Merge pull request #120 from starpost/docker-tls

Docker TLS support
This commit is contained in:
Vincent Demeester 2015-11-20 18:51:36 +01:00
commit c8a0a83e2b
3 changed files with 37 additions and 1 deletions

View file

@ -404,6 +404,14 @@ watch = true
# Optional # Optional
# #
# filename = "docker.tmpl" # filename = "docker.tmpl"
# Enable docker TLS connection
#
# [docker.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/docker.crt"
# key = "/etc/ssl/docker.key"
# insecureskipverify = true
``` ```
Labels can be used on containers to override default behaviour: Labels can be used on containers to override default behaviour:

View file

@ -20,13 +20,33 @@ type Docker struct {
baseProvider baseProvider
Endpoint string Endpoint string
Domain string Domain string
TLS *DockerTLS
}
// DockerTLS holds TLS specific configurations
type DockerTLS struct {
CA string
Cert string
Key string
InsecureSkipVerify bool
} }
// Provide allows the provider to provide configurations to traefik // Provide allows the provider to provide configurations to traefik
// using the given configuration channel. // using the given configuration channel.
func (provider *Docker) Provide(configurationChan chan<- types.ConfigMessage) error { func (provider *Docker) Provide(configurationChan chan<- types.ConfigMessage) error {
dockerClient, err := docker.NewClient(provider.Endpoint) var dockerClient *docker.Client
var err error
if provider.TLS != nil {
dockerClient, err = docker.NewTLSClient(provider.Endpoint,
provider.TLS.Cert, provider.TLS.Key, provider.TLS.CA)
if err == nil {
dockerClient.TLSConfig.InsecureSkipVerify = provider.TLS.InsecureSkipVerify
}
} else {
dockerClient, err = docker.NewClient(provider.Endpoint)
}
if err != nil { if err != nil {
log.Errorf("Failed to create a client for docker, error: %s", err) log.Errorf("Failed to create a client for docker, error: %s", err)
return err return err

View file

@ -138,6 +138,14 @@
# #
# filename = "docker.tmpl" # filename = "docker.tmpl"
# Enable docker TLS connection
#
# [docker.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/docker.crt"
# key = "/etc/ssl/docker.key"
# insecureskipverify = true
################################################################ ################################################################
# Mesos/Marathon configuration backend # Mesos/Marathon configuration backend