We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: debcb76939
Branches Tags
moby
/
client
/
envvars.go

envvars.go 4.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. package client // import "github.com/docker/docker/client"
    2. 

  2. 

  3. const (
    4. 

  4. 	// EnvOverrideHost is the name of the environment variable that can be used
    5. 

  5. 	// to override the default host to connect to (DefaultDockerHost).
    6. 

  6. 	//
    7. 

  7. 	// This env-var is read by FromEnv and WithHostFromEnv and when set to a
    8. 

  8. 	// non-empty value, takes precedence over the default host (which is platform
    9. 

  9. 	// specific), or any host already set.
    10. 

  10. 	EnvOverrideHost = "DOCKER_HOST"
    11. 

  11. 

  12. 	// EnvOverrideAPIVersion is the name of the environment variable that can
    13. 

  13. 	// be used to override the API version to use. Value should be
    14. 

  14. 	// formatted as MAJOR.MINOR, for example, "1.19".
    15. 

  15. 	//
    16. 

  16. 	// This env-var is read by FromEnv and WithVersionFromEnv and when set to a
    17. 

  17. 	// non-empty value, takes precedence over API version negotiation.
    18. 

  18. 	//
    19. 

  19. 	// This environment variable should be used for debugging purposes only, as
    20. 

  20. 	// it can set the client to use an incompatible (or invalid) API version.
    21. 

  21. 	EnvOverrideAPIVersion = "DOCKER_API_VERSION"
    22. 

  22. 

  23. 	// EnvOverrideCertPath is the name of the environment variable that can be
    24. 

  24. 	// used to specify the directory from which to load the TLS certificates
    25. 

  25. 	// (ca.pem, cert.pem, key.pem) from. These certificates are used to configure
    26. 

  26. 	// the Client for a TCP connection protected by TLS client authentication.
    27. 

  27. 	//
    28. 

  28. 	// TLS certificate verification is enabled by default if the Client is configured
    29. 

  29. 	// to use a TLS connection. Refer to EnvTLSVerify below to learn how to
    30. 

  30. 	// disable verification for testing purposes.
    31. 

  31. 	//
    32. 

  32. 	// WARNING: Access to the remote API is equivalent to root access to the
    33. 

  33. 	// host where the daemon runs. Do not expose the API without protection,
    34. 

  34. 	// and only if needed. Make sure you are familiar with the "daemon attack
    35. 

  35. 	// surface" (https://docs.docker.com/go/attack-surface/).
    36. 

  36. 	//
    37. 

  37. 	// For local access to the API, it is recommended to connect with the daemon
    38. 

  38. 	// using the default local socket connection (on Linux), or the named pipe
    39. 

  39. 	// (on Windows).
    40. 

  40. 	//
    41. 

  41. 	// If you need to access the API of a remote daemon, consider using an SSH
    42. 

  42. 	// (ssh://) connection, which is easier to set up, and requires no additional
    43. 

  43. 	// configuration if the host is accessible using ssh.
    44. 

  44. 	//
    45. 

  45. 	// If you cannot use the alternatives above, and you must expose the API over
    46. 

  46. 	// a TCP connection, refer to https://docs.docker.com/engine/security/protect-access/
    47. 

  47. 	// to learn how to configure the daemon and client to use a TCP connection
    48. 

  48. 	// with TLS client authentication. Make sure you know the differences between
    49. 

  49. 	// a regular TLS connection and a TLS connection protected by TLS client
    50. 

  50. 	// authentication, and verify that the API cannot be accessed by other clients.
    51. 

  51. 	EnvOverrideCertPath = "DOCKER_CERT_PATH"
    52. 

  52. 

  53. 	// EnvTLSVerify is the name of the environment variable that can be used to
    54. 

  54. 	// enable or disable TLS certificate verification. When set to a non-empty
    55. 

  55. 	// value, TLS certificate verification is enabled, and the client is configured
    56. 

  56. 	// to use a TLS connection, using certificates from the default directories
    57. 

  57. 	// (within `~/.docker`); refer to EnvOverrideCertPath above for additional
    58. 

  58. 	// details.
    59. 

  59. 	//
    60. 

  60. 	// WARNING: Access to the remote API is equivalent to root access to the
    61. 

  61. 	// host where the daemon runs. Do not expose the API without protection,
    62. 

  62. 	// and only if needed. Make sure you are familiar with the "daemon attack
    63. 

  63. 	// surface" (https://docs.docker.com/go/attack-surface/).
    64. 

  64. 	//
    65. 

  65. 	// Before setting up your client and daemon to use a TCP connection with TLS
    66. 

  66. 	// client authentication, consider using one of the alternatives mentioned
    67. 

  67. 	// in EnvOverrideCertPath above.
    68. 

  68. 	//
    69. 

  69. 	// Disabling TLS certificate verification (for testing purposes)
    70. 

  70. 	//
    71. 

  71. 	// TLS certificate verification is enabled by default if the Client is configured
    72. 

  72. 	// to use a TLS connection, and it is highly recommended to keep verification
    73. 

  73. 	// enabled to prevent machine-in-the-middle attacks. Refer to the documentation
    74. 

  74. 	// at https://docs.docker.com/engine/security/protect-access/ and pages linked
    75. 

  75. 	// from that page to learn how to configure the daemon and client to use a
    76. 

  76. 	// TCP connection with TLS client authentication enabled.
    77. 

  77. 	//
    78. 

  78. 	// Set the "DOCKER_TLS_VERIFY" environment to an empty string ("") to
    79. 

  79. 	// disable TLS certificate verification. Disabling verification is insecure,
    80. 

  80. 	// so should only be done for testing purposes. From the Go documentation
    81. 

  81. 	// (https://pkg.go.dev/crypto/tls#Config):
    82. 

  82. 	//
    83. 

  83. 	// InsecureSkipVerify controls whether a client verifies the server's
    84. 

  84. 	// certificate chain and host name. If InsecureSkipVerify is true, crypto/tls
    85. 

  85. 	// accepts any certificate presented by the server and any host name in that
    86. 

  86. 	// certificate. In this mode, TLS is susceptible to machine-in-the-middle
    87. 

  87. 	// attacks unless custom verification is used. This should be used only for
    88. 

  88. 	// testing or in combination with VerifyConnection or VerifyPeerCertificate.
    89. 

  89. 	EnvTLSVerify = "DOCKER_TLS_VERIFY"
    90. 

  90. )
    91.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5