Skip to content

Latest commit

 

History

History
106 lines (78 loc) · 2.58 KB

index.md

File metadata and controls

106 lines (78 loc) · 2.58 KB
description keywords menu title
Learn how to configure your Docker Engine to push and pull images from Docker Trusted Registry.
docker, registry, TLS, certificates
main
identifier parent weight
dtr_configure_engine
dtr_menu_repos_and_images
0
Configure your Docker Engine

Configure your Docker Engine

By default Docker Engine uses TLS when pushing and pulling images to an image registry like Docker Trusted Registry.

If DTR is using the default configurations or was configured to use self-signed certificates, you need to configure your Docker Engine to trust DTR. Otherwise, when you try to login or push and pull images to DTR, you'll get an error:

$ docker login <dtr-domain-name>

x509: certificate signed by unknown authority

The first step to make your Docker Engine trust the certificate authority used by DTR is to get the DTR CA certificate. Then you configure your operating system to trust that certificate.

Configure your host

Ubuntu/ Debian

# Download the DTR CA certificate
$ curl -k https://<dtr-domain-name>/ca -o /usr/local/share/ca-certificates/<dtr-domain-name>.crt
# Refresh the list of certificates to trust
$ sudo update-ca-certificates
# Restart the Docker daemon
$ sudo service docker restart

RHEL/ CentOS

# Download the DTR CA certificate
$ curl -k https://<dtr-domain-name>/ca -o /etc/pki/ca-trust/source/anchors/<dtr-domain-name>.crt
# Refresh the list of certificates to trust
$ sudo update-ca-trust
# Restart the Docker daemon
$ sudo /bin/systemctl restart docker.service

Boot2Docker

  1. Login into the virtual machine with ssh:

    docker-machine ssh <machine-name>

  2. Create the bootsync.sh file, and make it executable:

    sudo touch /var/lib/boot2docker/bootsync.sh
sudo chmod 755 /var/lib/boot2docker/bootsync.sh

  3. Add the following content to the bootsync.sh file. You can use nano or vi for this.

    #!/bin/sh

cat /var/lib/boot2docker/server.pem >> /etc/ssl/certs/ca-certificates.crt

  4. Add the DTR CA certificate to the server.pem file:

    curl -k https://<dtr-domain-name>/ca | sudo tee -a /var/lib/boot2docker/server.pem

  5. Run bootsync.sh and restart the Docker daemon:

    sudo /var/lib/boot2docker/bootsync.sh
sudo /etc/init.d/docker restart

Login into DTR

To validate that your Docker daemon trusts DTR, trying authenticating against DTR.

$ docker login <dtr-domain-name>

Where to go next