Avoid Nirjon
Avoid Nirjon

Reputation: 21

ssl certificate for private docker repository

I know about starting a Containerized private registry with TLS enabled. And copying domain.crt to other docker hosts to access the registry.

I have a private Container registry server is already running (not as Container, but from the office) and I can login using username, password. How Can I use it with ssl certificate?

I know I can generate a CA certificate. But, how to upload the private key to registry. Like, using ssh, where we upload the key to Gitlab, and the public key in Host machine.

Or how can I download the domain.crt file from the registry to docker host?

What am I missing?

Thanks and regards

Upvotes: 0

Views: 1070

Answers (1)

Miguel Marques
Miguel Marques

Reputation: 2866

I played with it a couple of years ago and got it working with nginx, with a configuration along this lines:

{
upstream private-docker-registry {
 server docker_registry:5000;
}

server {
 listen 443 ssl;
 listen 80;
 server_name mydockerregistry.com;

 ssl_certificate /etc/nginx/certs/mydockerregistry.com.crt;
 ssl_certificate_key /etc/nginx/certs/mydockerregistry.com.key;

 proxy_set_header Host       $http_host;   # required for Docker client sake
 proxy_set_header X-Real-IP  $remote_addr; # pass on real client IP

 client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

 # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
 chunked_transfer_encoding on;

 location / {
     # let Nginx know about our auth file
     auth_basic              "Restricted";
     auth_basic_user_file    /etc/nginx/authentication/docker-registry.htpasswd;

     proxy_pass http://private-docker-registry;
 }
 location /_ping {
     auth_basic off;
     proxy_pass http://private-docker-registry;
 }
 location /v1/_ping {
     auth_basic off;
     proxy_pass http://private-docker-registry;
 }

Create an htpasswd file for authentication, in this example I called it docker-registry.htpasswd

Then run an nginx image linking to docker registry container, in this example call it docker_registry, in this nginx configuration example, it will be listening on port 5000, to run the nginx container will be something like this:

sudo docker run -d \
    --name="nginx_docker_registry" \
    -p 443:443 \
    -p 80:80 \
    --link my_docker_registry_container_name:docker_registry \
    -v "path_to_htpasswd_file_in_host:/etc/nginx/authentication:ro" \
    -v "path_to_certificates_in_host:/etc/nginx/certs:ro" \
    -v "path_to_nginx_conf_in_host:/etc/nginx/nginx.conf:ro" \
    nginx

Upvotes: 1

Related Questions