docker private registry with ngix http to https and persistant volume mount

As the kubernetes cluster with dockerimages pull it only works with ssl server. We need to push/pull the docker images from our private local repo . And this documentation follows the complete steps to configure priviate docker repo within kubernetes with ssl termination. https://www.sslforfree.com/create?domains=satya.com.np [[email protected] priviate-registry]# cat docker-compose.yml version: ‘2’ services: revp: image: nginx:latest volumes: – “/docker_registry/priviate-registry/nginx-web:/usr/share/nginx/html:ro” – “/docker_registry/priviate-registry/nginx.conf:/etc/nginx/nginx.conf:ro” – “/docker_registry/priviate-registry/certs/:/usr/share/certs:ro” ports: – “80:80” – “443:443” depends_on: – reg links: – reg reg: image: registry expose: – 5000 [[email protected] priviate-registry]# [[email protected] priviate-registry]# cat nginx.conf user root; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; keepalive_timeout 65; gzip on; gzip_types text/plain text/css text/javascript application/javascript application/json application/xml; index index.html index.htm; upstream docker_reg { server reg:5000; } server { listen 80 default_server; root /usr/share/nginx/html; #added later chunked_transfer_encoding on; try_files $uri/index.html $uri @docker_reg; location @docker_reg { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://docker_reg; } #end error_page 500 502 503 504 /500.html; client_max_body_size 4G; keepalive_timeout 10; } server { listen 443 default_server; root /usr/share/nginx/html; ssl on; ssl_certificate /usr/share/certs/server.crt; ssl_certificate_key /usr/share/certs/private.key; #added later chunked_transfer_encoding on; try_files $uri/index.html $uri @docker_reg; location @docker_reg { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://docker_reg; } #end error_page 500 502 503 504 /500.html; client_max_body_size 4G; keepalive_timeout 10; } }

[[email protected] priviate-registry]# cd well-known/acme-challenge

cd nginx-web/

cd well-known/acme-challenge

cd .well-known/acme-challenge

chmod 644 ud9CDdjJYpL9xGvYRbrs8nGvwIXPgqrVL3LSoIL4IRA

docker-compose stop 456 docker-compose start

cd /

cd /root/ 459 ls 460 yum install unzip 461 unzip sslforfree.zip 462 ls 463 cd /docker_registry/

ls 460 yum install unzip 461 unzip sslforfree.zip 462 ls 463 cd /docker_registry/

464 ls 465 cd priviate-registry/

466 ls

467 mkdir certs

468 cd certs/ 469 mv /root/ca_bundle.crt /root/certificate.crt /root/private.key .

470 ls 471 vi certificate.crt

472 cat certificate.crt ca_bundle.crt >server.crt

473 cat server.crt

#####redirect all http to https ##### [[email protected] priviate-registry]# cat nginx.conf user root; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; keepalive_timeout 65; gzip on; gzip_types text/plain text/css text/javascript application/javascript application/json application/xml; index index.html index.htm; upstream docker_reg { server reg:5000; } server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301https://$host$request_uri; } server { listen 443 default_server; root /usr/share/nginx/html; ssl on; ssl_certificate /usr/share/certs/server.crt; ssl_certificate_key /usr/share/certs/private.key; #added later chunked_transfer_encoding on; try_files $uri/index.html $uri @docker_reg; location @docker_reg { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://docker_reg; } #end error_page 500 502 503 504 /500.html; client_max_body_size 4G; keepalive_timeout 10; } }

[[email protected] priviate-registry]#

#######Authenciation the registry docker url ##########

yum install apache-utils yum install httpd-tools htpasswd -c auth_reg.pwd satya New password:xxxxx Re-type new password: Adding password for user javra [[email protected] e2-setup-private-docker-registry]# cat auth_reg.pwd javra:$apr1$Nq7qzvkA$SPMt5yOznrg54L8qcp/Uy. [[email protected] priviate-registry]# cat docker-compose.yml version: ‘2’ services: revp: image: nginx:latest volumes: – “/docker_registry/priviate-registry/nginx-web:/usr/share/nginx/html:ro” – “/docker_registry/priviate-registry/nginx.conf:/etc/nginx/nginx.conf:ro” – “/docker_registry/priviate-registry/certs/:/usr/share/certs:ro” – “/docker_registry/priviate-registry/auth/auth_reg.pwd:/etc/nginx/.htpasswd:ro” ports: – “80:80” – “443:443” depends_on: – reg links: – reg reg: image: registry expose: – 5000 [[email protected] priviate-registry]# [[email protected] priviate-registry]# cat nginx.conf user root; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; keepalive_timeout 65; gzip on; gzip_types text/plain text/css text/javascript application/javascript application/json application/xml; index index.html index.htm; upstream docker_reg { server reg:5000; } server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } server { listen 443 default_server; root /usr/share/nginx/html; ssl on; ssl_certificate /usr/share/certs/server.crt; ssl_certificate_key /usr/share/certs/private.key; chunked_transfer_encoding on; location / { auth_basic “Registry realm”; auth_basic_user_file /etc/nginx/.htpasswd; root /usr/share/nginx/html; } location /v2/ { auth_basic “Registry realm”; auth_basic_user_file /etc/nginx/.htpasswd; add_header ‘Docker-Distribution-Api-Version’ ‘registry/2.0’ always; proxy_read_timeout 900; proxy_passhttp://docker_reg; } error_page 500 502 503 504 /500.html; client_max_body_size 4G; keepalive_timeout 10; } } [[email protected] priviate-registry]# ########persistant volume for registry data#### /dev/sdb1 50G 53M 47G 1% /docker_registry #mkdir -p /docker_registry/reg_data [[email protected] priviate-registry]# cat /home/satya/e2-setup-private-docker-registry/docker-compose.yml version: ‘2’ services: revp: image: nginx:latest volumes: – “/root/nginx-root:/usr/share/nginx/html:ro” – “/root/nginx.conf:/etc/nginx/nginx.conf:ro” – “/root/certs:/usr/share/certs:ro” – “/docker_registry/priviate-registry/nginx-web:/usr/share/nginx/html:ro” – “/docker_registry/priviate-registry/nginx.conf:/etc/nginx/nginx.conf:ro” – “/docker_registry/priviate-registry/certs/:/usr/share/certs:ro” – “/docker_registry/priviate-registry/auth/auth_reg.pwd:/etc/nginx/.htpasswd:ro” ports: – “80:80” – “443:443” depends_on: – reg links: – reg reg: image: registry expose: – 5000 volumes: – “/docker_registry/reg-data:/var/lib/registry:rw”

Leave a Reply

Your email address will not be published.