Articles, notes and random thoughts on Software Development and Technology
When you concatenated your SSL .crt intermediate and root certs together, it’s likely you ended up with lines line this:
—–END CERTIFICATE———-BEGIN CERTIFICATE—–
To fix this, manually edit to insert a newline between the end and begin like this, and you should be all set:
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Turns out if you have an older base image downloaded locally and you try to rebuild your own image based on it a couple of years later, you could get errors running apt-get in your own Dockerfiles. I just got errors like this rebuilding an image that I first created 2 years ago:
Err http://archive.ubuntu.com/ubuntu/ trusty-updates/main libcurl3 amd64 7.35.0-1ubuntu2.14
404 Not Found [IP: 91.189.88.149 80]
Get:16 http://archive.ubuntu.com/ubuntu/ trusty-updates/main ca-certificates all 20170717~14.04.1 [167 kB]
Err http://archive.ubuntu.com/ubuntu/ trusty-updates/main krb5-locales all 1.12+dfsg-2ubuntu5.3
404 Not Found [IP: 91.189.88.149 80]
Get:17 http://archive.ubuntu.com/ubuntu/ trusty/main libsasl2-modules amd64 2.1.25.dfsg1-17build1 [64.3 kB]
Err http://security.ubuntu.com/ubuntu/ trusty-security/main libcurl3 amd64 7.35.0-1ubuntu2.14
404 Not Found [IP: 91.189.88.31 80]
Err http://security.ubuntu.com/ubuntu/ trusty-security/main openssl amd64 1.0.1f-1ubuntu2.23
404 Not Found [IP: 91.189.88.31 80]
Err http://security.ubuntu.com/ubuntu/ trusty-security/main curl amd64 7.35.0-1ubuntu2.14
404 Not Found [IP: 91.189.88.31 80]
Fetched 1375 kB in 7s (175 kB/s)
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5support0_1.12+dfsg-2ubuntu5.3_amd64.deb 404 Not Found [IP: 91.189.88.149 80]
If you delete the base ubuntu image you have cached locally, and try again, you’ll pull down a latest image, and now your build should continue as expected.
Depending on what you have installed, at least one of the following should work:
apt-show-versions pkgname
aptitude versions pkgname
apt show pkgname
From answers here: https://unix.stackexchange.com/questions/6284/check-package-version-using-apt-get-aptitude
2025 update: Use docker contexts instead.
Original post:
If you’re running Docker without TLS (hopefully never in production, for dev only), set DOCKER_HOST to host-ip:2375 and should should be good to go:
export DOCKER_HOST=tcp://host-ip:2375
If you’re using TLS certs, point to 2376 on the remote machine and specify a path to the certs:
export DOCKER_HOST=tcp://host-ip:2376
export DOCKER_CERT_PATH=/path/to/certs
Pass the –tlsverify param to ensure certs are passed with command:
docker --tlsverify command
Use docker-compose against a remote machine with TLS certs:
docker-compose -H remote-server-ip:2376 --tlscacert ca.pem --tlscert cert.pem --tlskey key.pem -f docker-compose.yml up
How to setup your Docker server to use TLS certs is here: https://docs.docker.com/engine/security/https/