<h3 id="heading-objective">Objective</h3>
<p>Implement best practices for securing Docker containers on AWS.</p>
<h3 id="heading-task">Task</h3>
<ol>
<li><strong>Configure Docker to use TLS for secure remote access.</strong></li>
</ol>
<h3 id="heading-task-configure-docker-to-use-tls-for-secure-remote-access">Task : Configure Docker to Use TLS for Secure Remote Access</h3>
<p><strong>Why?</strong>By default, Docker's daemon listens on a UNIX socket. To access the daemon remotely, you need to secure it using TLS to ensure encrypted communication</p>
<pre><code class="lang-bash"><span class="hljs-comment"># Configure Docker to use TLS for secure remote access</span>
mkdir -pv ~/certs
<span class="hljs-built_in">cd</span> certs/
openssl genrsa -out ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
openssl genrsa -out server-key.pem 4096
openssl req -subj <span class="hljs-string">"/CN=<span class="hljs-variable">$HOST</span>"</span> -sha256 -new -key server-key.pem -out server.csr
openssl x509 -req -days 365 -sha256 -<span class="hljs-keyword">in</span> server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
openssl genrsa -out client-key.pem 4096
openssl req -subj <span class="hljs-string">'/CN=client'</span> -new -key client-key.pem -out client.csr
openssl x509 -req -days 365 -sha256 -<span class="hljs-keyword">in</span> client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem
sudo dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=0.0.0.0:2376
</code></pre>


### Objective

Implement best practices for securing Docker containers on AWS.

### Task

1. **Configure Docker to use TLS for secure remote access.**
    

### Task : Configure Docker to Use TLS for Secure Remote Access

**Why?**By default, Docker's daemon listens on a UNIX socket. To access the daemon remotely, you need to secure it using TLS to ensure encrypted communication

```bash
# Configure Docker to use TLS for secure remote access
mkdir -pv ~/certs
cd certs/
openssl genrsa -out ca-key.pem 4096
openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem
openssl genrsa -out client-key.pem 4096
openssl req -subj '/CN=client' -new -key client-key.pem -out client.csr
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem
sudo dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=0.0.0.0:2376
```

Advanced Security with Docker

Objective

Task

Task : Configure Docker to Use TLS for Secure Remote Access