Skip to content

Instantly share code, notes, and snippets.

@PieterScheffers
Last active October 29, 2023 18:26
Show Gist options
  • Save PieterScheffers/63e4c2fd5553af8a35101b5e868a811e to your computer and use it in GitHub Desktop.
Save PieterScheffers/63e4c2fd5553af8a35101b5e868a811e to your computer and use it in GitHub Desktop.
Start docker registry with letsencrypt certificates (Linux Ubuntu)
#!/usr/bin/env bash
# install docker
# https://docs.docker.com/engine/installation/linux/ubuntulinux/
# install docker-compose
# https://docs.docker.com/compose/install/
# install letsencrypt
# https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
# Generate SSL certificate for domain
/opt/letsencrypt/letsencrypt-auto certonly --keep-until-expiring --standalone -d domain.example.com --email info@example.com
# Setup letsencrypt certificates renewing
line="30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/letsencrypt-renew.log"
(crontab -u root -l; echo "$line" ) | crontab -u root -
# Rename SSL certificates
# https://community.letsencrypt.org/t/how-to-get-crt-and-key-files-from-i-just-have-pem-files/7348
cd /etc/letsencrypt/live/domain.example.com/
cp privkey.pem domain.key
cat cert.pem chain.pem > domain.crt
chmod 777 domain.crt
chmod 777 domain.key
# https://docs.docker.com/registry/deploying/
docker run -d -p 5000:5000 --restart=always --name registry \
-v /etc/letsencrypt/live/domain.example.com:/certs \
-v /opt/docker-registry:/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
# List images
# https://domain.example.com/v2/_catalog
@devandroid
Copy link

thanks

@czende
Copy link

czende commented Nov 13, 2017

Better Install letsencrypt with
apt-get install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

@dinoba
Copy link

dinoba commented Dec 7, 2017

After renew you have to do "Rename SSL certificates" again and restart docker

@dalsh
Copy link

dalsh commented Dec 9, 2017

chmod 777 domain.key

This does not look like a good idea ..?

@casimiro
Copy link

casimiro commented Feb 1, 2018

Maybe it would be better to change the owner of domain.key instead of opening its permissions, right?

@chrisshroba
Copy link

Instead of cat cert.pem chain.pem > domain.crt, I think you can just do cp fullchain.pem domain.crt. I'd love it if someone else could confirm this though!

@dc0d
Copy link

dc0d commented Aug 26, 2018

How to add usernames and passwords?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment