|
Docker :Use Docker-Registry#2
2015/12/17 |
|
This is the settings for accessing to Registry Server with HTTPS.
This example shows to configure to use Apache httpd. |
|
| [1] | |
| [2] | Create a directory under the /etc/docker/certs.d on each Docker Node which name is just the one you specified for "Common Name" when creating certificates, and next, transfer "xxx.crt" file on Registry Server to the directory. Furthermore, if you created self signed certificates, Transfer "ca-bundle.crt", too. |
|
[root@node01 ~]# ll /etc/docker/certs.d/dlp.srv.world total 268 -r--r--r-- 1 root root 266702 Dec 18 11:09 ca-bundle.crt -rw-r--r-- 1 root root 1334 Dec 18 11:09 server.crt
[root@node01 ~]#
vi /etc/sysconfig/docker # line 23: comment out # INSECURE_REGISTRY='--insecure-registry dlp.srv.world:5000'
systemctl restart docker
|
| [3] | |
| [4] | |
| [5] | Configure httpd on Docker-Registry Server like follows. |
|
[root@dlp ~]#
vi /etc/httpd/conf.d/docker-registry.conf # create new
ProxyRequests off
ProxyPreserveHost on
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
<Location />
AuthType Basic
AuthName "Basic Authentication"
AuthUserFile /etc/httpd/conf/.htpasswd
require valid-user
</Location>
[root@dlp ~]#
[root@dlp ~]# htpasswd -c /etc/httpd/conf/.htpasswd cent New password: Re-type new password: Adding password for user cent systemctl restart httpd
|
| [6] | It's OK all. Access to Registry Server from any Docker Nodes with HTTPS. |
|
# login with a user which is added by htpasswd [root@node01 ~]# docker login dlp.srv.world Username: cent Password: Email: WARNING: login credentials saved in /root/.docker/config.json Login Succeeded docker tag web_server dlp.srv.world/webserver [root@node01 ~]# docker push dlp.srv.world/webserver [root@node01 ~]# docker search dlp.srv.world/web INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED srv.world dlp.srv.world/library/webserver 0 |