From 00edb3bbcef75b26da81ae727346074b890dfa96 Mon Sep 17 00:00:00 2001 From: Richard Scothern Date: Tue, 21 Jul 2015 14:10:34 -0700 Subject: [PATCH] Configure TLS for private registry mirrors. If a registry mirror is using TLS, ensure that certs for it are picked up from /etc/docker/certs.d Signed-off-by: Richard Scothern --- docs/service.go | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/docs/service.go b/docs/service.go index 8dda537a..64ea242a 100644 --- a/docs/service.go +++ b/docs/service.go @@ -6,6 +6,7 @@ import ( "fmt" "io/ioutil" "net/http" + "net/url" "os" "path/filepath" "strings" @@ -161,19 +162,31 @@ func (s *Service) TlsConfig(hostname string) (*tls.Config, error) { return &tlsConfig, nil } +func (s *Service) tlsConfigForMirror(mirror string) (*tls.Config, error) { + mirrorUrl, err := url.Parse(mirror) + if err != nil { + return nil, err + } + return s.TlsConfig(mirrorUrl.Host) +} + func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err error) { var cfg = tlsconfig.ServerDefault tlsConfig := &cfg if strings.HasPrefix(repoName, DEFAULT_NAMESPACE+"/") { // v2 mirrors for _, mirror := range s.Config.Mirrors { + mirrorTlsConfig, err := s.tlsConfigForMirror(mirror) + if err != nil { + return nil, err + } endpoints = append(endpoints, APIEndpoint{ URL: mirror, // guess mirrors are v2 Version: APIVersion2, Mirror: true, TrimHostname: true, - TLSConfig: tlsConfig, + TLSConfig: mirrorTlsConfig, }) } // v2 registry @@ -187,13 +200,17 @@ func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err // v1 mirrors // TODO(tiborvass): shouldn't we remove v1 mirrors from here, since v1 mirrors are kinda special? for _, mirror := range s.Config.Mirrors { + mirrorTlsConfig, err := s.tlsConfigForMirror(mirror) + if err != nil { + return nil, err + } endpoints = append(endpoints, APIEndpoint{ URL: mirror, // guess mirrors are v1 Version: APIVersion1, Mirror: true, TrimHostname: true, - TLSConfig: tlsConfig, + TLSConfig: mirrorTlsConfig, }) } // v1 registry