|
You can use self-signed SSL certificates with docker push/pull
commands, however for this to work, you need to specify the --insecure-registry
daemon flag for each insecure registry.
For full details please refer to the.
For example, if you are running Docker as a service, edit the /etc/default/docker
file, and append the --insecure-registry
flag with your registry URL to the DOCKER_OPTS variable as in the following example:
DOCKER_OPTS="-H unix:///var/run/docker.sock --insecure-registry artprod.company.com" |
For this to take effect, you need to restart the Docker service.
If you are using Boot2Docker, please refer to the Boot2Docker documentation for.
If you do not make the required modifications to the --insecure-registry
daemon flag, you should get the following error:
v2 ping attempt failed with error: Get https://artprod.company.com/v2/: x509: cannot validate certificate for artprod.company.com because it doesn't contain any IP SANs |
The NGINX configuration provided with Artifactory out-of-the-box references the internally bundled certificate and key which you may replace with your own certificate and key.
For details, please refer to Using Your Own Certificate.
If you are unable to log in to Docker, you may need to set your credentials manually.
The Docker command line tool supports authenticating sensitive operations, such as push, with the server using basic HTTP authentication. To enforce authenticated access to docker repositories you need to provide the following parameters to the Docker configuration file.
You can use the following command to get these strings directly from Artifactory and copy/paste them into your ~/
The Docker configuration file may contain a separate authentication block for each registry that you wish to access. Below is an example with two URL endpoints:
|
From version 4.4, Artifactory supports authentication of the Docker client using OAuth through the default GitHub OAuth provider. When authenticating using OAuth you will not need to provide additional credentials to execute docker login
with Artifactory.
To set up OAuth authentication for your Docker client, execute the following steps:
Log in to Artifactory with OAuth using your Git Enterprise account
Once you are logged in to Artifactory through your Git Enterprise OAuth account, your Docker client will automatically detect this and use OAuth for authentication, so you do not need to provide additional credentials.