Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a new parameter to have an option to choose TCP socket creation #62

Closed
wants to merge 7 commits into from
Closed

Add a new parameter to have an option to choose TCP socket creation #62

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8df2d94
Add a new parameter to have an option to choose TCP socket creation
deepikas20 Mar 15, 2024
e61911d
Update Readme file
deepikas20 Mar 18, 2024
3d16a12
Update Readme file
deepikas20 Mar 18, 2024
4fa48d1
Ensure that TLS mode is only active when TCP socket is set to "yes"
deepikas20 Mar 19, 2024
b51517c
Removing unneccessary content
deepikas20 Mar 19, 2024
f2136d6
Dont't start dockerd when no sockets revert TLS runs with IPC
deepikas20 Mar 20, 2024
135e5c5
Update based on the latest refactoring
deepikas20 Mar 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 21 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ this is the recommended way to install this ACAP.
> Meanwhile, the solution is to allow root to be able to install the Docker Compose ACAP.
>
> On the web page of the device:
>
> 1. Go to the Apps page, toggle on `Allow root-privileged apps`.
> 1. Go to System -> Account page, under SSH accounts toggle off `Restrict root access` to be able to send the TLS certificates. Make sure to set the password of the `root` SSH user.

Expand Down Expand Up @@ -76,21 +77,35 @@ It's also possible to build and use a locally built image. See the

## Securing the Docker Compose ACAP using TLS

The Docker Compose ACAP can be run either unsecured or in TLS mode. The Docker Compose ACAP uses
TLS as default. Use the "Use TLS" dropdown in the web interface to switch
between the two different modes. It's also possible to toggle this option by
calling the parameter management API in [VAPIX](https://www.axis.com/vapix-library/) and setting the
`root.dockerdwrapperwithcompose.UseTLS` parameter to `yes` or `no`. The following commands would
enable TLS:
The Docker Compose ACAP application can be run in either TLS mode or unsecured mode. The Docker Compose
ACAP application uses TLS mode by default. These modes can be used with or without TCP and IPC sockets.
It should be noted that if TCP and IPC sockets are not enabled, Dockerd will not start.

Use the "Use TLS" and "TCP Socket" dropdowns in the web interface to switch between the
two different modes(yes/no). Whenever these settings change, the Docker daemon will automatically restart.
It's also possible to toggle this option by calling the parameter management API in [VAPIX](https://www.axis.com/vapix-library/)
and setting `root.dockerdwrapperwithcompose.UseTLS` and `root.dockerdwrapperwithcompose.TCPSocket` parameters
to `yes` or `no`. The following commands would enable those parameters:

```sh
DEVICE_IP=<device ip>
DEVICE_PASSWORD='<password>'
```

Enable TLS:

```sh
curl -s --anyauth -u "root:$DEVICE_PASSWORD" \
"http://$DEVICE_IP/axis-cgi/param.cgi?action=update&root.dockerdwrapperwithcompose.UseTLS=yes"
```

Enable TCP Socket:

```sh
curl -s --anyauth -u "root:$DEVICE_PASSWORD" \
"http://$DEVICE_IP/axis-cgi/param.cgi?action=update&root.dockerdwrapperwithcompose.TCPSocket=yes"
```

Note that the dockerd service will be restarted every time TLS is activated or
deactivated. Running the ACAP using TLS requires some additional setup, see next chapter.
Running the ACAP without TLS requires no further setup.
Expand Down
Loading
Loading