Using TLS¶
Both the main DockerClient
and low-level
APIClient
can connect to the Docker daemon with TLS.
This is all configured automatically for you if you’re using from_env()
, but if you need some extra control it is possible to configure it manually by using a TLSConfig
object.
Examples¶
For example, to check the server against a specific CA certificate:
tls_config = docker.tls.TLSConfig(ca_cert='/path/to/ca.pem')
client = docker.DockerClient(base_url='<https_url>', tls=tls_config)
This is the equivalent of docker --tlsverify --tlscacert /path/to/ca.pem ...
.
To authenticate with client certs:
tls_config = docker.tls.TLSConfig(
client_cert=('/path/to/client-cert.pem', '/path/to/client-key.pem')
)
client = docker.DockerClient(base_url='<https_url>', tls=tls_config)
This is the equivalent of docker --tls --tlscert /path/to/client-cert.pem --tlskey /path/to/client-key.pem ...
.
Reference¶
-
class
TLSConfig
¶ TLS configuration.
Parameters: - client_cert (tuple of str) – Path to client cert, path to client key.
- ca_cert (str) – Path to CA cert file.
- verify (bool or str) – This can be
False
or a path to a CA cert file. - ssl_version (int) – A valid SSL version.
- assert_hostname (bool) – Verify the hostname of the server.