This article applies as of PRTG 22

Create Docker certificates with OpenSSL for secure PRTG-Docker communication. Generate CA keys, server keys/certificates, configure Docker, and add sensors in PRTG.

Generating Docker certificate and private key for PRTG

If you add the Docker Container Status sensor, you need to provide a Private Key and a Certificate to request monitoring data from Docker. This approach ensures a secure connection from PRTG to Docker, authenticated by a certificate signed by a trusted certificate authority (CA).

So before you add the sensor, create a certificate and keys with OpenSSL. See How can I use a trusted SSL certificate with the PRTG web interface? for how to install OpenSSL. Of course, if you already have Docker certificates available, you can use one of these.

Find detailed instructions on how to create Docker certificates and keys in the Docker documentation: Protect the Docker daemon socket.

Steps to take

In general, you need to follow these steps:

Generate the CA private and public keys using OpenSSL.
Create the server key and certificate signing request (CSR).
- Ensure that the Common Name matches the hostname used to connect to Docker.
Sign the public key with the CA.
Configure the Docker daemon to accept connections from clients that provide a trusted certificate from your CA, for example:
```
$ dockerd -H tcp://0.0.0.0:2376 -H fd:// --tlsverify=true --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem $other_args
```
- -H tcp:0.0.0.0:2376 makes the Docker API available for all external IP addresses on port 2376. This is the port number that you must provide in section Docker Credentials of the sensor settings.
- -H fd:// makes the API locally available to get the Docker commands to work on the console.
- --tlsverify=true defines that the access is SSL encrypted and that any connecting client must authenticate.
- The certificates and keys (ending with .pem) are used for the authentication of the sensor.

For more details like the exact commands and what you have to additionally consider, see the Docker documentation.

Note: In older Docker versions, the string to accept connections was:

$ docker daemon -H tcp://0.0.0.0:2376 -H fd:// --tlsverify=true --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem

Note: If you have any issues when creating certificates and keys for Docker, contact Docker support.

Add the sensor in PRTG

Now you have everything ready to monitor your Docker containers:

In the Add Sensor dialog, enter the number of the Port you made available for API calls, usually port 2376.
Open the file with the private key that you created before (for example, key.pem) with a text editor. Copy everything that this file contains and paste it into the Private Key field in the sensor settings.
Open the server certificate file (for example, cert.pem) with a text editor. Copy everything that this file contains and paste it into the Certificate field in the sensor settings.

Complete the Add Sensor dialog and PRTG starts to monitor the status of your desired Docker containers.

How can I create private key and certificate for the Docker sensor?

Create Docker certificates with OpenSSL for secure PRTG-Docker communication. Generate CA keys, server keys/certificates, configure Docker, and add sensors in PRTG.

Generating Docker certificate and private key for PRTG

Steps to take

Add the sensor in PRTG

Search

Tags

Related Articles