Using self-signed certificates (self-signed certificate creation private registry) _docker

Source: Internet
Author: User
Tags auth docker run

1. Environment

1) Ubuntu14.04

2) Docker 1.12.0

2, in the Ubuntu14.04 virtual machine installed Docker 1.12.0, this experiment to create two virtual machines, The IP is 192.168.110.137 and 192.168.110.138, where 192.168.110.138 's hostname is ip-192-168-110-138.ec2.internal, and the hosts in 192.168.110.138 The following records are added to this

192.168.110.138 ip-192-168-110-138 ip-192-168-110-138.ec2.internal

3. Environment configuration

1) Configuration of 192.168.110.138

Add the following in/etc/default/docker:

docker_opts= "--label com.example.db=mysql-  h tcp://0.0.0.0:2375-h unix:///var/run/docker.sock"

2) 192.168.110.138 configuration. Create/etc/docker/certs.d/ip-192-168-110-138.ec2.internal:5000/

3 192.168.110.138 configuration (self-signed certificate, in the/home directory to do the following operations)

> mkdir-p certs &&-newkey rsa:4096-nodes-sha256-keyout/certs/domain.key >-x509-days 365-out /CERTS/DOMAIN.CRT generating a 4096 bit RSA private key .... + + ....... ...... ...... ...... ...... ....... ...... ...... ... ... + + writing new private key to '/certs/domain.key '-----and you are are about to the ".". + +. + +. + +. + + + * * *. + + *. + *

Be asked to enter information that would be incorporated into your certificate request.

What you are about to enter the What is called a distinguished Name or a DN. There are quite a few fields but can leave some blank for some fields There would be a default value, If you enter '.

', the field would be left blank. -----Country Name (2 letter code) [XX]:CN State or province name (full name) []:BJ locality name (eg. city) [Default C ITY]:BJ organization name (eg, company) [Default company Ltd]:star organizational unit Name (eg, section) []:cloud Comm On Name (eg, your name or your server ' s hostname) []:ip-192-168-110-138.ec2.internal Email Address []:a@a.com 

4) Configuration of 192.168.110.138

Copy the Domain.crt file in the/home/certs directory to the/etc/docker/certs.d/ip-192-168-110-138.ec2.internal:5000/directory and change its name to CA.CRT

5) Configuration of 192.168.110.137

Add the following in/etc/default/docker:

docker_opts= "--label com.example.db=mysql-h tcp://0.0.0.0:2375-h Unix:///var/run/docker.sock"

5) Configuration of 192.168.110.137

Copy the Domain.crt file in the/home/certs directory to the/etc/docker/certs.d/ip-192-168-110-138.ec2.internal:5000/directory and change its name to CA.CRT

6) 192.168.110.137 configuration, add the following content in the Hosts file

192.168.110.138 ip-192-168-110-138 ip-192-168-110-138.ec2.internal

2. Experiment

1 perform Docker pull on the 192.168.110.138 virtual machine registry:2.4.1

2 perform the following operations on the 192.168.110.138 virtual machine (create the container)

Docker run-d-P 5000:5000--name myregistry--restart=always-v/opt/registry/auth/:/auth/-v/opt/registry/certs/  :/certs/-E "registry_auth=htpasswd"-  e Registry_http_tls_key=/certs/domain.key-  e Registry_http_tls_ Certificate=/certs/domain.crt-e "Registry_auth_htpasswd_realm=registry REALM"-  e registry_auth_htpasswd_path= /AUTH/HTPASSWD  -v/opt/registry/:/var/lib/registry/registry:2.4.1  

Note: The host's/opt/auth/htpasswd file is generated as follows:

Docker run--entrypoint htpasswd registry:2.4.1-bbn test test  >>/opt/registry/auth/htpasswd  

The username and password for the login local registry are test and test

3 after successful container creation, then push and pull operation, you need to Docker login operation, enter user name and password. Same

Before the push and pull operation on the 137 machine, you need to do the Docker login operation, then enter the username and password for push and pull.

For



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.