User Tools

Site Tools


services:docker-mirror

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
services:docker-mirror [2020/12/14 17:50]
djgalloway [Other Notes]
services:docker-mirror [2021/01/20 15:50] (current)
djgalloway [Renewing the SSL certiciate]
Line 28: Line 28:
 # Then used parts of https://​medium.com/​@ifeanyiigili/​how-to-setup-a-private-docker-registry-with-a-self-sign-certificate-43a7407a1613 # Then used parts of https://​medium.com/​@ifeanyiigili/​how-to-setup-a-private-docker-registry-with-a-self-sign-certificate-43a7407a1613
 mkdir /lrc/certs mkdir /lrc/certs
-openssl req  -newkey rsa:4096 -nodes -sha256 -keyout /​lrc/​certs/​domain.key -x509 -out /​lrc/​certs/​domain.crt+openssl req  -newkey rsa:4096 -nodes -sha256 -keyout /​lrc/​certs/​domain.key -x509 -days 3650 -addext "​subjectAltName = DNS:​docker-mirror.front.sepia.ceph.com" ​-out /​lrc/​certs/​domain.crt
  
 docker run -d --restart=always -p 5000:5000 --name registry-mirror -e REGISTRY_HTTP_TLS_CERTIFICATE=/​var/​lib/​registry/​certs/​domain.crt -e REGISTRY_HTTP_TLS_KEY=/​var/​lib/​registry/​certs/​domain.key -v /​lrc:/​var/​lib/​registry registry:2 /​var/​lib/​registry/​config.yml docker run -d --restart=always -p 5000:5000 --name registry-mirror -e REGISTRY_HTTP_TLS_CERTIFICATE=/​var/​lib/​registry/​certs/​domain.crt -e REGISTRY_HTTP_TLS_KEY=/​var/​lib/​registry/​certs/​domain.key -v /​lrc:/​var/​lib/​registry registry:2 /​var/​lib/​registry/​config.yml
Line 45: Line 45:
 ===== Admin Tasks ===== ===== Admin Tasks =====
 ==== Renewing the SSL certiciate ==== ==== Renewing the SSL certiciate ====
-The first time I created the cert, I accidentally left the date out so the cert was only good for a month. ​ The second cert is good for years.+The first time I created the cert, I accidentally left the date out so the cert was only good for a month. ​ The second cert is good for 10 years.
  
-  - ''​%%root@docker-mirror:​~#​ openssl req  -newkey rsa:4096 -nodes -sha256 -keyout /​lrc/​certs/​domain.key -x509 -days 3650 -out /​lrc/​certs/​domain.crt%%''​+  - ''​%%root@docker-mirror:​~#​ openssl req  -newkey rsa:4096 -nodes -sha256 -keyout /​lrc/​certs/​domain.key -x509 -days 3650 -addext "​subjectAltName = DNS:​docker-mirror.front.sepia.ceph.com" ​-out /​lrc/​certs/​domain.crt%%''​
   - Copy the contents of ''/​lrc/​certs/​domain.crt''​ and update ''​container_mirror_cert''​ in https://​github.com/​ceph/​ceph-sepia-secrets/​blob/​master/​ansible/​inventory/​group_vars/​all.yml   - Copy the contents of ''/​lrc/​certs/​domain.crt''​ and update ''​container_mirror_cert''​ in https://​github.com/​ceph/​ceph-sepia-secrets/​blob/​master/​ansible/​inventory/​group_vars/​all.yml
   - Run ''​ansible-playbook container-host.yml''​ against the appropriate hosts.   - Run ''​ansible-playbook container-host.yml''​ against the appropriate hosts.
services/docker-mirror.1607968203.txt.gz ยท Last modified: 2020/12/14 17:50 by djgalloway