Secure connections

Watchtower is also capable of connecting to Docker endpoints which are protected by SSL/TLS. If you've used docker-machine to provision your remote Docker host, you simply need to volume mount the certificates generated by docker-machine into the watchtower container and optionally specify --tlsverify flag.

The docker-machine certificates for a particular host can be located by executing the docker-machine env command for the desired host (note the values for the DOCKER_HOST and DOCKER_CERT_PATH environment variables that are returned from this command). The directory containing the certificates for the remote host needs to be mounted into the watchtower container at /etc/ssl/docker.

With the certificates mounted into the watchtower container you need to specify the --tlsverify flag to enable verification of the certificate:

docker run -d \
  --name watchtower \
  -e DOCKER_HOST=$DOCKER_HOST \
  -e DOCKER_CERT_PATH=/etc/ssl/docker \
  -v $DOCKER_CERT_PATH:/etc/ssl/docker \
  beatkind/watchtower --tlsverify