forked from TrueCloudLab/distribution
Add documentation for let's encrypt
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
This commit is contained in:
parent
be2ed961aa
commit
015df6cdea
2 changed files with 45 additions and 0 deletions
|
@ -191,6 +191,9 @@ information about each option that appears later in this page.
|
|||
clientcas:
|
||||
- /path/to/ca.pem
|
||||
- /path/to/another/ca.pem
|
||||
letsencrypt:
|
||||
cachefile: /path/to/cache-file
|
||||
email: emailused@letsencrypt.com
|
||||
debug:
|
||||
addr: localhost:5001
|
||||
headers:
|
||||
|
@ -892,6 +895,9 @@ configuration may contain both.
|
|||
clientcas:
|
||||
- /path/to/ca.pem
|
||||
- /path/to/another/ca.pem
|
||||
letsencrypt:
|
||||
cachefile: /path/to/cache-file
|
||||
email: emailused@letsencrypt.com
|
||||
debug:
|
||||
addr: localhost:5001
|
||||
headers:
|
||||
|
@ -1037,6 +1043,40 @@ and proxy connections to the registry server.
|
|||
</tr>
|
||||
</table>
|
||||
|
||||
### letsencrypt
|
||||
|
||||
The `letsencrypt` struct within `tls` is **optional**. Use this to configure TLS
|
||||
certificates provided by [Let's Encrypt](https://letsencrypt.org/how-it-works/).
|
||||
|
||||
<table>
|
||||
<tr>
|
||||
<th>Parameter</th>
|
||||
<th>Required</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>cachefile</code>
|
||||
</td>
|
||||
<td>
|
||||
yes
|
||||
</td>
|
||||
<td>
|
||||
Absolute path to a file for the Let's Encrypt agent to cache data
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<code>email</code>
|
||||
</td>
|
||||
<td>
|
||||
yes
|
||||
</td>
|
||||
<td>
|
||||
Email used to register with Let's Encrypt.
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
### debug
|
||||
|
||||
|
|
|
@ -88,6 +88,11 @@ A certificate issuer may supply you with an *intermediate* certificate. In this
|
|||
|
||||
cat domain.crt intermediate-certificates.pem > certs/domain.crt
|
||||
|
||||
### Let's Encrypt
|
||||
|
||||
The registry supports using Let's Encrypt to automatically obtain a browser-trusted certificate. For more
|
||||
information on Let's Encrypt, see [https://letsencrypt.org/how-it-works/](https://letsencrypt.org/how-it-works/) and the relevant section of the [registry configuration](configuration.md#letsencrypt).
|
||||
|
||||
### Alternatives
|
||||
|
||||
While rarely advisable, you may want to use self-signed certificates instead, or use your registry in an insecure fashion. You will find instructions [here](insecure.md).
|
||||
|
|
Loading…
Reference in a new issue