Setting up private docker registry in AWS and using it with Beanstalk

620 views Asked by At

I have found several references on how to do this, however - I have not been able to get any of them to work. Where I get into trouble, is with trying to develop a self-signed certificate. If has recently been able to Set up private docker registry in AWS and using it with Beanstalk - please help me.

1

There are 1 answers

0
lingxiao On

there are couple of things if you are trying to deploy a private registry.

depending on the docker version, you should make a choice between registry and registry 2.0. or directly from the source? i couldn't get source to work though, and i think registry 2.0 needs the latest docker. my docker api version is 1.17 and i could only get it to work with registry.

from my experience, there's nothing special with generating self-signed certificates, but there are some tips on adding the CA. I followed the generating self-signed certificate part of this article: How To Set Up a Private Docker Registry on Ubuntu 14.04. I had to make the following tweaks to make it work:

Adding CA to a list of trusted CAs

First of all, transfer the CA ca.pem to all machines which will be using the registry. Next, add it to the list of trusted CAs. Depending on host's operation system, the commands are slightly different.

For Ubuntu 14.04: sudo mkdir /usr/local/share/ca-certificates/docker-registry sudo cp ca.pem /usr/local/share/ca-certificates/docker-registry/ca.crt sudo update-ca-certificates

For CoreOs: sudo cp ca.pem /etc/ssl/certs/docker_registry_ca.pem sudo update-ca-certificates

Remark: Ubuntu 14.04 only takes into account .crt files. CoreOs only takes into account .pem files; in addition, for CoreOs, the file must be in /etc/ssl/certs/, excluding any sub-directory

If you are using an nginx container for tls, this would make the container to trust this CA as it pulls its list of trusted CAs directly from the host machine. But in addition to that, you need to ask Docker to trust this CA too in order to pull from and push to your future registry container. This is rather easy to accomplish, you just need to restart Docker daemon and it will reload the list of trusted CAs from the updated list.

For Ubuntu 14.04: sudo service docker restart For CoreOS: sudo systemctl restart docker