diff --git a/Dockerfile b/Dockerfile index 27999061d..f588ee1ca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,6 +12,7 @@ FROM ubuntu:14.04 RUN apt-get update \ # Install pip && apt-get install -y \ + curl \ python-pip \ # Install deps for backports.lmza (python2 requires it) python-dev \ @@ -19,6 +20,10 @@ RUN apt-get update \ libevent1-dev \ && rm -rf /var/lib/apt/lists/* +# get generate_cert +RUN curl -L -o /usr/local/bin/generate_cert https://github.com/SvenDowideit/generate_cert/releases/download/0.1/generate_cert-0.1-linux-amd64/ && \ + chmod +x /usr/local/bin/generate_cert + COPY . /docker-registry COPY ./config/boto.cfg /etc/boto.cfg @@ -37,4 +42,5 @@ ENV SETTINGS_FLAVOR dev EXPOSE 5000 +ENTRYPOINT ["/docker-registry/wrap.sh"] CMD ["docker-registry"] diff --git a/wrap.sh b/wrap.sh new file mode 100755 index 000000000..7708fa503 --- /dev/null +++ b/wrap.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +export ${REGISTRY_HOST:=localhost} + +x=0 +for f in /ssl/ca.{key,cert}; do + [[ -f $f ]] && x=$((x + 1)) || break +done +case "$x" in +0) + generate_cert -cert=/ssl/ca.cert -key=/ssl/ca.key + ;; +1) + echo "Only one of /ssl/ca.key and /ssl/ca.cert was found. Make sure both are either present or absent." && exit 1 + ;; +esac + +x=0 +for f in /ssl/registry.{key,crt}; do + [[ -f $f ]] && x=$((x + 1)) || break +done +case "$x" in +0) + generate_cert -cert=/ssl/ca.cert -key=/ssl/ca.key && generate_cert -host="$REGISTRY_HOST" -ca=/ssl/ca.cert -ca-key=/ssl/ca.key -cert=/ssl/registry.crt -key=/ssl/registry.key + ;; +1) + echo "Only one of /ssl/registry.key and /ssl/registry.crt was found. Make sure both are either present or absent." && exit 1 + ;; +esac + +# --ssl-version 3 == ssl.PROTOCOL_TLSv1 +[[ -d /ssl ]] && export ${GUNICORN_OPTS:="['--certfile','/ssl/registry.crt','--keyfile','/ssl/registry.key','--ca-certs','/ssl/ca.cert','--ssl-version',3]"} + +exec "$@"