mkdir -p auth
htpasswd -Bbn testuser testpassword > auth/htpasswd
mkdir -p certs
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
Be sure to use the "right" name as a CN, e.g. myregistrydomain.com or here: (gtn.fritz.box)
Copy domain.crt to /etc/docker/certs.d/gtn.fritz.box:5000/ca.crt, otherwise the login will complain about "Error response from daemon: Get https://gtn.fritz.box:5000/v2/: x509: certificate signed by unknown authority
"
root@gtn gtn.fritz.box:5000]# pwd
/etc/docker/certs.d/gtn.fritz.box:5000
[root@gtn gtn.fritz.box:5000]# ls -la
-rw-r--r-- 1 root root 1996 Sep 1 21:23 ca.crt
Run the thingy with a bunch of funny options
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
Dienstag, 1. September 2020
Creating a very unsecure but working "proxy" registry
Abonnieren
Kommentare zum Post (Atom)
Keine Kommentare:
Kommentar veröffentlichen