Is there a preferred way of adding custom registry certificates into docker-machines? Certificates have to be placed into
/etc/docker/certs.d/<hostname>/ca.crt (as described in https://docs.docker.com/articles/certificates/). Unfortunately
/etc/docker is owned by root, so
docker-machine scp cannot be used (because it runs as
My current solution is to pipe the contents of the certificate (and a mkdir command) to
docker-machine ssh, but it is a bit ugly, and these changes are lost whenever docker-machine restarts.
echo "sudo mkdir -p /etc/docker/certs.d/my-registry.com; \
echo "\""$(cat ~/certs/my-registry.crt)"\"" | \
sudo tee -a /etc/docker/certs.d/my-registry.com/ca.crt" \
| docker-machine ssh my-machine
Is there a better solution / how can I persist these changes? Could something be added as an option to
docker-machine create (to be consistent with
--engine-insecure-registry) and/or as an additional command?