how do you securely push an image to a docker 1.13 registry:2 service from outside the swarm?
Question
I am running a docker registry service in a locally-hosted docker-machine VM in a docker 1.13 swarm on OSX via:
docker service create --name registry --with-registry-auth --publish
5000:5000 registry:2
The service is running and I can push/pull images on a swarm manager however when I try to push images to the service from the machine hosting the swarm VM using port 5000:
Get https://<IP of swarm manager>:5000/v1/_ping: http: server gave HTTP response to HTTPS client
Does anyone know how to securely access a docker registry service from outside the swarm? Possibly a FAQ, but I haven't found an article addressing it on the docker site. They all seem to deal with container TLS settings or accessing the server from within the swarm (which is rather nice).
thanks!
1 answers
solution1
1 ACCPTED 2017-01-29 20:27:31
The documentation on securing the registry socket deal with TLS settings because that's exactly what you need to configure. The registry documentation discusses this at a high level. The same steps to create a TLS CA, key, and certificate for the docker socket can be used for the registry socket and are documented on docker's site .
Note that if you generate your own certificates from your own CA, you'll need to trust your CA. There are various ways to do this just for docker, but the easier (and possibly less secure) solution is to add it to the list of root CA's on your host. This procedure varies per linux distribution.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.