In this post we will see Create Private Docker Registry with SSL (TLS support)So you will able to push to your own image to secured registry and can pull from it.
Here is the process:
Create Directory
mkdir -p /opt/docker/containers/docker-registry/certs
Create certification
openssl req -newkey rsa:2048 -nodes -sha256 -x509 -days 365 -keyout /opt/docker/containers/docker-registry/certs/docker-registry.key -out /opt/docker/containers/docker-registry/certs/docker-registry.crt
Create Auth Directory
mkdir -p /opt/docker/containers/docker-registry/auth
Create Entrypoint for authentication for registry
docker run --entrypoint htpasswd registry -Bbn docker d0ck3rrU73z > /opt/docker/containers/docker-registry/auth/htpasswd
Create directory for registry
mkdir /opt/docker/containers/docker-registry/registry
Pull Registry image from docker hub
docker pull registry
Check if certs is created with in directory
ls /opt/docker/containers/docker-registry/certs/
o/p: [shrii@worker-node1 ~]$ ls /opt/docker/containers/docker-registry/certs/
docker-registry.crt docker-registry.key
Create registry container with required options
docker run -d --name docker-registry --restart=always -p 443:443 -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -v /opt/docker/containers/docker-registry/registry:/var/lib/registry -v /opt/docker/containers/docker-registry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/docker/containers/docker-registry/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker-registry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/docker-registry.key registry:2
Make temp. domain name in hosts file; for this we need to create cert
vi /etc/hosts
o/p:
192.168.56.109 docker-registry.example.com docker-registry
Check docker process and see if container is running successfully
docker ps
o/p:
[root@worker-node1 shrii]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63bf7013ae03 registry:2 "/entrypoint.sh /e..." 41 minutes ago Up 41 minutes 0.0.0.0:443->443/tcp, 5000/tcp docker-registry
[root@worker-node1 shrii]#
Create directory for where ca cert need to place
mkdir -p /etc/docker/certs.d/docker-registry.example.com:443
Copy CA.cert in the created directory
cp /opt/docker/containers/docker-registry/certs/docker-registry.crt /etc/docker/certs.d/docker-registry.example.com:443/ca.crt
[root@worker-node1 shrii]# ls /etc/docker/certs.d/docker-registry.example.com\:443/
ca.crt
****Steps After creation private registry******
Pull budybox image from docker hub Public
docker pull busybox
Tag the budyboxy image with name
docker tag busybox:latest docker-registry.example.com:443/busybox
Login to Newly created private Docker registry
docker login docker-registry.example.com:443
Push to Newly created private Docker registry
docker push docker-registry.example.com:443/busybox
Check the images
docker images | grep busybox
4 comments:
Thanks for sharing the detailed steps.
hank you for taking the time to provide us with your valuable information. We strive to provide our candidates with excellent care
http://chennaitraining.in/qliksense-training-in-chennai/
http://chennaitraining.in/pentaho-training-in-chennai/
http://chennaitraining.in/machine-learning-training-in-chennai/
http://chennaitraining.in/artificial-intelligence-training-in-chennai/
http://chennaitraining.in/msbi-training-in-chennai/
http://chennaitraining.in/citrix-training-in-chennai/
Great one, post admin will keep it up...
5 Instant Approval Site (DoFollow Backlink)
Excellent blog since I have visited is really awesome. The important thing is that in this blog content written clearly and understandable. The content of information is very informative. We are also providing the best services click on below links to visit our website.
Oracle Fusion HCM Training
Workday Training
Okta Training
Palo Alto Training
Adobe Analytics Training
Post a Comment