Add documentation for let's encrypt
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
This commit is contained in:
Richard Scothern
Derek McGowan
parent
be2ed961aa
commit
015df6cdea
|
|
@ -191,6 +191,9 @@ information about each option that appears later in this page.
|
||||||
clientcas:
|
clientcas:
|
||||||
- /path/to/ca.pem
|
- /path/to/ca.pem
|
||||||
- /path/to/another/ca.pem
|
- /path/to/another/ca.pem
|
||||||
|
letsencrypt:
|
||||||
|
cachefile: /path/to/cache-file
|
||||||
|
email: emailused@letsencrypt.com
|
||||||
debug:
|
debug:
|
||||||
addr: localhost:5001
|
addr: localhost:5001
|
||||||
headers:
|
headers:
|
||||||
|
|
@ -892,6 +895,9 @@ configuration may contain both.
|
||||||
clientcas:
|
clientcas:
|
||||||
- /path/to/ca.pem
|
- /path/to/ca.pem
|
||||||
- /path/to/another/ca.pem
|
- /path/to/another/ca.pem
|
||||||
|
letsencrypt:
|
||||||
|
cachefile: /path/to/cache-file
|
||||||
|
email: emailused@letsencrypt.com
|
||||||
debug:
|
debug:
|
||||||
addr: localhost:5001
|
addr: localhost:5001
|
||||||
headers:
|
headers:
|
||||||
|
|
@ -1037,6 +1043,40 @@ and proxy connections to the registry server.
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
### letsencrypt
|
||||||
|
|
||||||
|
The `letsencrypt` struct within `tls` is **optional**. Use this to configure TLS
|
||||||
|
certificates provided by [Let's Encrypt](https://letsencrypt.org/how-it-works/).
|
||||||
|
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Parameter</th>
|
||||||
|
<th>Required</th>
|
||||||
|
<th>Description</th>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>cachefile</code>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
yes
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
Absolute path to a file for the Let's Encrypt agent to cache data
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>
|
||||||
|
<code>email</code>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
yes
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
Email used to register with Let's Encrypt.
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
### debug
|
### debug
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -88,6 +88,11 @@ A certificate issuer may supply you with an *intermediate* certificate. In this
|
||||||
|
|
||||||
cat domain.crt intermediate-certificates.pem > certs/domain.crt
|
cat domain.crt intermediate-certificates.pem > certs/domain.crt
|
||||||
|
|
||||||
|
### Let's Encrypt
|
||||||
|
|
||||||
|
The registry supports using Let's Encrypt to automatically obtain a browser-trusted certificate. For more
|
||||||
|
information on Let's Encrypt, see [https://letsencrypt.org/how-it-works/](https://letsencrypt.org/how-it-works/) and the relevant section of the [registry configuration](configuration.md#letsencrypt).
|
||||||
|
|
||||||
### Alternatives
|
### Alternatives
|
||||||
|
|
||||||
While rarely advisable, you may want to use self-signed certificates instead, or use your registry in an insecure fashion. You will find instructions [here](insecure.md).
|
While rarely advisable, you may want to use self-signed certificates instead, or use your registry in an insecure fashion. You will find instructions [here](insecure.md).
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue