Rodando o servidor
$ docker-compose up prod
__Gerando uma imagem para o registry __
docker tag mageddo/<image>:<version> reg.mageddo.com:5000/mageddo/<image>:<version>
Ignore a validez do certificado
~~Solucao 1~~
$ sudo cp certs/reg.mageddo.com.crt /etc/docker/certs.d/reg.mageddo.com:5000/ca.crt
$ sudo service docker restart
Thank you, that also worked for me. Equivalent steps on Ubuntu/Debian:
Copy CA cert to /usr/local/share/ca-certificates.
/usr/local/share/ca-certificates
└── reg.mageddo.com.crt
sudo update-ca-certificates
sudo service docker restart
Logue no registry da mageddo
$ docker login reg.mageddo.com:5000 # dados de login estão dentro do arquivo `files/auth-info.jpg`
Username: mageddo
Password: *****
Login Succeeded
Faça enfim o push
$ docker push reg.mageddo.com:5000/mageddo/<image>:<version>
creating server certificate
$mkdir -p certs && openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/reg.mageddo.com.key \
-x509 -days 365 -out certs/reg.mageddo.com.crt
Generating a 4096 bit RSA private key
.......................................................................++
.....................................................................++
writing new private key to 'certs/reg.mageddo.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:reg.mageddo.com
Email Address []:
then copy these certificates to the registry
remember to remove all files inside /var/lib/registry folder (if the hostname has changed)
#### listar catalogs
$ curl -k -X GET "https://mageddo:docker%40forever@hub.mageddo.com:5000/v2/_catalog"
{"repositories":["mageddo/docker"]}
#### listar tags
curl -k -X GET "https://mageddo:docker%40forever@reg.mageddo.com:5000/v2/mageddo/docker/tags/list"
{"name":"mageddo/docker","tags":["1.0.6"]}
#### api
https://docs.docker.com/registry/spec/api/
Quando usar o nginx pode desligar todas as envs da imagem do registry, nao precisa instalar os certificados la, soh no nginx
Exemplo full
server {
listen 443;
server_name reg.mageddo.com;
ssl on;
ssl_certificate /data/nginx/hub/certs/reg.mageddo.com.crt;
ssl_certificate_key /data/nginx/hub/certs/reg.mageddo.com.key;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
location / {
auth_basic "Restricted";
auth_basic_user_file /data/nginx/hub/auth/mg-registry.htpasswd;
proxy_pass http://mg-registry:5000;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170
proxy_read_timeout 900;
}
location /_ping {
auth_basic off;
proxy_pass http://mg-registry:5000;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170
proxy_read_timeout 900;
}
location /v1/_ping {
auth_basic off;
proxy_pass http://mg-registry:5000;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170
proxy_read_timeout 900;
}
}
keywords
certificate commands, certificados, docker registry