Using TLS¶
Both the main DockerClient
and low-level
APIClient
can connect to the Docker daemon with TLS.
This is all configured automatically for you if you’re using from_env()
, but if you need some extra control it is possible to configure it manually by using a TLSConfig
object.
Examples¶
For example, to check the server against a specific CA certificate:
tls_config = docker.tls.TLSConfig(ca_cert='/path/to/ca.pem', verify=True)
client = docker.DockerClient(base_url='<https_url>', tls=tls_config)
This is the equivalent of docker --tlsverify --tlscacert /path/to/ca.pem ...
.
To authenticate with client certs:
tls_config = docker.tls.TLSConfig(
client_cert=('/path/to/client-cert.pem', '/path/to/client-key.pem')
)
client = docker.DockerClient(base_url='<https_url>', tls=tls_config)
This is the equivalent of docker --tls --tlscert /path/to/client-cert.pem --tlskey /path/to/client-key.pem ...
.
Reference¶
- class TLSConfig¶
TLS configuration.
- Parameters
client_cert (tuple of str) – Path to client cert, path to client key.
ca_cert (str) – Path to CA cert file.
verify (bool or str) – This can be a bool or a path to a CA cert file to verify against. If
True
, verify using ca_cert; ifFalse
or not specified, do not verify.ssl_version (int) – A valid SSL version.
assert_hostname (bool) – Verify the hostname of the server.