Instantly share code, notes, and snippets.

Embed
What would you like to do?
Start docker registry with letsencrypt certificates (Linux Ubuntu)
#!/usr/bin/env bash
# install docker
# https://docs.docker.com/engine/installation/linux/ubuntulinux/
# install docker-compose
# https://docs.docker.com/compose/install/
# install letsencrypt
# https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
# Generate SSL certificate for domain
/opt/letsencrypt/letsencrypt-auto certonly --keep-until-expiring --standalone -d domain.example.com --email info@example.com
# Setup letsencrypt certificates renewing
line="30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/letsencrypt-renew.log"
(crontab -u root -l; echo "$line" ) | crontab -u root -
# Rename SSL certificates
# https://community.letsencrypt.org/t/how-to-get-crt-and-key-files-from-i-just-have-pem-files/7348
cd /etc/letsencrypt/live/domain.example.com/
cp privkey.pem domain.key
cat cert.pem chain.pem > domain.crt
chmod 777 domain.crt
chmod 777 domain.key
# https://docs.docker.com/registry/deploying/
docker run -d -p 5000:5000 --restart=always --name registry \
-v /etc/letsencrypt/live/domain.example.com:/certs \
-v /opt/docker-registry:/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
# List images
# https://domain.example.com/v2/_catalog
@devandroid

This comment has been minimized.

Show comment
Hide comment
@devandroid

devandroid commented Aug 18, 2017

thanks

@czende

This comment has been minimized.

Show comment
Hide comment
@czende

czende Nov 13, 2017

Better Install letsencrypt with
apt-get install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

czende commented Nov 13, 2017

Better Install letsencrypt with
apt-get install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

@dinoba

This comment has been minimized.

Show comment
Hide comment
@dinoba

dinoba Dec 7, 2017

After renew you have to do "Rename SSL certificates" again and restart docker

dinoba commented Dec 7, 2017

After renew you have to do "Rename SSL certificates" again and restart docker

@dalsh

This comment has been minimized.

Show comment
Hide comment
@dalsh

dalsh Dec 9, 2017

chmod 777 domain.key

This does not look like a good idea ..?

dalsh commented Dec 9, 2017

chmod 777 domain.key

This does not look like a good idea ..?

@casimiro

This comment has been minimized.

Show comment
Hide comment
@casimiro

casimiro Feb 1, 2018

Maybe it would be better to change the owner of domain.key instead of opening its permissions, right?

casimiro commented Feb 1, 2018

Maybe it would be better to change the owner of domain.key instead of opening its permissions, right?

@chrisshroba

This comment has been minimized.

Show comment
Hide comment
@chrisshroba

chrisshroba Jun 27, 2018

Instead of cat cert.pem chain.pem > domain.crt, I think you can just do cp fullchain.pem domain.crt. I'd love it if someone else could confirm this though!

chrisshroba commented Jun 27, 2018

Instead of cat cert.pem chain.pem > domain.crt, I think you can just do cp fullchain.pem domain.crt. I'd love it if someone else could confirm this though!

@dc0d

This comment has been minimized.

Show comment
Hide comment
@dc0d

dc0d Aug 26, 2018

How to add usernames and passwords?

dc0d commented Aug 26, 2018

How to add usernames and passwords?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment