forked from TrueCloudLab/distribution
Minor fixes
Signed-off-by: Olivier Gambier <olivier@docker.com>
This commit is contained in:
parent
56ff32c683
commit
c405f3717a
1 changed files with 11 additions and 15 deletions
|
@ -1,13 +1,12 @@
|
||||||
<!--GITHUB
|
<!--GITHUB
|
||||||
page_title: Deploying a registry server
|
page_title: Deploying a registry server
|
||||||
page_description: Explains how to deploy a registry server
|
page_description: Explains how to deploy a registry server
|
||||||
page_keywords: registry, service, images, repository
|
page_keywords: registry, service, images, repository, deploy
|
||||||
IGNORES-->
|
IGNORES-->
|
||||||
|
|
||||||
|
|
||||||
# Deploying a registry server
|
# Deploying a registry server
|
||||||
|
|
||||||
You obviously need to [install Docker](https://docs.docker.com/installation/) (remember you need Docker version 1.6.0 or newer).
|
You obviously need to [install Docker](https://docs.docker.com/installation/) (remember you need **Docker version 1.6.0 or newer**).
|
||||||
|
|
||||||
## Getting started in 2 lines
|
## Getting started in 2 lines
|
||||||
|
|
||||||
|
@ -25,32 +24,29 @@ That's it.
|
||||||
|
|
||||||
You can now tag an image and push it:
|
You can now tag an image and push it:
|
||||||
|
|
||||||
$ docker tag ubuntu localhost:5000/batman/ubuntu
|
$ docker pull ubuntu && docker tag ubuntu localhost:5000/batman/ubuntu
|
||||||
$ docker push localhost:5000/batman/ubuntu
|
$ docker push localhost:5000/batman/ubuntu
|
||||||
|
|
||||||
Then pull it:
|
Then pull it back:
|
||||||
|
|
||||||
$ docker pull localhost:5000/batman/ubuntu
|
$ docker pull localhost:5000/batman/ubuntu
|
||||||
|
|
||||||
|
|
||||||
## Making your Registry available
|
## Making your Registry available
|
||||||
|
|
||||||
Now that your registry works on localhost, you probably want to make it available as well to other hosts.
|
Now that your registry works on `localhost`, you probably want to make it available as well to other hosts.
|
||||||
|
|
||||||
Let assume your registry is accessible via the domain name `myregistrydomain.com` (still on port `5000`).
|
Let assume your registry is accessible via the domain name `myregistrydomain.com` (still on port `5000`).
|
||||||
|
|
||||||
If you try to `docker pull myregistrydomain.com:5000/batman/ubuntu`, you will see the following error message:
|
If you try to `docker pull myregistrydomain.com:5000/batman/ubuntu`, you will see the following error message:
|
||||||
|
|
||||||
```
|
```
|
||||||
FATA[0000] Error response from daemon: v1 ping attempt failed with error: Get
|
FATA[0000] Error response from daemon: v1 ping attempt failed with error: Get https://myregistrydomain.com:5000/v1/_ping: tls: oversized record received with length 20527. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry myregistrydomain.com:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt
|
||||||
https://nonregistry:5000/v1/_ping: dial tcp: lookup nonregistry: no such host. If
|
|
||||||
this private registry supports only HTTP or HTTPS with an unknown CA certificate,
|
|
||||||
please add `--insecure-registry nonregistry:5000` to the daemon's arguments. In
|
|
||||||
the case of HTTPS, if you have access to the registry's CA certificate, no need
|
|
||||||
for the flag; simply place the CA certificate at /etc/docker/certs.d/nonregistry:5000/ca.crt
|
|
||||||
```
|
```
|
||||||
|
|
||||||
You basically have three different options to comply with docker security requirements here.
|
If trying to reach a non `localhost` registry, Docker requires that you secure it using https, or make it explicit that you want to run an insecure registry.
|
||||||
|
|
||||||
|
You basically have three different options to comply with that security requirement here.
|
||||||
|
|
||||||
### 1. buy a SSL certificate for your domain
|
### 1. buy a SSL certificate for your domain
|
||||||
|
|
||||||
|
@ -87,7 +83,7 @@ docker run -d -p 5000:5000 \
|
||||||
|
|
||||||
This basically tells Docker to entirely disregard security for your registry.
|
This basically tells Docker to entirely disregard security for your registry.
|
||||||
|
|
||||||
1. edit the file `/etc/default/docker` so that there is a line that reads: `DOCKER_OPTS="--insecure-registry myregistrydomain:5000"` (or add that to existing `DOCKER_OPTS`)
|
1. edit the file `/etc/default/docker` so that there is a line that reads: `DOCKER_OPTS="--insecure-registry myregistrydomain.com:5000"` (or add that to existing `DOCKER_OPTS`). Restart docker.
|
||||||
2. restart your Docker daemon: on ubuntu, this is usually `service docker stop && service docker start`
|
2. restart your Docker daemon: on ubuntu, this is usually `service docker stop && service docker start`
|
||||||
|
|
||||||
**Pros:**
|
**Pros:**
|
||||||
|
@ -113,7 +109,7 @@ Be sure to use the name `myregistrydomain.com` as a CN.
|
||||||
|
|
||||||
Now go to solution 1 above and stop and restart your registry.
|
Now go to solution 1 above and stop and restart your registry.
|
||||||
|
|
||||||
Then you have to instruct every docker daemon to trust that certificate. This is done by copying the `domain.crt` file to `/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt`
|
Then you have to instruct every docker daemon to trust that certificate. This is done by copying the `domain.crt` file to `/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt` (don't forget to restart docker after doing so).
|
||||||
|
|
||||||
**Pros:**
|
**Pros:**
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue