<\/p>\n
\u6587\u4ef6\u4fdd\u5b58\u6210.sh \u53ef\u4ee5\u5728ubuntu\u4e2d\u901a\u8fc7bash xxx.sh\u6267\u884c\u3002<\/p>\n
#!\/bin\/sh<\/span><\/span>\r\nip<\/span>=xx.xx.xx.xx<\/span><\/span>\r\npassword<\/span>=<\/span>Aa654321 \u00a0# 3\u4e2a\u5b57\u8282\u4ee5\u4e0a\uff0c\u4e0d\u7136\u751f\u6210\u6587\u4ef6\u6570\u4e0d\u5bf9<\/span><\/span>\r\ndir<\/span>=<\/span>\/etc\/docker\/tls # \u8bc1\u4e66\u751f\u6210\u4f4d\u7f6e<\/span><\/span>\r\nvalidity_period<\/span>=<\/span>3650<\/span> \u00a0 \u00a0# \u8bc1\u4e66\u6709\u6548\u671f10\u5e74<\/span><\/span>\r\nCOUNTRY<\/span>=<\/span>\"CN\"<\/span><\/span>\r\nSTATE<\/span>=<\/span>\"\"<\/span><\/span>\r\nCITY<\/span>=<\/span>\"\"<\/span><\/span>\r\nORGANIZATION<\/span>=<\/span>\"\"<\/span><\/span>\r\n \r\n# \u5c06\u6b64shell\u811a\u672c\u5728\u5b89\u88c5docker\u7684\u673a\u5668\u4e0a\u6267\u884c\uff0c\u4f5c\u7528\u662f\u751f\u6210docker\u8fdc\u7a0b\u8fde\u63a5\u52a0\u5bc6\u8bc1\u4e66<\/span><\/span>\r\nif<\/span> [ ! -d<\/span> \"<\/span>$dir<\/span>\"<\/span> ]; then<\/span><\/span>\r\n \u00a0echo<\/span> \"\"<\/span><\/span>\r\n \u00a0echo<\/span> \"<\/span>$dir<\/span> , not dir , will create\"<\/span><\/span>\r\n \u00a0echo<\/span> \"\"<\/span><\/span>\r\n \u00a0mkdir<\/span> -p<\/span> $dir<\/span><\/span>\r\nelse<\/span><\/span>\r\n \u00a0echo<\/span> \"\"<\/span><\/span>\r\n \u00a0echo<\/span> \"<\/span>$dir<\/span> , dir exist , will delete and create\"<\/span><\/span>\r\n \u00a0echo<\/span> \"\"<\/span><\/span>\r\n \u00a0rm<\/span> -rf<\/span> $dir<\/span><\/span>\r\n \u00a0mkdir<\/span> -p<\/span> $dir<\/span><\/span>\r\nfi<\/span><\/span>\r\n \r\ncd<\/span> $dir<\/span> || exit<\/span><\/span>\r\n# \u521b\u5efa\u6839\u8bc1\u4e66RSA\u79c1\u94a5<\/span><\/span>\r\nopenssl<\/span> genrsa -aes256<\/span> -passout<\/span> pass:\"<\/span>$password<\/span>\"<\/span> -out<\/span> ca-key.pem 4096<\/span><\/span>\r\n\u200b<\/span>\r\n# \u521b\u5efaCA\u8bc1\u4e66<\/span><\/span>\r\nopenssl<\/span> req -new<\/span> -x509<\/span> -days<\/span> $validity_period<\/span> -key<\/span> ca-key.pem -passin<\/span> pass:\"<\/span>$password<\/span>\"<\/span> -sha256<\/span> -out<\/span> ca.pem -subj<\/span> \"\/C=<\/span>$COUNTRY<\/span>\/ST=<\/span>$STATE<\/span>\/L=<\/span>$CITY<\/span>\/O=<\/span>$ORGANIZATION<\/span>\/CN=<\/span>$ip<\/span>\"<\/span><\/span>\r\n\u200b<\/span>\r\n# \u521b\u5efa\u670d\u52a1\u7aef\u79c1\u94a5<\/span><\/span>\r\nopenssl<\/span> genrsa -out<\/span> server-key.pem 4096<\/span><\/span>\r\n# \u521b\u5efa\u670d\u52a1\u7aef\u7b7e\u540d\u8bf7\u6c42\u8bc1\u4e66\u6587\u4ef6<\/span><\/span>\r\nopenssl<\/span> req -subj<\/span> \"\/CN=<\/span>$ip<\/span>\"<\/span> -sha256<\/span> -new<\/span> -key<\/span> server-key.pem -out<\/span> server.csr<\/span>\r\n \r\necho<\/span> subjectAltName =<\/span> IP:$ip<\/span>,IP:0.0.0.0 >>extfile.cnf<\/span>\r\necho<\/span> extendedKeyUsage =<\/span> serverAuth >>extfile.cnf<\/span>\r\n\u200b<\/span>\r\n# \u521b\u5efa\u7b7e\u540d\u751f\u6548\u7684\u670d\u52a1\u7aef\u8bc1\u4e66\u6587\u4ef6<\/span><\/span>\r\nopenssl<\/span> x509 -req<\/span> -days<\/span> $validity_period<\/span> -sha256<\/span> -in<\/span> server.csr -CA<\/span> ca.pem -CAkey<\/span> ca-key.pem -passin<\/span> \"pass:<\/span>$password<\/span>\"<\/span> -CAcreateserial<\/span> -out<\/span> server-cert.pem -extfile<\/span> extfile.cnf<\/span>\r\n\u200b<\/span>\r\n# --------------------------------------------------------------------------------<\/span><\/span>\r\n# --------------------------------------------------------------------------------<\/span><\/span>\r\n# --------------------------------------------------------------------------------<\/span><\/span>\r\n# --------------------------------------------------------------------------------<\/span><\/span>\r\n# \u521b\u5efa\u5ba2\u6237\u7aef\u79c1\u94a5<\/span><\/span>\r\nopenssl<\/span> genrsa -out<\/span> key.pem 4096<\/span><\/span>\r\n# \u521b\u5efa\u5ba2\u6237\u7aef\u7b7e\u540d\u8bf7\u6c42\u8bc1\u4e66\u6587\u4ef6<\/span><\/span>\r\nopenssl<\/span> req -subj<\/span> '\/CN=client'<\/span> -sha256<\/span> -new<\/span> -key<\/span> key.pem -out<\/span> client.csr<\/span>\r\n \r\necho<\/span> extendedKeyUsage =<\/span> clientAuth >extfile-client.cnf<\/span>\r\n\u200b<\/span>\r\n# \u521b\u5efa\u7b7e\u540d\u751f\u6548\u7684\u5ba2\u6237\u7aef\u8bc1\u4e66\u6587\u4ef6<\/span><\/span>\r\nopenssl<\/span> x509 -req<\/span> -days<\/span> $validity_period<\/span> -sha256<\/span> -in<\/span> client.csr -CA<\/span> ca.pem -CAkey<\/span> ca-key.pem -passin<\/span> \"pass:<\/span>$password<\/span>\"<\/span> -CAcreateserial<\/span> -out<\/span> cert.pem -extfile<\/span> extfile-client.cnf<\/span>\r\n# \u5220\u9664\u591a\u4f59\u6587\u4ef6<\/span><\/span>\r\nrm<\/span> -f<\/span> -v<\/span> client.csr server.csr extfile.cnf extfile-client.cnf<\/span>\r\n \r\nchmod<\/span> -v<\/span> 0400<\/span> ca-key.pem key.pem server-key.pem<\/span>\r\n \r\nchmod<\/span> -v<\/span> 0444<\/span> ca.pem server-cert.pem cert.pem<\/span>\r\n\u200b<\/span>\r\n\u200b<\/span>\r\n########## \u914d\u7f6e Docker \u5b88\u62a4\u8fdb\u7a0b ##########<\/span><\/span>\r\n\u200b<\/span>\r\necho<\/span> \"Configuring Docker daemon...\"<\/span><\/span>\r\n\u200b<\/span>\r\n# \u5907\u4efd Docker \u914d\u7f6e\u6587\u4ef6<\/span><\/span>\r\nDOCKER_SERVICE_FILE<\/span>=<\/span>\"\/usr\/lib\/systemd\/system\/docker.service\"<\/span><\/span>\r\nDOCKER_SERVICE_BACKUP<\/span>=<\/span>\"\/usr\/lib\/systemd\/system\/docker.service.bak\"<\/span><\/span>\r\ncp<\/span> \"<\/span>$DOCKER_SERVICE_FILE<\/span>