A guide to launch a private docker registry secured with Lets Encrypt. Tested on Ubuntu 16.04 and Apache 2.4
For each user you'd like to authenticate, run the following command:
docker run --entrypoint htpasswd registry:2 -Bbn {user_name} {user_password} > /choose/path/to/htpasswd
* Replace {user_name}
and {user_password}
for each user you'd like to add.
- Edit the registry.domain.com.conf file
- Replace
domain
with the name of the domain the registry will be hosted on in the file name and 6 places within the file - Leave the unsecure ssl paths alone until after you've generated the certificates.
- Replace
/path/to/file/
with the path to the htpasswd file.
- Replace
- Copy the file to the apache sites-available folder, typically
/etc/apache2/sites-available
. - Activate the site,
sudo a2ensite registry.{domain}.com.conf
. - Restart the server,
sudo service apache2 restart
. - Test that the page is served at https://registry.{domain}.com, you should see a default apache page after accepting the insecure ssl cert.
sudo git clone https://github.com/certbot/certbot /opt/certbot
cd /opt/certbot/; ./certbot-auto certonly --apache -d registry.{domain}.com
- Your files should be stored in
/etc/letsencrypt/live/{domain}
- Navigate to the ssl certificate folder and run the following commands:
sudo cp privkey.pem /path/to/docker/registry/folder/domain.key
sudo cat cert.pem chain.pem > /path/to/docker/registry/folder/domain.crt
- Update your registry.{domain}.com.conf file to link to the new ssl certificates.
SSLCertificateFile /etc/letsencrypt/live/registry.{domain}.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/registry.{domain}.com/privkey.pem
- Uncomment the
Include /etc/letsencrypt/options-ssl-apache.conf
- Run
sudo service apache2 restart
. - Verify that the url now shows a secured page.
Adapt the above instructions
- Copy the docker-compose.yml file to the server.
- Run
docker-compose up -d
. If you run into problems, remove the-d
flag and look for errors.
- From your local machine, run
docker login registry.{domain}.com
. Enter your username and password. - If you run into errors, look at the return here, the output from the docker container running on the server and anything in the apache error logs.