uptime-kuma icon indicating copy to clipboard operation
uptime-kuma copied to clipboard

Published 20 hours ago verified publisher icon louislam

How to setup remote docker hosts with a TLS certificate?

Open FastHogi opened this issue 2 years ago • 0 comments

⚠️ Please verify that this bug has NOT been raised before.

  • [X] I checked and didn't find similar issue

🛡️ Security Policy

📝 Describe your problem

First of all, thank you very much for this beautiful peace of software. I'm using it since a couple of month now without any big issues.

I'm monitoring multiple remote machines which are running different docker containers. I'm able to access these containers via docker remote port 2375 successfully. But port 2375 is not protected by default, which is a security risk. Now I protected my docker sockets with a TLS certificate as decribed here.

In WhatUpDocker I can access the socket with a TLS client certifacte successfully with the follwing docker-compose settings:

version: '3'
services:
  whatsupdocker:
    image: fmartinou/whats-up-docker:latest
    container_name: whatsupdocker
    restart: always
    volumes:
      - /data/certificates/ca-public.pem:/tmp/ca-public.pem
      - /data/certificates/client-certificate.pem:/tmp/client-certificate.pem
      - /data/certificates/client-key.pem:/tmp/client-key.pem
    ports:
      - 3010:3000
    environment:
      - TZ=Europe/Berlin
      - WUD_WATCHER_PILIVE_CRON=4 4 * * *
      - WUD_WATCHER_PILIVE_HOST=192.168.1.20
      - WUD_WATCHER_PILIVE_PORT=2376
      - WUD_WATCHER_PILIVE_CAFILE=/tmp/ca-public.pem
      - WUD_WATCHER_PILIVE_CERTFILE=/tmp/client-certificate.pem
      - WUD_WATCHER_PILIVE_KEYFILE=/tmp/client-key.pem

But I can't figure out, how to use the same TLS client certificate files in Uptime Kuma. I tried the following docker-compose settings for Uptime-Kuma without success:

version: '3'
services:
  uptime-kuma:
    image: louislam/uptime-kuma
    container_name: uptime-kuma
    restart: always
    ports:
      - 3001:3001
    volumes:
      - /data/uptime-kuma:/app/data
      - /data/uptime-kuma/certs/ca-public.pem:/app/data/certs/ca-public.pem
      - /data/uptime-kuma/certs/client-certificate.pem:/app/data/certs/client-certificate.pem
      - /data/uptime-kuma/certs/client-key.pem:/app/data/certs/client-key.pem
    environment:
      - NODE_EXTRA_CA_CERTS=/app/data/certs/ca-public.pem
      - SSL_CERT=/app/data/certs/client-certificate.pem
      - SSL_KEY=/app/data/certs/client-key.pem

If I change the docker daemon setting in the docker host setup dialog from http://192.168.1.20:2375 to https://192.168.1.20:2376 I only get a "socket hang up" error messages. The WIKI page "How to Monitor Docker Containers" isn't explaining, how we can use Port 2376 with a TLS certificate.

It would be great, if we could have 3 more options to browse for the TLS files in the dialog, if I would select a "HTTPS" in the drop-down box. Or as an alternative to set these as an environment var.

How can I use my TLS client certificate? Any help is appreciated.

🐻 Uptime-Kuma Version

1.18.5

💻 Operating System and Arch

Ubuntu 22.04.1 LTS / Raspberry Pi 3b + Pi 4

🌐 Browser

Firefox 107

🐋 Docker Version

Docker 20.10.12

🟩 NodeJS Version

No response

FastHogi avatar Nov 26 '22 12:11 FastHogi