From a8a78b8ea306bc0d82076ba110d90263ff8cd643 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=94=90=E5=AE=B6=E6=96=87?= Date: Fri, 20 Nov 2015 23:05:06 +0800 Subject: [PATCH] docker TLS support --- docs/index.md | 8 ++++++++ provider/docker.go | 22 +++++++++++++++++++++- traefik.sample.toml | 8 ++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index 251cd080f..1e566de79 100644 --- a/docs/index.md +++ b/docs/index.md @@ -404,6 +404,14 @@ watch = true # Optional # # filename = "docker.tmpl" + +# Enable docker TLS connection +# +# [docker.tls] +# ca = "/etc/ssl/ca.crt" +# cert = "/etc/ssl/docker.crt" +# key = "/etc/ssl/docker.key" +# insecureskipverify = true ``` Labels can be used on containers to override default behaviour: diff --git a/provider/docker.go b/provider/docker.go index c03278f0f..44df0f24e 100644 --- a/provider/docker.go +++ b/provider/docker.go @@ -24,13 +24,33 @@ type Docker struct { Endpoint string Filename string Domain string + TLS *DockerTLS +} + +// DockerTLS holds TLS specific configurations +type DockerTLS struct { + CA string + Cert string + Key string + InsecureSkipVerify bool } // Provide allows the provider to provide configurations to traefik // using the given configuration channel. func (provider *Docker) Provide(configurationChan chan<- types.ConfigMessage) error { - dockerClient, err := docker.NewClient(provider.Endpoint) + var dockerClient *docker.Client + var err error + + if provider.TLS != nil { + dockerClient, err = docker.NewTLSClient(provider.Endpoint, + provider.TLS.Cert, provider.TLS.Key, provider.TLS.CA) + if err == nil { + dockerClient.TLSConfig.InsecureSkipVerify = provider.TLS.InsecureSkipVerify + } + } else { + dockerClient, err = docker.NewClient(provider.Endpoint) + } if err != nil { log.Errorf("Failed to create a client for docker, error: %s", err) return err diff --git a/traefik.sample.toml b/traefik.sample.toml index ea5c70f82..62aef45bb 100644 --- a/traefik.sample.toml +++ b/traefik.sample.toml @@ -138,6 +138,14 @@ # # filename = "docker.tmpl" +# Enable docker TLS connection +# +# [docker.tls] +# ca = "/etc/ssl/ca.crt" +# cert = "/etc/ssl/docker.crt" +# key = "/etc/ssl/docker.key" +# insecureskipverify = true + ################################################################ # Mesos/Marathon configuration backend