search

docker / machine

Machine management for a container-centric world
https://docs.docker.com/machine/
Apache License 2.0
6.63k stars 1.97k forks source link

Option to generate certificate with additional subjAltName (ip/hostname aliases) #3691

Open jamshid opened 8 years ago

jamshid commented 8 years ago

It would be nice if docker-machine create allowed specifying additional ip addresses or hostnames that the docker server might be accessed as. Put these as subAltName's so the certificate is considered valid for all those ip's/hostnames. E.g. in openssl.cnf it would look like:

[ v3_req ]
subjectAltName = critical,@alt_names
[alt_names]
DNS.1 = mydockerhostname
DNS.2 = 192.168.2.63
DNS.3 = 127.0.0.1
DNS.4 = mydocker.example.com

Currently docker-machine create only includes the server's "real" ip address, so if you happen to be using a local ssh proxy to get to it (poor man's vpn) you'll get this error:

An error occurred trying to connect: Get https://127.0.0.1:4063/v1.24/containers/json: x509: certificate is valid for 192.168.2.63, not 127.0.0.1

jamshid commented 8 years ago

Sorry this is probably fixed by https://github.com/docker/machine/pull/1228 but I don't see --tls-san documented.