From 16cb42dcd82a1c29acd73baabed9aad1c6f20ec7 Mon Sep 17 00:00:00 2001 From: Matthew Livesey Date: Sun, 8 Nov 2015 12:48:24 +0000 Subject: [PATCH] TLS Support --- main.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index 7189453..8ab7177 100644 --- a/main.go +++ b/main.go @@ -6,6 +6,7 @@ import ( "os" "os/signal" "strconv" + "fmt" dockerApi "github.com/fsouza/go-dockerclient" ) @@ -15,6 +16,7 @@ var dnsPort = flag.String("dns-port", getopt("DNS_PORT", "53"), "Port for the DN var dnsRecursor = flag.String("dns-recursor", getopt("DNS_RECURSOR", ""), "DNS recursor for non-local addresses") var dnsDomain = flag.String("dns-domain", getopt("DNS_DOMAIN", "localdomain"), "The domain that Docker-spy should consider local") var dockerHost = flag.String("docker-host", getopt("DOCKER_HOST", "unix:///var/run/docker.sock"), "Address for the Docker daemon") +var dockerCertPath = flag.String("docker-cert-path", getopt("DOCKER_CERT_PATH", ""), "Location of certificates for TLS") func getopt(name, def string) string { if env := os.Getenv(name); env != "" { @@ -45,7 +47,16 @@ func main() { log.Println("Listening for container events...") - docker, err := dockerApi.NewClient(*dockerHost) + var docker *dockerApi.Client + + if *dockerCertPath == "" { + docker, err = dockerApi.NewClient(*dockerHost) + } else { + ca := fmt.Sprintf("%s/ca.pem", *dockerCertPath) + cert := fmt.Sprintf("%s/cert.pem", *dockerCertPath) + key := fmt.Sprintf("%s/key.pem", *dockerCertPath) + docker, err = dockerApi.NewTLSClient(*dockerHost, cert, key, ca) + } if err != nil { log.Fatal(err)