stackoom
  简体   繁体   中英

How to add private registry certs to Docker Machine

 原文  2016-02-25 21:23:21       docker/ ssl-certificate/ docker-registry/ docker-machine

Question

I upgraded my Mac (OS X) from an older Docker installation to Docker Toolbox, meaning that I'm now working with Docker Machine, and in the process discovered that certs I had working for push/pull with a private registry are not there, and I can't for the life of me figure out how to get them in place. At the moment when I try a test pull I get the dreaded x509: certificate signed by unknown authority error. I've searched around, looked at issues in Github, but nothing has worked for me. I even tried ssh'ing into the machine VM and manually copying them into /etc/ssl/certs, and various other things, with no luck. And I certainly don't want to get into the "insecure-registry" stuff. This used to work with boot2docker prior to moving to docker-machine.

This seems like a very simple question: I have a couple of .crt files that I need put in the right place so that I can do a push/pull. How does one do this? And secondarily, how can this not be documented anywhere? Can we wish for a docker-machine add-cert command someday?

Thanks for any help, and I hope a good answer here can stick around to assist others who run into this.

2 answers

solution1
 2  2017-01-14 10:28:46

Okay so let's imagine I have a registry running at the address: 192.168.188.190:5000 and I have a proper certificate for this address.

I would now run the following commands to install the root certificate into my machine:

docker-machine scp ./dockerCA.crt $MACHINE_NAME:dockerCA.crt
docker-machine ssh $MACHINE_NAME sudo mkdir -p /etc/docker/certs.d/192.168.188.190:5000
docker-machine ssh $MACHINE_NAME sudo mv dockerCA.crt /etc/docker/certs.d/192.168.188.190:5000/dockerCA.crt

Set the variable MACHINE_NAME to whatever the name of your machine is. The machine will now trust your root certificate.

solution2
 1  2020-05-04 12:03:39

Having the same issue I read the Documentation in Docker on how to add a certificate to my computer. As you mentioned that you are on a updated Mac OS X, proceed by doing the following:

  1. Copy the cert file from your docker registry to your hard drive, eg

    scp user@docker.reg.ip:/path/to/crt/domain.crt /tmp/domain.crt

  2. Add the certificate to your trusted certificates using the following command

sudo security add-trusted-cert -d -r trustRoot \
     -k /Library/Keychains/System.keychain /tmp/domain.crt

Restart your local docker handler and now you should be able to upload your local Docker images to the Docker registry.

If you are running on any other operating systems please check this site on how to add trusted root certificates.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add private registry to docker query list? docker private registry as default registry in local machine and server machine How to manage Docker private registry In virtual-machine Docker push to private registry failed under proxy how to migrate docker private registry to a new server How to setup private docker registry securely? How to delete images from a private docker registry? How to push a tar archive to private docker registry? Docker - How to delete image from a private registry How to list Docker images in a Codefresh private registry?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM