我在此处找到了解决方法的引用经过测试,它肯定可以正常工作.这是我遵循的步骤: docker-machine create -d none --url tcp://remotedocker.example.com:2376 remotedocker 这将创建以下目录: 〜/.docker/machine/machines/remotedocker 该目录内有一个名为 config.json 的文件.编辑该文件,然后将".docker/machine/certs"的每个实例更改为".docker/machine/machines/remotedocker" 通常,当您远程访问Docker时,只需要访问 ca.pem , cert.pem 和 key.pem 文件.据我所知, none 驱动程序可能不会使用 config.json 中引用的其他文件,因为 regenerate-certs 没有由 none 实施.您将需要复制ca.pem和key.pem文件此时,您应该能够运行 docker-machine config remotedocker 或 eval"$(docker-machine env remotedocker)" 并使用远程守护程序成功.What I want to do:I have dockerd running on one machine with TLS verify set to true. I would like to add this host as a machine in docker-machineWhat I have done:I used the following command to start dockerd:$ sudo dockerd -D --tls=true --tlscert=cert.pem --tlskey=key.pem -H tcp://172.19.48.247:2376On a second machine I sourced the following variables:export DOCKER_HOST=tcp://172.19.48.247:2376export DOCKER_TLS_VERIFY=1export DOCKER_CERT_PATH=/path/to/ssland ran docker command succesfully:$ docker run busybox echo hellohelloThen I added this host docker-machine:docker-machine create --driver none --url=tcp://172.19.48.247:2376 dockerhostWhere I am going wrong:I am getting a x509: certificate signed by unknown authority error now. $ docker-machine lsNAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS Unknowndockerhost - none Running tcp://172.19.48.247:2376 Unknown Unable to query docker version: Get https://172.19.48.247:2376/v1.15/version: x509: certificate signed by unknown authorityI tried using the docker-machine config but that doesnt work:$ docker-machine config dockerhost --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H tcp://172.19.48.247:2376Incorrect Usage.Usage: docker-machine config [OPTIONS] [arg...]Print the connection config for machineDescription: Argument is a machine name.Options: --swarm Display the Swarm config instead of the Docker daemonflag provided but not defined: -tlsverify 解决方案 By default, the none driver will be configured to use the TLS certs found at ~/.docker/machine. This isn't necessarily what is needed, because you'll run into the error you've run into if your remote Docker host has a certificate signed by something other than the ca.pem that you've got at that location.I've found a reference to a workaround here that I tested and it definitely seems to work. Here are the steps I followed:docker-machine create -d none --url tcp://remotedocker.example.com:2376 remotedockerThis creates the following directory:~/.docker/machine/machines/remotedockerInside that directory is a file called config.json. Edit that file, and change every instance of ".docker/machine/certs" to ".docker/machine/machines/remotedocker"Normally, when you access Docker remotely, it only needs to have access to the ca.pem, cert.pem and key.pem files. As far as I can tell, the other files referenced in config.json will likely not get used by the none driver because regenerate-certs is not implemented by none.You will need to copy in the ca.pem and key.pem filesAt this point, you should be able to run docker-machine config remotedocker, or eval "$(docker-machine env remotedocker)" and use your remote daemon successfully. 这篇关于如何在docker-machine中为机器设置TLS证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云!