starred/uptime-kuma

Fork 0

mirror of https://github.com/louislam/uptime-kuma.git synced 2026-03-02 22:57:00 -05:00

How to setup remote docker hosts with a TLS certificate? #1585

New issue

Closed

opened 2026-02-28 02:26:18 -05:00 by deekerman · 4 comments

deekerman commented

2026-02-28 02:26:18 -05:00

Owner

Originally created by @FastHogi on GitHub (Nov 26, 2022).

⚠️ Please verify that this bug has NOT been raised before.

I checked and didn't find similar issue

🛡️ Security Policy

I agree to have read this project Security Policy

📝 Describe your problem

First of all, thank you very much for this beautiful peace of software. I'm using it since a couple of month now without any big issues.

I'm monitoring multiple remote machines which are running different docker containers. I'm able to access these containers via docker remote port 2375 successfully. But port 2375 is not protected by default, which is a security risk. Now I protected my docker sockets with a TLS certificate as decribed here.

In WhatUpDocker I can access the socket with a TLS client certifacte successfully with the follwing docker-compose settings:

version: '3'
services:
  whatsupdocker:
    image: fmartinou/whats-up-docker:latest
    container_name: whatsupdocker
    restart: always
    volumes:
      - /data/certificates/ca-public.pem:/tmp/ca-public.pem
      - /data/certificates/client-certificate.pem:/tmp/client-certificate.pem
      - /data/certificates/client-key.pem:/tmp/client-key.pem
    ports:
      - 3010:3000
    environment:
      - TZ=Europe/Berlin
      - WUD_WATCHER_PILIVE_CRON=4 4 * * *
      - WUD_WATCHER_PILIVE_HOST=192.168.1.20
      - WUD_WATCHER_PILIVE_PORT=2376
      - WUD_WATCHER_PILIVE_CAFILE=/tmp/ca-public.pem
      - WUD_WATCHER_PILIVE_CERTFILE=/tmp/client-certificate.pem
      - WUD_WATCHER_PILIVE_KEYFILE=/tmp/client-key.pem

But I can't figure out, how to use the same TLS client certificate files in Uptime Kuma. I tried the following docker-compose settings for Uptime-Kuma without success:

version: '3'
services:
  uptime-kuma:
    image: louislam/uptime-kuma
    container_name: uptime-kuma
    restart: always
    ports:
      - 3001:3001
    volumes:
      - /data/uptime-kuma:/app/data
      - /data/uptime-kuma/certs/ca-public.pem:/app/data/certs/ca-public.pem
      - /data/uptime-kuma/certs/client-certificate.pem:/app/data/certs/client-certificate.pem
      - /data/uptime-kuma/certs/client-key.pem:/app/data/certs/client-key.pem
    environment:
      - NODE_EXTRA_CA_CERTS=/app/data/certs/ca-public.pem
      - SSL_CERT=/app/data/certs/client-certificate.pem
      - SSL_KEY=/app/data/certs/client-key.pem

If I change the docker daemon setting in the docker host setup dialog from http://192.168.1.20:2375 to https://192.168.1.20:2376 I only get a "socket hang up" error messages. The WIKI page "How to Monitor Docker Containers" isn't explaining, how we can use Port 2376 with a TLS certificate.

It would be great, if we could have 3 more options to browse for the TLS files in the dialog, if I would select a "HTTPS" in the drop-down box. Or as an alternative to set these as an environment var.

How can I use my TLS client certificate? Any help is appreciated.

🐻 Uptime-Kuma Version

1.18.5

💻 Operating System and Arch

Ubuntu 22.04.1 LTS / Raspberry Pi 3b + Pi 4

🌐 Browser

Firefox 107

🐋 Docker Version

Docker 20.10.12

🟩 NodeJS Version

No response

Originally created by @FastHogi on GitHub (Nov 26, 2022). ### ⚠️ Please verify that this bug has NOT been raised before. - [X] I checked and didn't find similar issue ### 🛡️ Security Policy - [X] I agree to have read this project [Security Policy](https://github.com/louislam/uptime-kuma/security/policy) ### 📝 Describe your problem First of all, thank you very much for this beautiful peace of software. I'm using it since a couple of month now without any big issues. I'm monitoring multiple remote machines which are running different docker containers. I'm able to access these containers via docker remote port 2375 successfully. But port 2375 is not protected by default, which is a security risk. Now I protected my docker sockets with a TLS certificate as [decribed here](https://docs.docker.com/engine/security/protect-access/#use-tls-https-to-protect-the-docker-daemon-socket). In WhatUpDocker I can access the socket with a TLS client certifacte successfully with the follwing docker-compose settings: ``` version: '3' services: whatsupdocker: image: fmartinou/whats-up-docker:latest container_name: whatsupdocker restart: always volumes: - /data/certificates/ca-public.pem:/tmp/ca-public.pem - /data/certificates/client-certificate.pem:/tmp/client-certificate.pem - /data/certificates/client-key.pem:/tmp/client-key.pem ports: - 3010:3000 environment: - TZ=Europe/Berlin - WUD_WATCHER_PILIVE_CRON=4 4 * * * - WUD_WATCHER_PILIVE_HOST=192.168.1.20 - WUD_WATCHER_PILIVE_PORT=2376 - WUD_WATCHER_PILIVE_CAFILE=/tmp/ca-public.pem - WUD_WATCHER_PILIVE_CERTFILE=/tmp/client-certificate.pem - WUD_WATCHER_PILIVE_KEYFILE=/tmp/client-key.pem ``` But I can't figure out, how to use the same TLS client certificate files in Uptime Kuma. I tried the following docker-compose settings for Uptime-Kuma without success: ``` version: '3' services: uptime-kuma: image: louislam/uptime-kuma container_name: uptime-kuma restart: always ports: - 3001:3001 volumes: - /data/uptime-kuma:/app/data - /data/uptime-kuma/certs/ca-public.pem:/app/data/certs/ca-public.pem - /data/uptime-kuma/certs/client-certificate.pem:/app/data/certs/client-certificate.pem - /data/uptime-kuma/certs/client-key.pem:/app/data/certs/client-key.pem environment: - NODE_EXTRA_CA_CERTS=/app/data/certs/ca-public.pem - SSL_CERT=/app/data/certs/client-certificate.pem - SSL_KEY=/app/data/certs/client-key.pem ``` If I change the docker daemon setting in the docker host setup dialog from `http://192.168.1.20:2375` to `https://192.168.1.20:2376` I only get a "socket hang up" error messages. The [WIKI page "How to Monitor Docker Containers"](https://github.com/louislam/uptime-kuma/wiki/How-to-Monitor-Docker-Containers) isn't explaining, how we can use Port 2376 with a TLS certificate. It would be great, if we could have 3 more options to browse for the TLS files in the dialog, if I would select a "HTTPS" in the drop-down box. Or as an alternative to set these as an environment var. How can I use my TLS client certificate? Any help is appreciated. ### 🐻 Uptime-Kuma Version 1.18.5 ### 💻 Operating System and Arch Ubuntu 22.04.1 LTS / Raspberry Pi 3b + Pi 4 ### 🌐 Browser Firefox 107 ### 🐋 Docker Version Docker 20.10.12 ### 🟩 NodeJS Version _No response_

deekerman

2026-02-28 02:26:18 -05:00

closed this issue
added the
help
label

deekerman commented

2026-02-28 02:26:23 -05:00

Author

Owner

@BuxtonCalvin commented on GitHub (Jan 16, 2023):

I have the exact same issue. I'd like to be able to somehow add client certs to the remote docker connection set up. As it is, I can't access the remote docker server with http or https as I'm strictly using https for other apps that connect to a remote docker service on my local lan.

@BuxtonCalvin commented on GitHub (Jan 16, 2023): I have the exact same issue. I'd like to be able to somehow add client certs to the remote docker connection set up. As it is, I can't access the remote docker server with http or https as I'm strictly using https for other apps that connect to a remote docker service on my local lan.

deekerman commented

2026-02-28 02:26:24 -05:00

Author

Owner

@marekful commented on GitHub (Feb 27, 2023):

This isn't going to work currently as that would require using mutual TLS on the client side to connect to docker hosts. This also implies a new admin section where you can upload docker client certificates and since these certificates are per host, you'd need to be able to upload these for multiple hosts and then during a Docker Host Setup process in Kuma you would assign a client certificate to a host so in the future the selected client certificate would be used for the given docker host.

+1 for this feature request!

@marekful commented on GitHub (Feb 27, 2023): This isn't going to work currently as that would require using mutual TLS on the client side to connect to docker hosts. This also implies a new admin section where you can upload docker client certificates and since these certificates are per host, you'd need to be able to upload these for multiple hosts and then during a Docker Host Setup process in Kuma you would assign a client certificate to a host so in the future the selected client certificate would be used for the given docker host. +1 for this feature request!

deekerman commented

2026-02-28 02:26:24 -05:00

Author

Owner

@github-actions[bot] commented on GitHub (May 28, 2023):

We are clearing up our old issues and your ticket has been open for 3 months with no activity. Remove stale label or comment or this will be closed in 2 days.

@github-actions[bot] commented on GitHub (May 28, 2023): We are clearing up our old issues and your ticket has been open for 3 months with no activity. Remove stale label or comment or this will be closed in 2 days.

deekerman commented

2026-02-28 02:26:24 -05:00

Author

Owner

@lcasale commented on GitHub (May 28, 2023):

I'm not sure if the feature is missing or instructions are unclear, but I would like to know how to do this as well

@lcasale commented on GitHub (May 28, 2023): I'm not sure if the feature is missing or instructions are unclear, but I would like to know how to do this as well

deekerman referenced this issue

2026-02-28 02:41:16 -05:00

[status page] Option to display only monitors that are down #2044

deekerman referenced this issue

2026-02-28 02:45:59 -05:00

Auto order Left Panel #2187