Connecting to docker socket using client TLS certs?

Traefik Traefik v2 (latest)
1

Just wondering how to do this:

If I start my docker daemon with the following configuration which exposes the docker deamon over tcp but requires use of tls client certs:

ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2376 --tlsverify --tlscacert=/etc/ssl/self-signed-certs/server/ca.pem --tlscert=/etc/ssl/self-signed-certs/server/cert.pem --tlskey=/etc/ssl/self-signed-certs/server/key.pem

Can traefik make use of this setup?

For example if including a static traefik.yml file:

providers:
  docker:
#    endpoint: "unix:///var/run/docker.sock"
    endpoint: "tcp://dockerproxy:2376"
    exposedbydefault: false
    watch: true
    network: docker-api

Where would you specify the use of client certs? Is this feature even enabled?

2

Check out:

--providers.docker.tls.ca :
TLS CA

--providers.docker.tls.caoptional :
TLS CA.Optional (Default: false )

--providers.docker.tls.cert :
TLS cert

--providers.docker.tls.insecureskipverify :
TLS insecure skip verify (Default: false )

--providers.docker.tls.key :
TLS key

3

@cakiwi

Thanks -- that totally worked. Is this a new feature?

4

Looks like it goes back to 2.0

https://doc.traefik.io/traefik/v2.0/reference/static-configuration/cli/