Minor fixes
Signed-off-by: Olivier Gambier <olivier@docker.com>
This commit is contained in:
parent
56ff32c683
commit
c405f3717a
@ -1,13 +1,12 @@
|
||||
<!--GITHUB
|
||||
page_title: Deploying a registry server
|
||||
page_description: Explains how to deploy a registry server
|
||||
page_keywords: registry, service, images, repository
|
||||
page_keywords: registry, service, images, repository, deploy
|
||||
IGNORES-->
|
||||
|
||||
|
||||
# Deploying a registry server
|
||||
|
||||
You obviously need to [install Docker](https://docs.docker.com/installation/) (remember you need Docker version 1.6.0 or newer).
|
||||
You obviously need to [install Docker](https://docs.docker.com/installation/) (remember you need **Docker version 1.6.0 or newer**).
|
||||
|
||||
## Getting started in 2 lines
|
||||
|
||||
@ -25,32 +24,29 @@ That's it.
|
||||
|
||||
You can now tag an image and push it:
|
||||
|
||||
$ docker tag ubuntu localhost:5000/batman/ubuntu
|
||||
$ docker pull ubuntu && docker tag ubuntu localhost:5000/batman/ubuntu
|
||||
$ docker push localhost:5000/batman/ubuntu
|
||||
|
||||
Then pull it:
|
||||
Then pull it back:
|
||||
|
||||
$ docker pull localhost:5000/batman/ubuntu
|
||||
|
||||
|
||||
## Making your Registry available
|
||||
|
||||
Now that your registry works on localhost, you probably want to make it available as well to other hosts.
|
||||
Now that your registry works on `localhost`, you probably want to make it available as well to other hosts.
|
||||
|
||||
Let assume your registry is accessible via the domain name `myregistrydomain.com` (still on port `5000`).
|
||||
|
||||
If you try to `docker pull myregistrydomain.com:5000/batman/ubuntu`, you will see the following error message:
|
||||
|
||||
```
|
||||
FATA[0000] Error response from daemon: v1 ping attempt failed with error: Get
|
||||
https://nonregistry:5000/v1/_ping: dial tcp: lookup nonregistry: no such host. If
|
||||
this private registry supports only HTTP or HTTPS with an unknown CA certificate,
|
||||
please add `--insecure-registry nonregistry:5000` to the daemon's arguments. In
|
||||
the case of HTTPS, if you have access to the registry's CA certificate, no need
|
||||
for the flag; simply place the CA certificate at /etc/docker/certs.d/nonregistry:5000/ca.crt
|
||||
FATA[0000] Error response from daemon: v1 ping attempt failed with error: Get https://myregistrydomain.com:5000/v1/_ping: tls: oversized record received with length 20527. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry myregistrydomain.com:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt
|
||||
```
|
||||
|
||||
You basically have three different options to comply with docker security requirements here.
|
||||
If trying to reach a non `localhost` registry, Docker requires that you secure it using https, or make it explicit that you want to run an insecure registry.
|
||||
|
||||
You basically have three different options to comply with that security requirement here.
|
||||
|
||||
### 1. buy a SSL certificate for your domain
|
||||
|
||||
@ -87,7 +83,7 @@ docker run -d -p 5000:5000 \
|
||||
|
||||
This basically tells Docker to entirely disregard security for your registry.
|
||||
|
||||
1. edit the file `/etc/default/docker` so that there is a line that reads: `DOCKER_OPTS="--insecure-registry myregistrydomain:5000"` (or add that to existing `DOCKER_OPTS`)
|
||||
1. edit the file `/etc/default/docker` so that there is a line that reads: `DOCKER_OPTS="--insecure-registry myregistrydomain.com:5000"` (or add that to existing `DOCKER_OPTS`). Restart docker.
|
||||
2. restart your Docker daemon: on ubuntu, this is usually `service docker stop && service docker start`
|
||||
|
||||
**Pros:**
|
||||
@ -113,7 +109,7 @@ Be sure to use the name `myregistrydomain.com` as a CN.
|
||||
|
||||
Now go to solution 1 above and stop and restart your registry.
|
||||
|
||||
Then you have to instruct every docker daemon to trust that certificate. This is done by copying the `domain.crt` file to `/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt`
|
||||
Then you have to instruct every docker daemon to trust that certificate. This is done by copying the `domain.crt` file to `/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt` (don't forget to restart docker after doing so).
|
||||
|
||||
**Pros:**
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user