篇java新手版(求指点)

    吃完粽子后闲来无事,于是准备在园子里面看看.突然看到了一个“找女神要QQ号码”的文章,顿时精力充沛了~~^_^. 该文章楼主说明此算法来自于<啊哈!算法>,图文并茂,非常不错.<啊哈 ...

  4. The Truth About GCHandles

    I've heard several people asking why GCHandle doesn't implement IDisposable, considering it wraps an ...

  5. MS SQL PIVOT数据透视表

    以前曾经做过练习<T-SQL PIVOT 行列转换>https://www.cnblogs.com/insus/archive/2011/03/05/1971446.html 今天把拿出来 ...

  6. underscore.js and moment.js

    underscore.js and moment.js underscore.js 一.简介Underscore.js是一个JavaScript实用库,提供了一整套函数式编程的实用功能.它提供了100 ...

  7. Solr highlight

    hl.preserveMulti 默认是false.Set to true to perform highlighting on all values of a multivalued field a ...

  8. 洛谷P4318 完全平方数(容斥,莫比乌斯反演)

    传送门 求第$k$个没有完全平方数因数的数 一开始是想筛一波莫比乌斯函数,然后发现时间复杂度要炸 于是老老实实看了题解 一个数的排名$k=x-\sum_{i=1}^{x}{(1-|\mu(i)|)}$ ...

  9. Whatweb网站指纹信息收集工具

    常规扫描:whatweb www.baidu.com 批量扫描: whatweb -i /root/12.txt 详细回显扫描:whatweb -v www.baidu.com 加强扫描强度:what ...

  10. PJzhang:搜索引擎高级语法与渗透测试

    猫宁!!! 参考链接: https://www.freebuf.com/articles/network/169601.html https://www.jianshu.com/p/f8062e2cc ...