我知道啓用啓用了TLS的Containerized私有註冊表。並將domain.crt複製到其他碼頭主機以訪問註冊表。私人碼頭存儲庫的SSL證書
我有一個私人的容器註冊表服務器已經運行(不是容器,但從辦公室),我可以使用用戶名,密碼登錄。我如何使用SSL證書?
我知道我可以生成一個CA證書。但是,如何將私鑰上傳到註冊表。就像使用ssh,我們將密鑰上傳到Gitlab,以及主機中的公鑰一樣。
或者我該如何從註冊表中下載domain.crt文件到docker主機?
我錯過了什麼?
感謝和問候
我用它幾年前玩過,得到它與nginx的工作,隨着該線路的配置:
{
upstream private-docker-registry {
server docker_registry:5000;
}
server {
listen 443 ssl;
listen 80;
server_name mydockerregistry.com;
ssl_certificate /etc/nginx/certs/mydockerregistry.com.crt;
ssl_certificate_key /etc/nginx/certs/mydockerregistry.com.key;
proxy_set_header Host $http_host; # required for Docker client sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client IP
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
location/{
# let Nginx know about our auth file
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/authentication/docker-registry.htpasswd;
proxy_pass http://private-docker-registry;
}
location /_ping {
auth_basic off;
proxy_pass http://private-docker-registry;
}
location /v1/_ping {
auth_basic off;
proxy_pass http://private-docker-registry;
}
創建認證的htpasswd文檔,在此舉例我稱它爲docker-registry.htpasswd
然後運行一個鏈接到docker註冊表容器的nginx圖像,在這個例子中調用它docker_registry,在這個nginx配置示例中,它將監聽端口5000,運行nginx容器將是這樣的:
sudo docker run -d \
--name="nginx_docker_registry" \
-p 443:443 \
-p 80:80 \
--link my_docker_registry_container_name:docker_registry \
-v "path_to_htpasswd_file_in_host:/etc/nginx/authentication:ro" \
-v "path_to_certificates_in_host:/etc/nginx/certs:ro" \
-v "path_to_nginx_conf_in_host:/etc/nginx/nginx.conf:ro" \
nginx