Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable import of certificate for private HTTPS secure registry #1282

Open
sparky3387 opened this issue May 2, 2022 · 4 comments
Open

Enable import of certificate for private HTTPS secure registry #1282

sparky3387 opened this issue May 2, 2022 · 4 comments
Labels
Status: Available Type: Enhancement

Comments

@sparky3387
Copy link

sparky3387 commented May 2, 2022
edited by piksel
Loading

I did a search and could not find a similar issue or request, on this line it creates the TLS variable in GO to login to the docker registry, are we able to pass in a custom CA certificate for this stage

TLSConfig Variable

The lack of a CA certificate causes the following error:

2022-05-02T02:20:03Z [D] Reason: Get "https://docker-registry:443/v2/": x509: certificate signed by unknown authority
                         container: /containername
                         image: docker-registry:443/containername-image
2022-05-02T02:20:03Z [D] Pulling image
                         container: /containername
                         image: docker-registry:443/containername-image
2022-05-02T02:20:03Z [D] Error pulling image docker-registry:443/containername-image, Error response from daemon: Get "https://docker-registry:443/v2/": x509: certificate signed by unknown authority
2022-05-02T02:20:03Z [I] Unable to update container "/containername": Error response from daemon: Get "https://docker-registry:443/v2/": x509: certificate signed by unknown authority. Proceeding to next.

A link on how the TLSConfig variable can be setup to work in this configuration
@github-actions
Copy link

github-actions bot commented May 2, 2022

Hi there! 👋🏼 As you're new to this repo, we'd like to suggest that you read our code of conduct as well as our contribution guidelines. Thanks a bunch for opening your first issue! 🙏

@piksel
Copy link
Member

piksel commented May 2, 2022

Yeah, initial work for allowing custom certs for notification service was started in containrrr/shoutrrr#185, and the cert pool would need to be seeded from watchtowers side. Using the same pool (or another) for the docker registry lookups shouldn't be an issue.
Generally, what needs to be defined is a way to get the certificates into the container. Easiest solution is to just check if a folder exists inside the container and load all certificates from that folder on startup. That way you could just place the certs in a volume.

@intmainreturnzero
Copy link

Hi @piksel , wanted to understand about the status for the support to add custom CAs for watchtower. The above pull request is active, so I'm assuming such support doesn't exist yet in Watchtower?

@hyeoncheolkim91
Copy link

Is this still not supported?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Available Type: Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@piksel @sparky3387 @intmainreturnzero @hyeoncheolkim91