diff --git a/docs/index.md b/docs/index.md index 251cd080f..1e566de79 100644 --- a/docs/index.md +++ b/docs/index.md @@ -404,6 +404,14 @@ watch = true # Optional # # filename = "docker.tmpl" + +# Enable docker TLS connection +# +# [docker.tls] +# ca = "/etc/ssl/ca.crt" +# cert = "/etc/ssl/docker.crt" +# key = "/etc/ssl/docker.key" +# insecureskipverify = true ``` Labels can be used on containers to override default behaviour: diff --git a/provider/docker.go b/provider/docker.go index c03278f0f..44df0f24e 100644 --- a/provider/docker.go +++ b/provider/docker.go @@ -24,13 +24,33 @@ type Docker struct { Endpoint string Filename string Domain string + TLS *DockerTLS +} + +// DockerTLS holds TLS specific configurations +type DockerTLS struct { + CA string + Cert string + Key string + InsecureSkipVerify bool } // Provide allows the provider to provide configurations to traefik // using the given configuration channel. func (provider *Docker) Provide(configurationChan chan<- types.ConfigMessage) error { - dockerClient, err := docker.NewClient(provider.Endpoint) + var dockerClient *docker.Client + var err error + + if provider.TLS != nil { + dockerClient, err = docker.NewTLSClient(provider.Endpoint, + provider.TLS.Cert, provider.TLS.Key, provider.TLS.CA) + if err == nil { + dockerClient.TLSConfig.InsecureSkipVerify = provider.TLS.InsecureSkipVerify + } + } else { + dockerClient, err = docker.NewClient(provider.Endpoint) + } if err != nil { log.Errorf("Failed to create a client for docker, error: %s", err) return err diff --git a/traefik.sample.toml b/traefik.sample.toml index ea5c70f82..62aef45bb 100644 --- a/traefik.sample.toml +++ b/traefik.sample.toml @@ -138,6 +138,14 @@ # # filename = "docker.tmpl" +# Enable docker TLS connection +# +# [docker.tls] +# ca = "/etc/ssl/ca.crt" +# cert = "/etc/ssl/docker.crt" +# key = "/etc/ssl/docker.key" +# insecureskipverify = true + ################################################################ # Mesos/Marathon configuration backend