From f34fc088f28119ad990b95e6ceb04c6201a64ef2 Mon Sep 17 00:00:00 2001
From: sthope <sthope@git.sthope>
Date: Thu, 2 Sep 2021 23:38:26 +0200
Subject: [PATCH] Add
 'docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls'

---
 .../portainer/setup-dockerapi-slave-withtls   | 56 +++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls

diff --git a/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls b/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls
new file mode 100644
index 0000000..7dd4f12
--- /dev/null
+++ b/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls
@@ -0,0 +1,56 @@
+#!/bin/bash
+###################################
+############ by Sthope ############
+###################################
+
+#### USAGE
+# bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls)"
+#
+
+openssl genrsa -out key.pem 4096
+
+MY_IP=$(ip -4 route get 8.8.8.8 | awk {'print $7'} | tr -d '\n')
+
+openssl req -subj "/CN=$MY_IP" -new -key key.pem -out client.csr
+
+echo extendedKeyUsage = clientAuth > extfile-client.cnf
+
+openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
+  -CAcreateserial -out cert.pem -extfile extfile-client.cnf
+
+chmod -v 0400 ca-key.pem key.pem server-key.pem
+chmod -v 0444 ca.pem server-cert.pem cert.pem
+
+mkdir ~/.certs
+cp ca.pem ~/.certs
+cp server-cert.pem ~/.certs
+cp server-key.pem ~/.certs
+
+p(){
+	port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) ))
+	while :
+	do
+		(echo >/dev/tcp/localhost/$port) &>/dev/null &&  port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) )) || break
+	done
+	echo "$port"
+}
+
+mkdir -p /etc/systemd/system/docker.service.d/
+
+cat << EOF > /etc/systemd/system/docker.service.d/startup_options.conf
+# /etc/systemd/system/docker.service.d/override.conf
+[Service]
+ExecStart=
+ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/home/pi/.certs/ca.pem --tlscert=/home/pi/.certs/server-cert.pem --tlskey=/home/pi/.certs/server-key.pem -H fd:// -H tcp://0.0.0.0:$(p)
+EOF
+
+systemctl daemon-reload
+systemctl restart docker.service
+clear
+
+
+echo "######################################################################"
+echo "############################# by Sthope ##############################"
+echo "######################################################################"
+echo "You can now connect Portainer to this host at port: $(p)"
+cat /etc/systemd/system/docker.service.d/startup_options.conf
\ No newline at end of file