Intranet deployment support for SSL-enabled Docker registry

Source: Internet
Author: User
Tags docker run docker registry

First need to use the domain name or hostname to create a certificate, self-signed certificate network can be used, because the intranet can eliminate trust problems, since the visa book process can refer to the use of self-signed certificate configuration Nginx HTTPS.


Certificate production completed we started to deploy registry, the current registry V2 version has been released, so we use the V2 version of the deployment test, before deployment needs to run Docker daemon

1, the production of the certificate copy to/ETC/DOCKER/CERTS.D/${DOMAIN}/CA.CRT, note that the directory of domain is the name of registry or hostname, but also the production of the certificate when the input common name.

#] CP WEB1.CRT/ETC/DOCKER/CERTS.D/WEB1\:5000/CA.CRT

Then restart the Docker daemon

2, pull the official registry image

#] Docker pull Registry:2 # # Docker Pull Registry:latest

3. Run Registry container:

#] Docker run-d-P 5000:5000--restart=always--name registry \

-v/root/ssl:/certs \

-e registry_http_tls_certificate=/certs/web1.crt \

-E registry_http_tls_key=/certs/web1.key \

Registry:2

Note: The parameter-v/root/ssl is the directory where the certificate resides

4. Test push the image to the warehouse

Label the image you want to push to the warehouse

#] Docker tag Registry:2 web1:5000/registry


Push image

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/85/A6/wKiom1eq7cjT4x6_AAAqo9L1WSw012.png-wh_500x0-wm_3 -wmp_4-s_2457449142.png "title=" s4cmc}w[v@}q$h3]qv[' L_8.png "alt=" Wkiom1eq7cjt4x6_aaaqo9l1wsw012.png-wh_50 "/>

After the push is finished, you can use the Docker pull web1:5000/registry locally


5, pull the mirror on another machine, first need to copy the certificate to this machine's/etc/docker/certs.d/web1:5000/directory

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/85/A5/wKioL1eq7orBoK7bAAAMPzuQ9EE828.png-wh_500x0-wm_3 -wmp_4-s_3039521549.png "title=" Ek438oc%reipm@9$2%lqzdt.png "alt=" Wkiol1eq7orbok7baaampzuq9ee828.png-wh_50 "/>

Rename the CA.CRT, and then restart the Docker daemon

Execute the Docker pull web1:5000/registry command:

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/85/A6/wKiom1eq7vuifA_cAAAcDXlUV2A924.png-wh_500x0-wm_3 -wmp_4-s_1219924322.png "title="]rpet$y ' 1bt061@}y) 0x_r7.png "alt=" Wkiom1eq7vuifa_caaacdxluv2a924.png-wh_50 "/>

Pull succeeds, registry deployment is complete.


Problems encountered: X509:certificate signed by unknown authority when push and pull are present: 650 this.width=650; src= http://s2.51cto.com/ Wyfs02/m00/85/a6/wkiom1eq71vgqttnaaauwgqnlbi963.png-wh_500x0-wm_3-wmp_4-s_3187326942.png "title=" EEGC8QX0M% Bgfmb6fiqa[9f.png "alt=" Wkiom1eq71vgqttnaaauwgqnlbi963.png-wh_50 "/>

The main reason is that the certificate is not copied to the/etc/docker/certs.d/web1:5000 directory, and the certificate needs to be renamed to CA.CRT.

Of course you have to make sure that you have no problem with your visa.


This article is from the "JC" blog, be sure to keep this source http://jackeychen.blog.51cto.com/7354471/1836602

Intranet deployment support for SSL-enabled Docker registry

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.