Docker Install on CentOS 7 And Connect by IntelliJ IDEA

Docker provides a way to run applications securely isolated in a container, packaged with all its dependencies and libraries.

Docker Install on CentOS 7

#Note: login with root

yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo

yum install docker-ce docker-ce-cli

systemctl start docker

systemctl enable docker

docker run hello-world

#Protect the Docker daemon socket:

mkdir -p /etc/docker/tls

cd /etc/docker/tls

#For server authentication:
#Note: Replace all instances of $HOST in the following example with the DNS name of your Docker daemon’s host.

openssl genrsa -aes256 -out ca-key.pem 4096
#Note: the password is required and remember it.

openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem

openssl genrsa -out server-key.pem 4096

openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr

echo subjectAltName = DNS:$HOST,IP:$PUBLIC-IP,IP: >> extfile.cnf

echo extendedKeyUsage = serverAuth >> extfile.cnf

openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf

#For client authentication, create a client key and certificate signing request:

openssl genrsa -out key.pem 4096

openssl req -subj '/CN=$HOST' -new -key key.pem -out client.csr

echo extendedKeyUsage = clientAuth > extfile-client.cnf

openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile-client.cnf

rm -v client.csr server.csr extfile.cnf extfile-client.cnf

chmod -v 0400 ca-key.pem key.pem server-key.pem

chmod -v 0444 ca.pem server-cert.pem cert.pem

#Remove systemctl config:

systemctl stop docker

systemctl disable docker

#Verify docker with TLS :

dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=

docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=$HOST:2376 version

#Ctrl+C stop dockerd server

#Docker configuring remote access with daemon.json:

mkdir -pv /z-safami/data/docker-data
vim /etc/docker/daemon.json
#add this text block, local access docker: "", remote access docker: tcp://
    "hosts":["unix:///var/run/docker.sock", "tcp://","tcp://"],
    "log-driver": "json-file",
    "log-opts": {"max-size": "10m", "max-file": "3"}

#Start docker server:



systemctl enable firewalld.service

systemctl start firewalld.service

firewall-cmd --zone=public --add-port=2376/tcp --permanent

firewall-cmd --reload

firewall-cmd --list-port


#Configuring docker client with TLS:

mkdir -pv ~/.docker

cd /etc/docker/tls/

cp -v {ca,cert,key}.pem ~/.docker

vim ~/.bash_profile
    export DOCKER_HOST=tcp://$HOST:2375 DOCKER_TLS_VERIFY=1
#for local:export DOCKER_HOST=tcp:// DOCKER_TLS_VERIFY=1

source ~/.bash_profile

#Verify docker with TLS:

docker version

docker ps

#Remote connect by IntelliJ IDEA docker client:

yum install -y lrzsz

sz ~/.docker/{ca,cert,key}.pem

#Open local IntelliJ IDEA

#Note: Engine API URL schema is  ‘https://’

#Configuring remote access with systemd unit file    (if you don’t want running docker with ‘dockerd’ command, and configure daemon.json together)

  • Edit docker.conf file

vim /etc/systemd/system/docker.service.d/docker.conf

  • #Add or modify the following lines, substituting your own values.

ExecStart=/usr/bin/dockerd -H fd:// -H tcp:// -H tcp://

  • #Remove following line in /etc/docker/daemon.json, if configured.

“hosts”:[“unix:///var/run/docker.sock”, “tcp://″,”tcp://”]

  • Start docker service and configure Docker to start on boot

systemctl daemon-reload

systemctl start docker       –#systemctl restart docker

ps -ef|grep docker

systemctl enable docker     — #systemctl disable docker


#The End#

One thought on “Docker Install on CentOS 7 And Connect by IntelliJ IDEA

Leave a Reply

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: