Last active
October 29, 2023 18:26
-
-
Save PieterScheffers/63e4c2fd5553af8a35101b5e868a811e to your computer and use it in GitHub Desktop.
Start docker registry with letsencrypt certificates (Linux Ubuntu)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# install docker | |
# https://docs.docker.com/engine/installation/linux/ubuntulinux/ | |
# install docker-compose | |
# https://docs.docker.com/compose/install/ | |
# install letsencrypt | |
# https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 | |
# Generate SSL certificate for domain | |
/opt/letsencrypt/letsencrypt-auto certonly --keep-until-expiring --standalone -d domain.example.com --email info@example.com | |
# Setup letsencrypt certificates renewing | |
line="30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/letsencrypt-renew.log" | |
(crontab -u root -l; echo "$line" ) | crontab -u root - | |
# Rename SSL certificates | |
# https://community.letsencrypt.org/t/how-to-get-crt-and-key-files-from-i-just-have-pem-files/7348 | |
cd /etc/letsencrypt/live/domain.example.com/ | |
cp privkey.pem domain.key | |
cat cert.pem chain.pem > domain.crt | |
chmod 777 domain.crt | |
chmod 777 domain.key | |
# https://docs.docker.com/registry/deploying/ | |
docker run -d -p 5000:5000 --restart=always --name registry \ | |
-v /etc/letsencrypt/live/domain.example.com:/certs \ | |
-v /opt/docker-registry:/var/lib/registry \ | |
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ | |
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ | |
registry:2 | |
# List images | |
# https://domain.example.com/v2/_catalog |
Better Install letsencrypt with
apt-get install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
After renew you have to do "Rename SSL certificates" again and restart docker
chmod 777 domain.key
This does not look like a good idea ..?
Maybe it would be better to change the owner of domain.key
instead of opening its permissions, right?
Instead of cat cert.pem chain.pem > domain.crt
, I think you can just do cp fullchain.pem domain.crt
. I'd love it if someone else could confirm this though!
How to add usernames and passwords?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thanks