This article shows how to quickly install Docker on Ubuntu LTS with remote TLS access. I originally created the steps while creating remote Docker instances for use with Plesk Onyx. It is assumed that you are working with a new install of Ubuntu 16.04 or 18.04.
Before we begin, you may wish to update your system:
apt update && apt upgrade -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - apt install -y software-properties-common software-properties-common add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" apt update apt-cache policy docker-ce apt install -y docker-ce
Enable Docker and verify status:
systemctl enable docker systemctl status docker
Create Self-Signed Certificate
- <host_name> – The host name of your server (ex: docker.mydomain.com).
- <public_ip> – The public IP address of your server (ex: 126.96.36.199).
- <private_ip> – The private IP address of your server (ex: 10.10.5.20).
bash <(curl -s https://f001.backblazeb2.com/file/hendricks/scripts/docker-tls/01-docker-create-certs.sh) <host_name> <public_ip> <private_ip>
Update Docker Configuration
Use this script (view source) to update Docker to listen on the specified ports and use the TLS certificate:
bash <(curl -s https://f001.backblazeb2.com/file/hendricks/scripts/docker-tls/02-configure-docker-systemd.sh)
Make sure that port 2376 is open to the public. You can test remote access by copying the ca.pem, client-cert.pem and client-key.pem certificate files from the /etc/docker/ssl/ directory to your remote client. For this example, I copied them to /root/certs (replace <remote_host> with the host name or IP address of your Docker server):
docker \ host tcp://<remote_host>:2376 \ --tlsverify \ --tlscacert=/root/certs/ca.pem \ --tlscert=/root/certs/client-cert.pem \ --tlskey=/root/certs/client-key.pem \ container ls
Adding a Remote Docker Server to Plesk
If you are a Plesk user and want to add a remote Docker server, you must have the paid version of the Docker extension installed. To add a remote server:
- Log in to Plesk and go to Tools & Settings > Docker.
- Click Add Server.
- Fill in your server details and upload your ca.pem, client-cert.pem and client-key.pem files created above. (see example below)
- Click OK.
If there are no connection errors, your new server will be added to the list and be available to add Docker volumes to.
Appendix A - Bypassing Invalid GPG Signatures
You may receive the following apt error after adding the Docker repo with
W: GPG error: https://download.docker.com/linux/ubuntu bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E: The repository 'https://download.docker.com/linux/ubuntu bionic InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default.
You can configure apt to ignore this issue by editing
/etc/apt/sources.list and adding
trusted=yes to the Docker repo lines at the bottom. Example:
deb [arch=amd64 trusted=yes] https://download.docker.com/linux/ubuntu bionic stable