Testing the private registry in my test lab.
Configured the docker node name to resolve with local domain (local BIND server)
The node resolves from other hosts in the system
CLI:/# ping dockerstd1.ajnouri.com
PING dockerstd1.ajnouri.com (192.168.0.149) 56(84) bytes of data.
64 bytes from 192.168.0.149 (192.168.0.149): icmp_seq=1 ttl=64 time=7.30 ms
64 bytes from 192.168.0.149 (192.168.0.149): icmp_seq=2 ttl=64 time=2.35 ms
64 bytes from 192.168.0.149 (192.168.0.149): icmp_seq=3 ttl=64 time=21.2 ms
^C
— dockerstd1.ajnouri.com ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.352/10.310/21.271/8.010 ms
CLI:/# ping myregistry.ajnouri.com
PING myregistry.ajnouri.com (192.168.0.149) 56(84) bytes of data.
64 bytes from 192.168.0.149 (192.168.0.149): icmp_seq=1 ttl=64 time=11.1 ms
64 bytes from 192.168.0.149 (192.168.0.149): icmp_seq=2 ttl=64 time=7.39 ms
64 bytes from 192.168.0.149 (192.168.0.149): icmp_seq=3 ttl=64 time=11.4 ms
64 bytes from 192.168.0.149 (192.168.0.149): icmp_seq=4 ttl=64 time=16.9 ms
^C
— myregistry.ajnouri.com ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 7.392/11.715/16.902/3.393 ms
CLI:/#
locally on the docker node itself:
[ajn@dockerstd1 ~]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.0.149 dockerstd1.ajnouri.com dockerstd1
192.168.0.149 myregistry.ajnouri.com myregistry
Created the directories auth & certs
Generated the key & the signed certificate
openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/dockerrepo.key -x509 -days 365 -out certs/dockerrepo.crt -subj /CN=myregistry.ajnouri.com
Generating a 4096 bit RSA private key
…++
…++
writing new private key to ‘certs/dockerrepo.key’
ls -la certs
total 8
drwxrwxr-x. 2 ajn ajn 50 Jan 24 23:41 .
drwx------. 4 ajn ajn 152 Jan 24 23:48 …
-rw-rw-r–. 1 ajn ajn 1822 Jan 24 23:41 dockerrepo.crt
-rw-rw-r–. 1 ajn ajn 3272 Jan 24 23:41 dockerrepo.key
Created /etc/docker/certs.d/myregistry.ajnouri.com:500 directory & copied the dockerrepo.crt as ca.crt
[root@dockerstd1 ajn]# cd /etc/docker/certs.d/myregistry.ajnouri.com:500
[root@dockerstd1 myregistry.ajnouri.com:500]# ls
ca.crt
[root@dockerstd1 myregistry.ajnouri.com:500]#
Pulled registry:2 and generated the password:
docker pull registry:2
docker run --entrypoint htpasswd registry:2 -Bbn test password > auth/htpasswd[ajn@dockerstd1 ~]$ cat auth/htpasswd
test:$2y$05$/BOR/wulAZPapwcZDIj.LugyqdtyFby29zb9jmblhEbN9tW8hWnV6
[ajn@dockerstd1 ~]$
Run the registry with all the prameters:
[ajn@dockerstd1 ~]$ docker run -d -p 5000:5000 -v /home/ajn/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dockerrepo.crt -e REGISTRY_HTTP_TLS_KEY=/certs/dockerrepo.key -v /home/ajn/auth:/auth -e REGISTRY_AUTH=htpasswd -e REGISTRY_AUTH_HTPASSWD_REALM=“Registry Realm” -e REGISTRY_AUTH_HTPASSWD_PATH=/home/ajn/auth/htpasswd registry:2
2f03cf41e0f05f6d4eee30160af7128a402dd92d6bd4573475b88500b5e02de1
[ajn@dockerstd1 ~]$
pulled busybox
docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
57310166fe88: Pull complete
Digest: sha256:1669a6aa7350e1cdd28f972ddad5aceba2912f589f19a090ac75b7083da748db
Status: Downloaded newer image for busybox:latest
Tagged it
docker tag busybox myregistry.ajnouri.com:5000/my-busybox
[ajn@dockerstd1 ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 5b0d59026729 31 hours ago 1.15MB
myregistry.ajnouri.com:5000/my-busybox latest 5b0d59026729 31 hours ago 1.15MB
registry 2 d1fd7d86a825 2 weeks ago 33.3MB
So far it looks OK.
But when I try to log:
docker login myregistry.ajnouri.com:5000/my-busybox
Username: test
Password:
Error response from daemon: Get https://myregistry.ajnouri.com:5000/v2/: x509: certificate signed by unknown authority