如何将私有注册证书添加到 Docker Machine
[英]How to add private registry certs to Docker Machine
问题描述
I upgraded my Mac (OS X) from an older Docker installation to Docker Toolbox, meaning that I'm now working with Docker Machine, and in the process discovered that certs I had working for push/pull with a private registry are not there, and I can't for the life of me figure out how to get them in place.
我将我的 Mac (OS X) 从较旧的 Docker 安装升级到 Docker Toolbox,这意味着我现在正在使用 Docker Machine,并且在此过程中发现我使用私有注册表进行推/拉工作的证书不存在,我一生都无法弄清楚如何将它们固定到位。 At the moment when I try a test pull I get the dreaded x509: certificate signed by unknown authority error.在我尝试测试 pull 的那一刻,我得到了可怕的x509: certificate signed by unknown authority错误。 I've searched around, looked at issues in Github, but nothing has worked for me.我四处搜索,查看 Github 中的问题,但没有任何效果。 I even tried ssh'ing into the machine VM and manually copying them into /etc/ssl/certs, and various other things, with no luck.我什至尝试通过 ssh 连接到机器 VM 并手动将它们复制到 /etc/ssl/certs 和其他各种内容中,但没有成功。 And I certainly don't want to get into the "insecure-registry" stuff.我当然不想进入“不安全的注册”的东西。 This used to work with boot2docker prior to moving to docker-machine.在移动到 docker-machine 之前,这曾经与 boot2docker 一起使用。
This seems like a very simple question: I have a couple of .crt files that I need put in the right place so that I can do a push/pull.这似乎是一个非常简单的问题:我有几个.crt文件,我需要将它们放在正确的位置,以便我可以执行推/拉操作。 How does one do this?如何做到这一点? And secondarily, how can this not be documented anywhere?其次,这怎么可能没有记录在任何地方? Can we wish for a docker-machine add-cert command someday?我们可以希望有一天有一个docker-machine add-cert命令吗?
Thanks for any help, and I hope a good answer here can stick around to assist others who run into this.感谢您的帮助,我希望这里有一个好的答案可以帮助其他遇到此问题的人。
2 个解决方案
解决方案1
2 2017-01-14 10:28:46
Okay so let's imagine I have a registry running at the address: 192.168.188.190:5000 and I have a proper certificate for this address.好的,让我们假设我有一个在以下地址运行的注册表:192.168.188.190:5000 并且我有这个地址的适当证书。
I would now run the following commands to install the root certificate into my machine:我现在将运行以下命令将根证书安装到我的机器中:
docker-machine scp ./dockerCA.crt $MACHINE_NAME:dockerCA.crt
docker-machine ssh $MACHINE_NAME sudo mkdir -p /etc/docker/certs.d/192.168.188.190:5000
docker-machine ssh $MACHINE_NAME sudo mv dockerCA.crt /etc/docker/certs.d/192.168.188.190:5000/dockerCA.crt
Set the variable MACHINE_NAME to whatever the name of your machine is.将变量MACHINE_NAME设置为您机器的任何名称。 The machine will now trust your root certificate.机器现在将信任您的根证书。
解决方案2
1 2020-05-04 12:03:39
Having the same issue I read the Documentation in Docker on how to add a certificate to my computer.遇到同样的问题,我阅读了Docker 中的文档,了解如何向我的计算机添加证书。 As you mentioned that you are on a updated Mac OS X, proceed by doing the following:正如您提到的,您使用的是更新的 Mac OS X,请继续执行以下操作:
Copy the cert file from your docker registry to your hard drive, eg
将证书文件从您的 docker 注册表复制到您的硬盘驱动器,例如scp user@docker.reg.ip:/path/to/crt/domain.crt /tmp/domain.crtAdd the certificate to your trusted certificates using the following command
使用以下命令将证书添加到您的受信任证书中
sudo security add-trusted-cert -d -r trustRoot \
-k /Library/Keychains/System.keychain /tmp/domain.crt
Restart your local docker handler and now you should be able to upload your local Docker images to the Docker registry.重新启动本地 docker 处理程序,现在您应该可以将本地 Docker 映像上传到 Docker 注册表。
If you are running on any other operating systems please check this site on how to add trusted root certificates.如果您在任何其他操作系统上运行,请查看此站点以了解如何添加受信任的根证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.