docker_api https fix for secured docker

app/functions.sh

@@ -201,6 +201,14 @@ function docker_api {
     else
         scheme="http://${DOCKER_HOST#*://}"
     fi
+
+    if [[ -v DOCKER_TLS_VERIFY && -v DOCKER_CERT_PATH && ! -z "$DOCKER_TLS_VERIFY" ]]; then
+        curl_opts+=(--cert ${DOCKER_CERT_PATH}/cert.pem)
+        curl_opts+=(--key ${DOCKER_CERT_PATH}/key.pem)
+        curl_opts+=(--cacert ${DOCKER_CERT_PATH}/ca.pem)
+        scheme="https://${DOCKER_HOST#*://}"
+    fi
+
     [[ $method = "POST" ]] && curl_opts+=(-H 'Content-Type: application/json')
     curl "${curl_opts[@]}" -X "${method}" "${scheme}$1"
 }

docs/Container-configuration.md

@@ -24,3 +24,11 @@ You can also create test certificates per container (see [Test certificates](./L
 * `REUSE_PRIVATE_KEYS` - Set it to `true` to make `simp_le` reuse previously generated private key for each certificate instead of creating a new one on certificate renewal. Recommended if you intend to use [HPKP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning) (please not however that HPKP has been deprecated by Google's Chrome and that its use is therefore not recommended).
 
 * `DHPARAM_BITS` - Change the size of the Diffie-Hellman key generated by the container from the default value of 2048 bits. For example `--env DHPARAM_BITS=1024` to support some older clients like Java 6 and 7.
+
+## Optional docker host configuration
+* `DOCKER_HOST` - set the host for docker. Must include the scheme (`unix://`, `http://` or `https://`)
+
+If the docker host daemon socket is [protected](https://docs.docker.com/engine/security/https/):
+
+* `DOCKER_TLS_VERIFY` - set it to value `1` if the docker host requires client TLS authentication
+* `DOCKER_CERT_PATH` - path to TLS client certificates for the docker host. This folder should contain `cert.pem`, `key.pem` and `ca.pem` files. See [Create a CA, server and client keys with OpenSSL](https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl)