keytool -genkeypair \ -alias megarepo \ -keyalg RSA -keysize 2048 \ -storetype PKCS12 \ -keystore keystore.p12 \ -validity 3650 \ -storepass changeit \ -dname "CN=megarepo.example.com,O=MyOrg,C=US"
server: port: 443 ssl: enabled: true key-store: file:/path/to/keystore.p12 key-store-password: changeit key-store-type: PKCS12
export SERVER_PORT=443 export SERVER_SSL_ENABLED=true export SERVER_SSL_KEY_STORE=file:/path/to/keystore.p12 export SERVER_SSL_KEY_STORE_PASSWORD=changeit export SERVER_SSL_KEY_STORE_TYPE=PKCS12
docker run -p 443:443 \ -v /path/to/keystore.p12:/keystore.p12 \ -e SERVER_SSL_ENABLED=true \ -e SERVER_SSL_KEY_STORE=file:/keystore.p12 \ -e SERVER_SSL_KEY_STORE_PASSWORD=changeit \ bsnsoft/megarepo
sudo certbot certonly --standalone -d megarepo.example.com
openssl pkcs12 -export \ -in /etc/letsencrypt/live/megarepo.example.com/fullchain.pem \ -inkey /etc/letsencrypt/live/megarepo.example.com/privkey.pem \ -out /opt/megarepo/keystore.p12 \ -name megarepo \ -passout pass:changeit
# /etc/cron.d/megarepo-cert-renew 0 3 * * * root certbot renew --quiet && \ openssl pkcs12 -export \ -in /etc/letsencrypt/live/megarepo.example.com/fullchain.pem \ -inkey /etc/letsencrypt/live/megarepo.example.com/privkey.pem \ -out /opt/megarepo/keystore.p12 \ -name megarepo -passout pass:changeit && \ systemctl restart megarepo
# Extract certificate from keystore keytool -exportcert -alias megarepo -keystore keystore.p12 \ -storepass changeit -rfc > megarepo-ca.crt # Copy to Docker certificate directory sudo mkdir -p /etc/docker/certs.d/megarepo.example.com sudo cp megarepo-ca.crt /etc/docker/certs.d/megarepo.example.com/ca.crt # No Docker restart needed
{
"insecure-registries": ["megarepo.example.com:443"]
}
sudo systemctl restart docker
Warning:
# Test HTTPS endpoint curl -k https://megarepo.example.com/api/v1/status # Test Docker login docker login megarepo.example.com # Test Docker push docker tag alpine megarepo.example.com/docker-hosted/alpine:test docker push megarepo.example.com/docker-hosted/alpine:test