Scribd
Upload
67 views

Docker Private Registry

This document summarizes the steps to set up a private Docker registry with SSL secured by Let's Encrypt on CentOS 7, including creating directories, installing Docker and related tools, obtaining an SSL certificate from Let's Encrypt, configuring the Docker registry with the SSL certificate and authentication using a username and password.

Uploaded by

Daniel Nuñez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
67 views

Docker Private Registry

This document summarizes the steps to set up a private Docker registry with SSL secured by Let's Encrypt on CentOS 7, including creating directories, installing Docker and related tools, obtaining an SSL certificate from Let's Encrypt, configuring the Docker registry with the SSL certificate and authentication using a username and password.

Uploaded by

Daniel Nuñez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Docker Private Registry + SSL +

Lets Encrypt + Username +


Password
devops

docker private registry


centos 7 설치

도커 설치

폴더 생성
mkdir -p /data/docker/auth
cd /data/docker

lets encrypt ssl 발급받기


sudo bash
sudo curl -L "https://github.com/docker/compose/releases/download
sudo chmod +x /usr/local/bin/docker-compose
sudo yum update
sudo yum install epel-release git -y
sudo yum install python-pip -y
sudo yum install python-virtualenv -y

sudo pip install requests urllib3 pyOpenSSL --force --upgrade

cd /tmp
git clone https://github.com/certbot/certbot.git
cd certbot

./certbot-auto certonly \
--manual \
--preferred-challenges=dns \
--email [email protected] \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
--debug \
--no-bootstrap \
-d registry.publishapi.com

_acme-challenge.registry txt 도메인에 등록하라고 나옴

Please deploy a DNS TXT record under the name


_acme-challenge.UR-DOMAIN.COM with the following value:

h1vJeUEv6AYJu5stnwlLy-xxx

Before continuing, verify the record is deployed.

도메인에 txt 레코드 등록하고 조금기다려서 dns가 업데이트가 되고 나면 엔터

Press Enter to Continue


Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/UR-DOMAIN.COM/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/UR-DOMAIN.COM/privkey.pem
Your cert will expire on 2019-03-23. To obtain a new or tweake
version of this certificate in the future, simply run certbot-
again. To non-interactively renew *all* of your certificates,
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/do


Donating to EFF: https://eff.org/donate-le

발급 됬음

아이디 비번 발급
docker run \
--entrypoint htpasswd \
registry -Bbn USERNAME PASSWORD > /data/docker/auth/htpasswd

도커 실행
cd /data/docker/registry/ vi docker-compose.yml

---
version: "3.3"
services:
registry:
container_name: 'registry'
restart: always
image: registry
privileged: true
ports:
- 5000:5000
environment:
TZ: "America/Los_Angeles"
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_STORAGE_DELETE_ENABLED: "true"
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data/registry
REGISTRY_HTTP_TLS_CERTIFICATE: /etc/letsencrypt/live/UR_DOM
REGISTRY_HTTP_TLS_KEY: /etc/letsencrypt/live/UR_DOMAIN/priv
volumes:
- /data/registry:/data/registry/docker/registry
- /etc/letsencrypt:/etc/letsencrypt
- ./auth:/auth

cd /data/docker/
docker-compose up -d

확인
docker login UR_DOMAIN:5000

이걸 안하면 spinnaker에서 docker image list를 못가져온다.

You might also like