Created
June 9, 2019 13:58
-
-
Save rezamt/c2dddb278fb617362c821135b8dedc3e to your computer and use it in GitHub Desktop.
Setting up Docker Remote Repository
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# On Docker Repo Server - Run docker.io/repository:latest (docker version) | |
mkdir -p /docker_data/images # Docker images | |
mkdir -p /docker_data/certs # Repository SSL Certificate | |
# Get the hostname fqdn | |
hostname -f | |
# creating selfsign certificate | |
cd /docker_data/certs | |
openssl req -newkey rsa:4096 -sha256 -keyout domain.key -x509 -days 365 -out domain.crt | |
# Use the hostname fqdn for common name on your certificate. | |
# Remove the SSL Key password | |
openssl rsa -in domain.key -out domain-nopass.key | |
mv domain-nopass.key domain.key | |
docker run -d -p 6000:5000 --name docker-repo \ | |
-v /docker_data/images:/var/lib/registry \ | |
-v /docker_data/certs:/certs \ | |
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ | |
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ | |
registry:latest | |
# On Sucess your registery should be up and running | |
# All Docker images will be stored under: | |
# /docker_data/images/docker/registry/v2/repositories | |
# Checking an image into repo | |
docker pull centos | |
docker tag centos:latest localhost:5000/centos:latest | |
docker push localhost:5000/centos:latest | |
# Docker Repo Clients | |
# On All Docker Machine (we need repostory public certificate) | |
# Copy the public Repo certificate to Client machine under | |
# The DOCKER-REPO-FQDN is your docker repor FQDN ` hostname -f ` | |
mkdir /etc/docker/cert.d/DOCKER-REPO-FQDN:PORT/ | |
cp domain.crt /etc/docker/certs.d/DOCKER-REPO-FQDN:PORT/ | |
# e.g. machine name: | |
# dcm1.example.internal:5000 | |
# mkdir -p /etc/docker/cert.d/dcm1.example.internal:5000/ | |
# cp domain.crt /etc/docker/cert.d/dcm1.example.internal:5000/domain.crt | |
# docker pull dcm1.example.internal:5000/centos | |
# Note: | |
# Don't forget the port as part of directory name otherwise you will get | |
# Error response from daemon: Get https://dcm1.example.internal:5000/v2/: x509: certificate signed by unknown authority |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Make sure the DNS name on cert and the machine public FQDN matches otherwise it fails to get the docker image.