Using self-signed certificates (self-signed certificate creation private registry) _docker

1. Environment

1) Ubuntu14.04

2) Docker 1.12.0

2, in the Ubuntu14.04 virtual machine installed Docker 1.12.0, this experiment to create two virtual machines, The IP is 192.168.110.137 and 192.168.110.138, where 192.168.110.138 's hostname is ip-192-168-110-138.ec2.internal, and the hosts in 192.168.110.138 The following records are added to this

192.168.110.138 ip-192-168-110-138 ip-192-168-110-138.ec2.internal

3. Environment configuration

1) Configuration of 192.168.110.138

Add the following in/etc/default/docker:

docker_opts= "--label com.example.db=mysql-  h tcp://0.0.0.0:2375-h unix:///var/run/docker.sock"

2) 192.168.110.138 configuration. Create/etc/docker/certs.d/ip-192-168-110-138.ec2.internal:5000/

3 192.168.110.138 configuration (self-signed certificate, in the/home directory to do the following operations)

> mkdir-p certs &&-newkey rsa:4096-nodes-sha256-keyout/certs/domain.key >-x509-days 365-out /CERTS/DOMAIN.CRT generating a 4096 bit RSA private key .... + + ....... ...... ...... ...... ...... ....... ...... ...... ... ... + + writing new private key to '/certs/domain.key '-----and you are are about to the ".". + +. + +. + +. + + + * * *. + + *. + *

Be asked to enter information that would be incorporated into your certificate request.

What you are about to enter the What is called a distinguished Name or a DN. There are quite a few fields but can leave some blank for some fields There would be a default value, If you enter '.

', the field would be left blank. -----Country Name (2 letter code) [XX]:CN State or province name (full name) []:BJ locality name (eg. city) [Default C ITY]:BJ organization name (eg, company) [Default company Ltd]:star organizational unit Name (eg, section) []:cloud Comm On Name (eg, your name or your server ' s hostname) []:ip-192-168-110-138.ec2.internal Email Address []:a@a.com 

4) Configuration of 192.168.110.138

Copy the Domain.crt file in the/home/certs directory to the/etc/docker/certs.d/ip-192-168-110-138.ec2.internal:5000/directory and change its name to CA.CRT

5) Configuration of 192.168.110.137

Add the following in/etc/default/docker:

docker_opts= "--label com.example.db=mysql-h tcp://0.0.0.0:2375-h Unix:///var/run/docker.sock"

5) Configuration of 192.168.110.137

Copy the Domain.crt file in the/home/certs directory to the/etc/docker/certs.d/ip-192-168-110-138.ec2.internal:5000/directory and change its name to CA.CRT

6) 192.168.110.137 configuration, add the following content in the Hosts file

192.168.110.138 ip-192-168-110-138 ip-192-168-110-138.ec2.internal

2. Experiment

1 perform Docker pull on the 192.168.110.138 virtual machine registry:2.4.1

2 perform the following operations on the 192.168.110.138 virtual machine (create the container)

Docker run-d-P 5000:5000--name myregistry--restart=always-v/opt/registry/auth/:/auth/-v/opt/registry/certs/  :/certs/-E "registry_auth=htpasswd"-  e Registry_http_tls_key=/certs/domain.key-  e Registry_http_tls_ Certificate=/certs/domain.crt-e "Registry_auth_htpasswd_realm=registry REALM"-  e registry_auth_htpasswd_path= /AUTH/HTPASSWD  -v/opt/registry/:/var/lib/registry/registry:2.4.1  

Note: The host's/opt/auth/htpasswd file is generated as follows:

Docker run--entrypoint htpasswd registry:2.4.1-bbn test test  >>/opt/registry/auth/htpasswd  

The username and password for the login local registry are test and test

3 after successful container creation, then push and pull operation, you need to Docker login operation, enter user name and password. Same

Before the push and pull operation on the 137 machine, you need to do the Docker login operation, then enter the username and password for push and pull.

For