Created
August 26, 2015 21:57
-
-
Save anokun7/805f2c74189757dea00e to your computer and use it in GitHub Desktop.
Docker Trusted Registry - Initial login
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DTR uses SSL certificates in addition to a login/password to login. | |
The steps to use openssl to create a self-signed certificate as below: | |
1. First create a private key (myserver.key) and a certificate signing request (server.csr) | |
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr | |
2. Finally create the SSL certificate (server.crt) using the csr and private key just created: | |
openssl x509 -req -days 365 -in server.csr -signkey myserver.key -out server.crt | |
3. In the DTR web interface, go to Settings -> Security and paste the contents of the SSL certificate | |
and the private key in the appropriate text areas. | |
Now when running the docker login command, you should be able to login using the credentials provided: | |
$>> docker login engine.docker.demo | |
Username: anoop | |
Password: | |
Email: abc@anoop.com | |
WARNING: login credentials saved in /home/vagrant/.dockercfg. | |
Login Succeeded |
On CentOS [These have been tested to work].
Ensure DNS is setup or /etc/hosts file updated on all hosts. All hosts should be able to resolve the DTR host`
export DOMAIN_NAME=<DNS of DTR>
sudo update-ca-trust enable
openssl s_client -connect $DOMAIN_NAME:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee /etc/pki/ca-trust/source/anchors/$DOMAIN_NAME.crt
sudo update-ca-trust extract
sudo systemctl restart docker.service
docker login --username=anoop --password=password --email=anoop@abc.com $DOMAIN_NAME
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
openssl genrsa -aes256 -out ca-key.pem 4096
openssl req -key ca-key.pem -new -x509 -days 365 -sha256 -out ca-cert.pem
openssl genrsa -aes256 -out
hostname -f.pem 4096
openssl req -new -sha256 -key
hostname -f.pem -out
hostname -f.csr.pem
The output should be similar to the below: