I know the Docker Hub, and I know that you can create your own repositories. But you need to pay if you want to create some private repos. Therefore, I want my own Docker registry server to use self-signed certificates.
I follow the official documentation. So these are the steps: Creating certificates in certificates /
mkdir -p certs && openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
So this creates domain.key and domain.cert in my certificates /. Now it's time to start my docker registry (using keys):
docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=certs/domain.key \
registry:2
After deployment, I see the following: $ docker ps
"/bin/registry /etc/d" 12 seconds ago Restarting (1) 1 seconds ago 0.0.0.0:5000->5000/tcp
My docker magazines tell me:
time="2015-12-11T10:18:19Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.5.2 instance.id=ee1b0d64-89eb-4be7-bc3e-e0e249bf117d version=v2.2.1
time="2015-12-11T10:18:19Z" level=info msg="redis not configured" go.version=go1.5.2 instance.id=ee1b0d64-89eb-4be7-bc3e-e0e249bf117d version=v2.2.1
time="2015-12-11T10:18:19Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.5.2 instance.id=ee1b0d64-89eb-4be7-bc3e-e0e249bf117d version=v2.2.1
time="2015-12-11T10:18:19Z" level=fatal msg="open certs/domain.crt: permission denied"
Can someone tell me what I'm doing wrong? Thanks
user5558501