From bef1e695a1d5fd438680a134c5411b2be5ffb398 Mon Sep 17 00:00:00 2001 From: Usha Mandya Date: Thu, 23 Jan 2020 14:41:27 +0000 Subject: [PATCH 1/4] Add info on ssh agent usage --- docker-for-mac/faqs.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docker-for-mac/faqs.md b/docker-for-mac/faqs.md index 3073ef8773e3..01a256471745 100644 --- a/docker-for-mac/faqs.md +++ b/docker-for-mac/faqs.md @@ -76,11 +76,33 @@ We recommend that you publish a port, or connect from another container. You can For more information and examples, see [I want to connect to a container from the Mac](networking.md#i-want-to-connect-to-a-container-from-the-mac) in the [Networking](/docker-for-mac/networking/) topic. +### Can I use an SSH agent inside a container? + +Yes, you can use the host’s SSH agent inside a container. To do this: + +1. Bind mount the SSH agent socket by adding the following parameter to your `docker run` command: + + `-v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock` + +1. Add the `SSH_AUTH_SOCK` environment variable in your container: + + `-e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock"` + +To enable the SSH agent in Docker Compose, add the following flags to your service: + + ``` + volumes: + - /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock + environment: + - SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock + ``` + ### How do I add custom CA certificates? Docker Desktop supports all trusted certificate authorities (CAs) (root or intermediate). For more information on adding server and client side certs, see [Add TLS certificates](/docker-for-mac/index/#adding-tls-certificates) in the Getting Started topic. + ### How do I add client certificates? For information on adding client certificates, see From 5b34e1a4182fc2dd0888bbfc34d266000c523fee Mon Sep 17 00:00:00 2001 From: Usha Mandya Date: Mon, 27 Jan 2020 12:01:02 +0000 Subject: [PATCH 2/4] moved instructions to the networking topic --- docker-for-mac/faqs.md | 19 +------------------ docker-for-mac/networking.md | 23 ++++++++++++++++++++++- 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/docker-for-mac/faqs.md b/docker-for-mac/faqs.md index 01a256471745..d02533a4a067 100644 --- a/docker-for-mac/faqs.md +++ b/docker-for-mac/faqs.md @@ -78,24 +78,7 @@ For more information and examples, see ### Can I use an SSH agent inside a container? -Yes, you can use the host’s SSH agent inside a container. To do this: - -1. Bind mount the SSH agent socket by adding the following parameter to your `docker run` command: - - `-v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock` - -1. Add the `SSH_AUTH_SOCK` environment variable in your container: - - `-e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock"` - -To enable the SSH agent in Docker Compose, add the following flags to your service: - - ``` - volumes: - - /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock - environment: - - SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock - ``` +Yes, you can use the host’s SSH agent inside a container. For more information, see [SSH agent forwarding](/docker-for-mac/networking/#ssh-agent-forwarding). ### How do I add custom CA certificates? diff --git a/docker-for-mac/networking.md b/docker-for-mac/networking.md index c7f8d2110b86..3bb401e8b54c 100644 --- a/docker-for-mac/networking.md +++ b/docker-for-mac/networking.md @@ -39,9 +39,30 @@ $ docker run -p 8000:80 -d nginx Now, connections to `localhost:8000` are sent to port 80 in the container. The syntax for `-p` is `HOST_PORT:CLIENT_PORT`. +### SSH agent forwarding + +Docker Desktop for {{Arch}} allows you to use the host’s SSH agent inside a container. To do this: + +1. Bind mount the SSH agent socket by adding the following parameter to your `docker run` command: + + `-v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock` + +1. Add the `SSH_AUTH_SOCK` environment variable in your container: + + `-e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock"` + +To enable the SSH agent in Docker Compose, add the following flags to your service: + + ``` + volumes: + - /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock + environment: + - SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock + ``` + ### HTTP/HTTPS Proxy Support -See [Proxies](index#proxies). +See [Proxies](/docker-for-mac/index/#proxies). ## Known limitations, use cases, and workarounds From 00df3bac8217b6c23e0a1b10a3f55a4c35da3ef2 Mon Sep 17 00:00:00 2001 From: Usha Mandya Date: Tue, 28 Jan 2020 14:49:34 +0000 Subject: [PATCH 3/4] address review comments --- docker-for-mac/faqs.md | 2 +- docker-for-mac/networking.md | 21 --------------------- docker-for-mac/osxfs.md | 26 ++++++++++++++++++++++++++ 3 files changed, 27 insertions(+), 22 deletions(-) diff --git a/docker-for-mac/faqs.md b/docker-for-mac/faqs.md index d02533a4a067..89ef77882718 100644 --- a/docker-for-mac/faqs.md +++ b/docker-for-mac/faqs.md @@ -78,7 +78,7 @@ For more information and examples, see ### Can I use an SSH agent inside a container? -Yes, you can use the host’s SSH agent inside a container. For more information, see [SSH agent forwarding](/docker-for-mac/networking/#ssh-agent-forwarding). +Yes, you can use the host’s SSH agent inside a container. For more information, see [SSH agent forwarding](/docker-for-mac/osxfs/#ssh-agent-forwarding). ### How do I add custom CA certificates? diff --git a/docker-for-mac/networking.md b/docker-for-mac/networking.md index 3bb401e8b54c..b0309556948f 100644 --- a/docker-for-mac/networking.md +++ b/docker-for-mac/networking.md @@ -39,27 +39,6 @@ $ docker run -p 8000:80 -d nginx Now, connections to `localhost:8000` are sent to port 80 in the container. The syntax for `-p` is `HOST_PORT:CLIENT_PORT`. -### SSH agent forwarding - -Docker Desktop for {{Arch}} allows you to use the host’s SSH agent inside a container. To do this: - -1. Bind mount the SSH agent socket by adding the following parameter to your `docker run` command: - - `-v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock` - -1. Add the `SSH_AUTH_SOCK` environment variable in your container: - - `-e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock"` - -To enable the SSH agent in Docker Compose, add the following flags to your service: - - ``` - volumes: - - /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock - environment: - - SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock - ``` - ### HTTP/HTTPS Proxy Support See [Proxies](/docker-for-mac/index/#proxies). diff --git a/docker-for-mac/osxfs.md b/docker-for-mac/osxfs.md index 46bb98d29dc4..11e433991c39 100644 --- a/docker-for-mac/osxfs.md +++ b/docker-for-mac/osxfs.md @@ -153,6 +153,32 @@ Extended attributes are not yet supported. `osxfs` does not use OSXFUSE. `osxfs` does not run under, inside, or between macOS userspace processes and the macOS kernel. +### SSH agent forwarding + +Docker Desktop for Mac allows you to use the host’s SSH agent inside a container. To do this: + +1. Bind mount the SSH agent socket by adding the following parameter to your `docker run` command: + + `--mount type=bind,src=/run/host-services/ssh-auth.sock,target=/run/host-services/ssh-auth.sock` + +1. Add the `SSH_AUTH_SOCK` environment variable in your container: + + `-e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock"` + +To enable the SSH agent in Docker Compose, add the following flags to your service: + + ```yaml +services: + web: + image: nginx:alpine + volumes: + - type: bind + source: /run/host-services/ssh-auth.sock + target: /run/host-services/ssh-auth.sock + environment: + - SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock + ``` + ### Performance issues, solutions, and roadmap > See **[Performance tuning for volume mounts (shared filesystems)](osxfs-caching.md)** From e35b388c1f64393a00ea81bb92111bd9200279cf Mon Sep 17 00:00:00 2001 From: Usha Mandya Date: Tue, 28 Jan 2020 15:06:30 +0000 Subject: [PATCH 4/4] removed an extra line in the faq --- docker-for-mac/faqs.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-for-mac/faqs.md b/docker-for-mac/faqs.md index 89ef77882718..10b0b5a05153 100644 --- a/docker-for-mac/faqs.md +++ b/docker-for-mac/faqs.md @@ -85,7 +85,6 @@ Yes, you can use the host’s SSH agent inside a container. For more information Docker Desktop supports all trusted certificate authorities (CAs) (root or intermediate). For more information on adding server and client side certs, see [Add TLS certificates](/docker-for-mac/index/#adding-tls-certificates) in the Getting Started topic. - ### How do I add client certificates? For information on adding client certificates, see