services:docker-mirror
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
services:docker-mirror [2020/12/14 17:50] djgalloway [Other Notes] |
services:docker-mirror [2021/01/20 15:50] (current) djgalloway [Renewing the SSL certiciate] |
||
|---|---|---|---|
| Line 28: | Line 28: | ||
| # Then used parts of https://medium.com/@ifeanyiigili/how-to-setup-a-private-docker-registry-with-a-self-sign-certificate-43a7407a1613 | # Then used parts of https://medium.com/@ifeanyiigili/how-to-setup-a-private-docker-registry-with-a-self-sign-certificate-43a7407a1613 | ||
| mkdir /lrc/certs | mkdir /lrc/certs | ||
| - | openssl req -newkey rsa:4096 -nodes -sha256 -keyout /lrc/certs/domain.key -x509 -out /lrc/certs/domain.crt | + | openssl req -newkey rsa:4096 -nodes -sha256 -keyout /lrc/certs/domain.key -x509 -days 3650 -addext "subjectAltName = DNS:docker-mirror.front.sepia.ceph.com" -out /lrc/certs/domain.crt |
| docker run -d --restart=always -p 5000:5000 --name registry-mirror -e REGISTRY_HTTP_TLS_CERTIFICATE=/var/lib/registry/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/var/lib/registry/certs/domain.key -v /lrc:/var/lib/registry registry:2 /var/lib/registry/config.yml | docker run -d --restart=always -p 5000:5000 --name registry-mirror -e REGISTRY_HTTP_TLS_CERTIFICATE=/var/lib/registry/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/var/lib/registry/certs/domain.key -v /lrc:/var/lib/registry registry:2 /var/lib/registry/config.yml | ||
| Line 45: | Line 45: | ||
| ===== Admin Tasks ===== | ===== Admin Tasks ===== | ||
| ==== Renewing the SSL certiciate ==== | ==== Renewing the SSL certiciate ==== | ||
| - | The first time I created the cert, I accidentally left the date out so the cert was only good for a month. The second cert is good for 5 years. | + | The first time I created the cert, I accidentally left the date out so the cert was only good for a month. The second cert is good for 10 years. |
| - | - ''%%root@docker-mirror:~# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /lrc/certs/domain.key -x509 -days 3650 -out /lrc/certs/domain.crt%%'' | + | - ''%%root@docker-mirror:~# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /lrc/certs/domain.key -x509 -days 3650 -addext "subjectAltName = DNS:docker-mirror.front.sepia.ceph.com" -out /lrc/certs/domain.crt%%'' |
| - Copy the contents of ''/lrc/certs/domain.crt'' and update ''container_mirror_cert'' in https://github.com/ceph/ceph-sepia-secrets/blob/master/ansible/inventory/group_vars/all.yml | - Copy the contents of ''/lrc/certs/domain.crt'' and update ''container_mirror_cert'' in https://github.com/ceph/ceph-sepia-secrets/blob/master/ansible/inventory/group_vars/all.yml | ||
| - Run ''ansible-playbook container-host.yml'' against the appropriate hosts. | - Run ''ansible-playbook container-host.yml'' against the appropriate hosts. | ||
services/docker-mirror.1607968203.txt.gz ยท Last modified: 2020/12/14 17:50 by djgalloway
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
