Secure connections
Watchtower is also capable of connecting to Docker endpoints which are protected by SSL/TLS. If you've used docker-machine to provision your remote Docker host, you simply need to volume mount the certificates generated by docker-machine into the watchtower container and optionally specify --tlsverify
flag.
The docker-machine certificates for a particular host can be located by executing the docker-machine env
command for the desired host (note the values for the DOCKER_HOST
and DOCKER_CERT_PATH
environment variables that are returned from this command). The directory containing the certificates for the remote host needs to be mounted into the watchtower container at /etc/ssl/docker.
With the certificates mounted into the watchtower container you need to specify the --tlsverify
flag to enable verification of the certificate:
docker run -d \
--name watchtower \
-e DOCKER_HOST=$DOCKER_HOST \
-e DOCKER_CERT_PATH=/etc/ssl/docker \
-v $DOCKER_CERT_PATH:/etc/ssl/docker \
beatkind/watchtower --tlsverify