Reputation: 981
Securing local docker private registry
I'm trying to create a secure private Docker registry that would work only in the local network and be accessed by IP address. I have read a lot of articles regarding this issue but most of them talk about the need to have a registered domain name that points to a valid public IP address ( where the registry is ) , and then obtaining a certificate for such domain.
I'd like to know if there's a way of creating a docker registry with the following properties:
accessible only from the local network
secured with a valid certificate ( not the self signed certificate which is still considered "insecure" by docker )
How would I obtain a valid certificate for such a registry? I understand that certificates cannot be created for IP addresses alone, but can I generate a certificate for a domain that is registered but doesn't point to any public IP ( I've read something about dns-01 challenge, so I belive it's possible ) and then use that certificate, provided I map the said domain to the local IP of the server in my hosts file.
If this isn't possible, what is the best alternative for creative a secure, local, private docker registry?
Upvotes: 0
Views: 430
Answers (1)
Reputation: 6079
Use Nginx to secure your Docker Registry.
The relevant documentation is here:
https://github.com/docker/distribution/tree/master/contrib/compose
You can use self-signed certificates if you add the root CA to /usr/local/share/ca-certificates and run update-ca-certificates command on the clients.
Upvotes: 2
Related Questions
- Add Insecure Registry to Docker
- Allow one private registry with docker
- Securing local docker registry
- Using private registry hosted on docker
- Docker private registry
- docker private registry within local network
- Docker Mac Beta using insecure Private Registry
- Docker: What is the simplest way to secure a private registry?
- Setting up a remote private Docker registry
- Access control for private docker registry