U1.10 Ubuntu Quick Start (QS): Docker custom registry - chempkovsky/CS2WPF-and-CS2XAMARIN GitHub Wiki
- Pre-installed DHCP in the virtual environment (for example, a hardware implementation of a DHCP server in a modem)
- Step 1: Deploy two Ubuntu 20.04 TLS virtual machines. Consult the articles U1.01 and U1.02
- Step 2: Set device name of the first Ubuntu virtual machine: u200401.custom.by
Click to show the picture
- Step 3: Set device name of the second Ubuntu virtual machine: u200402
Click to show the picture
-
Note: the name of the second virtual machine has no ** custom.by ** - suffix
-
Step 4: Determine the IP address with a "ip a" command for u200401.custom.by virtual machine
Click to show the picture
- Step 5: Determine the IP address with a "ip a" command for u200402 virtual machine
Click to show the picture
-
Step 6: For u200401.custom.by virtual machine
- with "sudo nano /etc/hosts" add the IP address detected at the Step #4
192.168.100.17 u200401.custom.by
Click to show the picture
-
Step 7: For u200402 virtual machine
- with "sudo nano /etc/hosts" add the IP address detected at the Step #4
192.168.100.17 u200401.custom.by
Click to show the picture
-
Step 8: For both virtual machines
- make a test:
ping u200401.custom.by
- here is an example for u200402 virtual machine
Click to show the picture
-
Step 9: For both virtual machines
- Install docker. Consult the article U1.09
-
Consult the article: Test an insecure registry
-
Step 1: For u200401.custom.by virtual machine
- run the command "mkdir -p certs"
- Note: We do not use sudo for the command above
- run the command "mkdir -p certs"
-
Step 2: For u200401.custom.by virtual machine
- run the command as shown below:
- Pay special attention to "subjectAltName = DNS:u200401.custom.by"
- Important Note: set "Common name=custom.by"
- Note: We do not use sudo for the command bellow
- run the command as shown below:
openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -addext "subjectAltName = DNS:u200401.custom.by" -x509 -days 365 -out certs/domain.crt
Click to show the picture
-
Step 3: For u200401.custom.by virtual machine
- run the command:
sudo docker run -d --restart=always --name registry -v "$(pwd)"/certs:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -p 443:443 registry:2
Click to show the picture
-
Step 4: For u200401.custom.by virtual machine
- make preliminary test:
sudo docker pull ubuntu
sudo docker tag ubuntu u200401.custom.by/test
sudo docker push u200401.custom.by/test
- The very last command throws "x509 certificate signed by unknown authority" exception:
Click to show the picture
-
Step 5: For u200401.custom.by virtual machine
- create the folder:
sudo mkdir -p /etc/docker/certs.d/u200401.custom.by
-
Step 6: For u200401.custom.by virtual machine
- copy and rename domain.crt-file:
sudo cp certs/domain.crt /etc/docker/certs.d/u200401.custom.by/ca.crt
-
Step 6: For u200401.custom.by virtual machine
- make the test
sudo docker push u200401.custom.by/test
- here is a result:
Click to show the picture
-
Step 1: For u200402 virtual machine
- make preliminary test:
sudo docker pull ubuntu
sudo docker tag ubuntu u200401.custom.by/test2
sudo docker push u200401.custom.by/test2
- here is a result:
- Note: The very last command throws "x509 certificate signed by unknown authority" exception:
Click to show the picture
-
Step 2: For u200402 virtual machine
- run the command
mkdir -p certs
-
Step 2: For u200401.custom.by virtual machine
- read the article U1.04
- copy certs/domain.crt of the u200401.custom.by-virtual machine into shared windows folder
- you can run the command below to copy/paste using the GUI
sudo nautilus
-
Step 3: For u200402 virtual machine
- read the article U1.04
- copy domain.crt of the shared windows folder into certs/domain.crt of the u200402-virtual machine
- here is a result:
Click to show the picture
- you can run the command below to copy/paste using the GUI
sudo nautilus
-
Step 4: For u200402 virtual machine
- create the folder
sudo mkdir -p /etc/docker/certs.d/u200401.custom.by
-
Step 5: For u200402 virtual machine
- copy and rename domain.crt-file:
sudo cp certs/domain.crt /etc/docker/certs.d/u200401.custom.by/ca.crt
-
Step 6: For u200402 virtual machine
- make the test:
sudo docker push u200401.custom.by/test2
- here is a result:
Click to show the picture
-
Step 7 For u200401.custom.by virtual machine
- check:
sudo docker images
sudo docker pull u200401.custom.by/test2
sudo docker images
Click to show the picture
- Note: we can not get data with a curl
curl -X GET https://u200401.custom.by/v2/_catalog
- here is a responce
Click to show the picture
- use browser instead
https://u20001.custom.by/v2/_catalog
Click to show the picture
- here is some details
https://u20001.custom.by/v2/test2/tags/list
Click to show the picture
- consult the article Restricting access
- Note: we haven't tested this but hope it works
- read the article first: To Fix The Docker and UFW Security Flaw Without Disabling Iptables