From 015df6cdea10d9ce4b893bcd98887980e7061fb7 Mon Sep 17 00:00:00 2001 From: Richard Scothern Date: Mon, 13 Jun 2016 11:42:13 -0700 Subject: [PATCH] Add documentation for let's encrypt Signed-off-by: Richard Scothern --- docs/configuration.md | 40 ++++++++++++++++++++++++++++++++++++++++ docs/deploying.md | 5 +++++ 2 files changed, 45 insertions(+) diff --git a/docs/configuration.md b/docs/configuration.md index 96df2f0d4..1ef680f56 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -191,6 +191,9 @@ information about each option that appears later in this page. clientcas: - /path/to/ca.pem - /path/to/another/ca.pem + letsencrypt: + cachefile: /path/to/cache-file + email: emailused@letsencrypt.com debug: addr: localhost:5001 headers: @@ -892,6 +895,9 @@ configuration may contain both. clientcas: - /path/to/ca.pem - /path/to/another/ca.pem + letsencrypt: + cachefile: /path/to/cache-file + email: emailused@letsencrypt.com debug: addr: localhost:5001 headers: @@ -1037,6 +1043,40 @@ and proxy connections to the registry server. +### letsencrypt + +The `letsencrypt` struct within `tls` is **optional**. Use this to configure TLS +certificates provided by [Let's Encrypt](https://letsencrypt.org/how-it-works/). + + + + + + + + + + + + + + + + + +
ParameterRequiredDescription
+ cachefile + + yes + + Absolute path to a file for the Let's Encrypt agent to cache data +
+ email + + yes + + Email used to register with Let's Encrypt. +
### debug diff --git a/docs/deploying.md b/docs/deploying.md index ceed44a6d..b1d801be7 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -88,6 +88,11 @@ A certificate issuer may supply you with an *intermediate* certificate. In this cat domain.crt intermediate-certificates.pem > certs/domain.crt +### Let's Encrypt + +The registry supports using Let's Encrypt to automatically obtain a browser-trusted certificate. For more +information on Let's Encrypt, see [https://letsencrypt.org/how-it-works/](https://letsencrypt.org/how-it-works/) and the relevant section of the [registry configuration](configuration.md#letsencrypt). + ### Alternatives While rarely advisable, you may want to use self-signed certificates instead, or use your registry in an insecure fashion. You will find instructions [here](insecure.md).