From 46a763d92ce5fc4a53313ba1f2ee7960c99542a6 Mon Sep 17 00:00:00 2001
From: Miaha Cybersec <miahacybersec@gmail.com>
Date: Thu, 9 May 2024 06:32:03 +0000
Subject: [PATCH] Add buildkit mTLS-over-TCP docs

Signed-off-by: Miaha Cybersec <miahacybersec@gmail.com>
---
 website/docs/custom-address.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/website/docs/custom-address.md b/website/docs/custom-address.md
index a5d22f38..961fe690 100644
--- a/website/docs/custom-address.md
+++ b/website/docs/custom-address.md
@@ -63,3 +63,32 @@ copa patch \
     -t 1.21.6-patched \
     -a tcp://0.0.0.0:$BUILDKIT_PORT
 ```
+
+### Option 5: Buildkit over TCP with mTLS
+
+```bash
+export BUILDKIT_VERSION=v0.12.4
+export BUILDKIT_PORT=8888
+docker run \
+    --detach \
+    --rm \
+    --privileged \
+    -p 127.0.0.1:$BUILDKIT_PORT:$BUILDKIT_PORT/tcp \
+    --name buildkitd \
+    --entrypoint buildkitd \
+    -v $PWD/.certs:/etc/buildkit/certs \
+    "moby/buildkit:$BUILDKIT_VERSION" \
+    --addr tcp://0.0.0.0:$BUILDKIT_PORT \
+    --tlscacert /etc/buildkit/certs/daemon/ca.pem \
+    --tlscert /etc/buildkit/certs/daemon/cert.pem \
+    --tlskey /etc/buildkit/certs/daemon/key.pem
+
+copa patch \
+    -i docker.io/library/nginx:1.21.6 \
+    -r nginx.1.21.6.json \
+    -t 1.21.6-patched \
+    -a tcp://0.0.0.0:$BUILDKIT_PORT
+    --cacert /path/to/ca-certificate \
+    --cert  /path/to/buildkit/client/cert \
+    --key /path/to/buildkit/key
+```
\ No newline at end of file