# Local Docker Hub # Security ## Certification ```bash= apt-get install openssl openssl genrsa -aes256 -passout pass:gsahdg -out server.pass.key 4096 openssl rsa -passin pass:gsahdg -in server.pass.key -out local.dockerhub.key rm server.pass.key openssl req -new -key local.dockerhub.key -out local.dockerhub.csr ``` > When the `openssl req` command asks for a “challenge password”, just press return, leaving the password empty. This password is used by Certificate Authorities to authenticate the certificate owner when they want to revoke their certificate. ```bash= openssl x509 -req -sha256 -days 365 -in local.dockerhub.csr -signkey local.dockerhub.key -out local.dockerhub.crt mkdir -p certs cp local.dockerhub.crt certs cp local.dockerhub.key certs ``` ## Authentication ```bash= mkdir auth docker run \ --entrypoint htpasswd httpd:2 -Bbn <USER_NAME> <PASSWORD> > auth/htpasswd ``` ## Run docker hub with the security ```bash= docker run -d \ --restart=always \ --name registry \ -v "$(pwd)"/auth:/auth \ -e "REGISTRY_AUTH=htpasswd" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -v "$(pwd)"/certs:/certs \ -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/local.dockerhub.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/local.dockerhub.key \ -p 5443:443 \ registry:2 ``` # Login ```bash= docker login localhost:5443 ``` # Testing ```bash= docker pull ubuntu:16.04 docker tag ubuntu:16.04 localhost:5443/my-ubuntu docker push localhost:5443/my-ubuntu docker image remove ubuntu:16.04 docker image remove localhost:5443/my-ubuntu docker pull localhost:5443/my-ubuntu ``` # Reference - [openssl](https://devcenter.heroku.com/articles/ssl-certificate-self) - [Registry](https://docs.docker.com/registry/deploying/) ###### tags: `DevOps`