Skip to content

Instantly share code, notes, and snippets.

@mmbakker

mmbakker/setup_docker_registry.sh

Last active December 2, 2019 08:03
Show Gist options
  • Save mmbakker/0978c31f66cd82b5030a73107bb88851 to your computer and use it in GitHub Desktop.
Save mmbakker/0978c31f66cd82b5030a73107bb88851 to your computer and use it in GitHub Desktop.
Download ZIP
Docker registry setup on CentOS 7 including LetsEncrypt SSL
Raw
setup_docker_registry.sh
#!/usr/bin/env bash
#
# Base taken from https://gist.github.com/gadelkareem/04d93219a81fe57a95433366407995d6
# Simplified and modified for CentOS 7
#
# ***
# Replace all instances of <domain.name> with the domain name you're using for this.
# ***
#
# Oh, and it's untested. :D
#
# -e: exit immediately when a command fails.
# -u: treat unset (undefined) variables as an error and exit.
# -x: print each command before executing it (helps in debugging).
# -o pipefail: take the exitcode from the rightmost command that failed, instead of the last
# command in the script.
set -euxo pipefail
sudo su
####
# 1. INSTALLING DOCKER ON CENTOS 7
#
# @see https://docs.docker.com/install/linux/docker-ce/centos/
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2 && \
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# To install the latest version of docker CE:
# (GPG: 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35)
yum install docker-ce docker-ce-cli containerd.io
# To install a specific version of docker CE:
#
#yum list docker-ce --showduplicates | sort -r
#yum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io
#
# Start docker
systemctl start docker
# Optionally verify that docker runs:
#
#docker run hello-world
#
# This command downloads a test image and runs it in a container. When the container runs,
# it prints an informational message and exits.
#
# 2. INSTALL NGINX + CERTBOT
#
# I also need nginx as a proxy, so I'm installing that together with certbot.
yum install epel-release && \
yum install nginx && \
systemctl start nginx
# Update the firewall to allow http and https traffic:
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
### add hostname to nginx vhost, see /etc/nginx/conf.d/<hostname>.conf
# Install certbot-nginx
yum install certbot-nginx
# Update iptables
iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# Generate certificate for <domain.name>:
certbot --nginx -d <domain.name>
# TODO: check this:
#certbot certonly --standalone --preferred-challenges http --non-interactive --staple-ocsp --agree-tos -m <mail@domain.name> -d <domain.name>
# Create key and crt files:
cd /etc/letsencrypt/live/<domain.name> && \
cp privkey.pem domain.key && \
cat cert.pem chain.pem > domain.crt && \
chmod 777 domain.*
# Create a test user:
mkdir -p /mnt/docker-registry
docker run --entrypoint htpasswd registry:latest -Bbn testuser testpass > /mnt/docker-registry/passfile
# Run!
docker run -d -p 443:5000 --restart=always --name registry \
-v /etc/letsencrypt/live/<domain.name>:/certs \
-v /mnt/docker-registry:/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e REGISTRY_AUTH=htpasswd \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/var/lib/registry/passfile \
registry:latest
# List images
curl https://testuser:testpass@<domain.name>/v2/_catalog
# Thanks to Waleed Gadelkareem (https://gist.github.com/gadelkareem).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment