/ Security Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Docker Registry With a Let's Encrypt Certificate

DZone's Guide to

Docker Registry With a Let's Encrypt Certificate

Save the whales! Learn how to protect your Docker files from pesky container security threats by generating an encryption certificate.

by
·
Dec. 01, 17 · Security Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Mobile is increasingly becoming a part of every consumers’ identity, but the increasing use of this digital channel is escalating the security risks faced by consumers and institutions.

A one-liner to run an SSL Docker registry generating a Let's Encrypt certificate.

This command will create a registry proxying the Docker hub, caching the images in a registry volume.

A Lets' Encrypt certificate will be auto-generated and stored in the host directory as letsencrypt.json. You could also use a Docker volume to store it.

In order for the certificate generation to work, the registry needs to be accessible from the internet in port 443. After the certificate is generated that's no longer needed.

docker run -d -p 443:5000 --name registry \
  -v `pwd`:/etc/docker/registry/ \
  -v registry:/var/lib/registry \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
  -e REGISTRY_HTTP_HOST=https://docker.example.com \
  -e REGISTRY_HTTP_TLS_LETSENCRYPT_CACHEFILE=/etc/docker/registry/letsencrypt.json \
  -e REGISTRY_HTTP_TLS_LETSENCRYPT_EMAIL=admin@example.com \
  -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \
  registry:2

You can also create a config.yml in this directory and run the registry using the file instead of environment variables.

version: 0.1
storage:
  filesystem:
http:
  addr: 0.0.0.0:5000
  host: https://docker.example.com
  tls:
    letsencrypt:
      cachefile: /etc/docker/registry/letsencrypt.json
      email: admin@example.com
proxy:
  remoteurl: https://registry-1.docker.io

Then run:

docker run -d -p 443:5000 --name registry \
  -v `pwd`:/etc/docker/registry/ \
  -v registry:/var/lib/registry \
  registry:2

If you want to use this as a remote repository and not just for proxying, remove the proxy entry in the configuration.

Explore the authentication advancements that are designed to secure accounts and payments—without overburdening consumers with a friction-laden experience.

Like This Article? Read More From DZone

Using Docker to Generate SSL Certificates
Secure a Docker Registry Using SSL
Docker Security: It's a Layered Approach

Free DZone Refcard

Blockchain and Distributed Ledger Technology for Documents
DOWNLOAD
Topics:
security ,docker security ,ssl certificates ,cloud security ,container security

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Security Partner Resources

Learn how to Patch faster than attackers can find you
Find out how to Secure your applications with Point and Click protection.
What is the Deserialization vulnerability and what are the challenges in providing a solution
Rapidly detect security vulnerabilities in your web, mobile and desktop applications
Intelligent Finding Analytics: Your Cognitive Computing Application Security Expert
Securing Payments and Earning Trust in a Mobile Financial World
Eliminate vulnerabilities from applications before they are placed into production and deployed

Security Partner Resources

Learn how to Patch faster than attackers can find you
Find out how to Secure your applications with Point and Click protection.
What is the Deserialization vulnerability and what are the challenges in providing a solution
Rapidly detect security vulnerabilities in your web, mobile and desktop applications

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone