42 lines
1.0 KiB
Markdown
42 lines
1.0 KiB
Markdown
# middleman
|
|
|
|
Securely mount the Docker socket: apply fine-grained access control to Docker socket HTTP requests.
|
|
|
|
```shell
|
|
$ openssl ecparam -check -name prime256v1 -genkey -noout -out key.pem -rand /dev/urandom
|
|
$ vim traefik.cfg
|
|
```
|
|
|
|
```
|
|
[req]
|
|
distinguished_name = req_distinguished_name
|
|
prompt = no
|
|
default_md = sha256
|
|
|
|
[req_distinguished_name]
|
|
CN = infra.local
|
|
|
|
[database]
|
|
basicConstraints = CA:false
|
|
authorityKeyIdentifier = keyid,issuer
|
|
subjectKeyIdentifier = hash
|
|
keyUsage = digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
|
|
extendedKeyUsage = serverAuth
|
|
subjectAltName = @alt_names
|
|
|
|
[alt_names]
|
|
DNS.1 = infra.local
|
|
DNS.2 = *.infra.local
|
|
DNS.3 = localhost
|
|
IP.1 = 127.0.0.1
|
|
```
|
|
|
|
```shell
|
|
$ openssl req -new -key key.pem -out csr.pem -rand /dev/urandom -config traefik.cfg
|
|
$ openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out cert.pem -extensions properties -extfile traefik.cfg
|
|
```
|
|
|
|
```shell
|
|
$ docker compose --project-name infra up --detach
|
|
$ docker compose --project-name infra down --remove-orphans --volumes
|
|
``` |