Install certificate on Centos 7 for docker registry access -

-

we have docker registry setup, has security. normally, in order access it, developer's perspective, have long docker login --username=someuser --password=somepassword --email user@domain.com https://docker-registry.domain.com.

however, since trying automatized deployment of docker container in cloud, 1 of operations, docker pull command, fails because login not performed (it works if add login in template, that's bad).

i suggested use certificate allow pull being done (.crt file). tried installing certificate using steps explained here: https://www.linode.com/docs/security/ssl/ssl-apache2-centos

but not seem work, still have manual login in order able perform docker pull registry.

is there way can replace login command use of certificate?

as see, it's wrong url ssl authentication between docker server , private registry server.

you can follow this:

running domain registry

while running on localhost has uses, people want registry more available. so, docker engine requires secure using tls, conceptually similar configuring web server ssl.

get certificate

assuming own domain myregistrydomain.com, , dns record points host running registry, first need certificate ca.

create certs directory:

 mkdir -p certs

then move and/or rename crt file to: certs/domain.crt, , key file to: certs/domain.key.

make sure stopped registry previous steps, start registry again tls enabled:

docker run -d -p 5000:5000 --restart=always --name registry \   -v `pwd`/certs:/certs \   -e registry_http_tls_certificate=/certs/domain.crt \   -e registry_http_tls_key=/certs/domain.key \   registry:2

you should able access registry docker host:

docker pull ubuntu docker tag ubuntu myregistrydomain.com:5000/ubuntu docker push myregistrydomain.com:5000/ubuntu docker pull myregistrydomain.com:5000/ubuntu

gotcha

a certificate issuer may supply intermediate certificate. in case, must combine certificate intermediate's form certificate bundle. can using cat command:

cat domain.crt intermediate-certificates.pem > certs/domain.crt

Comments

Post a Comment

Popular posts from this blog

how to insert data php javascript mysql with multiple array session 2 -

-
i have method method discussed , successful data entered 1 when more 1 can not database this programs my php form : <form class="form-horizontal" id="form-produk"> <div class="control-group" > <label class="control-label" for="kelas">kategori</label> <div class="controls"> <select class='form-control' name='id_kategori'> <?php $tampil=mysql_query("select * kategori order nama_kategori"); if ($id_kat==0){ echo "<option value=0 selected>- pilih kategori -</option>"; } while($w=mysql_fetch_array($tampil)){ if ($id_kat==$w[id_kategori]){ echo "<option value=$w[id_kategori] selected>$w[nama_kategori]</option>"; } else{ echo "<option value=$w[id_kategori]>$...
Read more

multithreading - Exception in Application constructor -

-
i wanna write snake game javafx , there exception don't know , want know how fix it. ( know it's not complete yet ) and want know , class extends application ( start override ) main in other programs? see , here not static void main bc didn't need, if want add main shoud do? it's exeption... exception in application constructor exception in thread "main" java.lang.nosuchmethodexception: main_snake.main([ljava.lang.string;) @ java.lang.class.getmethod(class.java:1819) @ com.intellij.rt.execution.application.appmain.main(appmain.java:125) and code : import javafx.animation.animationtimer; import javafx.application.application; import javafx.event.eventhandler; import javafx.scene.scene; import javafx.scene.canvas.canvas; import javafx.scene.canvas.graphicscontext; import javafx.scene.input.keyevent; import javafx.scene.layout.borderpane; import javafx.scene.paint.color; import javafx.stage.stage; import java.util.arraylist; /** * creat...
Read more

windows - CertCreateCertificateContext returns CRYPT_E_ASN1_BADTAG / 8009310b -

-
i realize similar post others (e.g. this one ), there details missing posts might significant case. to start with, here's simplified program: #include "stdafx.h" #include <windows.h> #include <wincrypt.h> int _tmain(int argc, _tchar* argv[]) { // usage: certextract certpath char keyfile[] = "c:\\certificates\\public.crt"; byte lp[65536]; security_attributes sa; handle hkeyfile; dword bytes; pccert_context certcontext; sa.nlength = sizeof(sa); sa.lpsecuritydescriptor = null; sa.binherithandle = false; hkeyfile = createfile(keyfile, generic_read, file_share_read, &sa, open_existing, file_attribute_normal, null); if (hkeyfile) { if (readfile(hkeyfile, lp, getfilesize(hkeyfile, null), &bytes, null) && bytes > 0) { certcontext = certcreatecertificatecontext(x509_asn_encoding, lp, bytes); if (certcontext) { printf("yay...
Read more