作者 主題: [docker] Enable TLS on private docker registry on CentOS 7  (閱讀 4493 次)

0 會員 與 1 訪客 正在閱讀本文。

netman

  • 管理員
  • 俺是博士!
  • *****
  • 文章數: 17484
    • 檢視個人資料
    • http://www.study-area.org
Ref: https://docs.docker.com/registry/insecure/

Prerequisite:
* Docker service installed and running
* Private CA and server key/certs are already on CA server

Steps:

#-- Registry Host --#
mkdir -p /etc/docker/certs
cp /etc/pki/tls/private/dokcerhub.example.com.key /etc/docker/certs
cd /etc/docker/certs
cat /etc/pki/tls/certs/dokcerhub.example.com.crt /etc/pki/CA/cacert.pem > dokcerhub.example.com.crt
docker run -d -p 5000:5000 --restart=always --name registry -v /etc/docker/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dokcerhub.example.com.crt -e REGISTRY_HTTP_TLS_KEY=/certs/dokcerhub.example.com.key registry:2
docker ps    # to make sure registry is UP

#-- Docker Host --#
mkdir -p /etc/docker/certs.d/dokcerhub.example.com:5000
scp  dokcerhub.example.com:/etc/pki/CA/cacert.pem /etc/docker/certs.d/dokcerhub.example.com:5000/ca.crt
cp /etc/docker/certs.d/dokcerhub.example.com:5000/ca.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
systemctl restart docker
docker pull ubuntu
docker tag ubuntu dokcerhub.example.com:5000/ubuntu
docker push ubuntu dokcerhub.example.com:5000/ubuntu

netman

  • 管理員
  • 俺是博士!
  • *****
  • 文章數: 17484
    • 檢視個人資料
    • http://www.study-area.org
如果是用 Let'sEncrypt 的憑證,可以參考:
http://phorum.study-area.org/index.php/topic,71615.0.html