Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Start docker registry with letsencrypt certificates (Linux Ubuntu)
#!/usr/bin/env bash
# install docker
# https://docs.docker.com/engine/installation/linux/ubuntulinux/
# install docker-compose
# https://docs.docker.com/compose/install/
# install letsencrypt
# https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
# Generate SSL certificate for domain
/opt/letsencrypt/letsencrypt-auto certonly --keep-until-expiring --standalone -d domain.example.com --email info@example.com
# Setup letsencrypt certificates renewing
line="30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/letsencrypt-renew.log"
(crontab -u root -l; echo "$line" ) | crontab -u root -
# Rename SSL certificates
# https://community.letsencrypt.org/t/how-to-get-crt-and-key-files-from-i-just-have-pem-files/7348
cd /etc/letsencrypt/live/domain.example.com/
cp privkey.pem domain.key
cat cert.pem chain.pem > domain.crt
chmod 777 domain.crt
chmod 777 domain.key
# https://docs.docker.com/registry/deploying/
docker run -d -p 5000:5000 --restart=always --name registry \
-v /etc/letsencrypt/live/domain.example.com:/certs \
-v /opt/docker-registry:/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
# List images
# https://domain.example.com/v2/_catalog
@devandroid

This comment has been minimized.

Copy link

@devandroid devandroid commented Aug 18, 2017

thanks

@czende

This comment has been minimized.

Copy link

@czende czende commented Nov 13, 2017

Better Install letsencrypt with
apt-get install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

@dinoba

This comment has been minimized.

Copy link

@dinoba dinoba commented Dec 7, 2017

After renew you have to do "Rename SSL certificates" again and restart docker

@dalsh

This comment has been minimized.

Copy link

@dalsh dalsh commented Dec 9, 2017

chmod 777 domain.key

This does not look like a good idea ..?

@casimiro

This comment has been minimized.

Copy link

@casimiro casimiro commented Feb 1, 2018

Maybe it would be better to change the owner of domain.key instead of opening its permissions, right?

@chrisshroba

This comment has been minimized.

Copy link

@chrisshroba chrisshroba commented Jun 27, 2018

Instead of cat cert.pem chain.pem > domain.crt, I think you can just do cp fullchain.pem domain.crt. I'd love it if someone else could confirm this though!

@dc0d

This comment has been minimized.

Copy link

@dc0d dc0d commented Aug 26, 2018

How to add usernames and passwords?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment