Just 做 IT

求知若饥 虚心若愚 안년하세요 (•‾̑⌣‾̑•)

certgen.sh

1 year ago 0


# cat certgen.sh
set -ex

[ -e certs ] || mkdir certs
cd certs
echo "Creating ca keys..."
echo 01 > ca.srl
openssl genrsa -des3 -out ca-key.pem
openssl rsa -in ca-key.pem -out ca-key.pem
openssl req -subj "/CN=$(hostname -f)/" -new -x509 -days 365 -key ca-key.pem -out ca.pem

echo "Creating server keys..."
openssl genrsa -des3 -out server-key.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl req -subj "/CN=$(hostname -f)/" -new -key server-key.pem -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem

echo "Creating client keys..."
openssl genrsa -des3 -out key.pem
openssl rsa -in key.pem -out key.pem
openssl req -subj '/CN=*/' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile.cnf
openssl x509 -req -days 365 -in client.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf


mkdir -p /etc/docker/certs
cd certs/
cp ca.pem server-cert.pem server-key.pem /etc/docker/certs/


Command to launch registry
docker run -d -p 5000:5000 --name privte_registry \
-v /mnt/three/docker-registry/registry-data:/tmp \
-v /mnt/three/TLS-cert/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e LOGLEVEL=INFO -e DEBUG=true \
registry:2

[code]
sudo docker run -d -p 5000:5000 \
-v /opt/data/registry:/var/lib/registry \
-v /etc/docker/certs/:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:latest

Write a Comment