1
0
mirror of https://github.com/distribution/distribution synced 2024-11-06 19:35:52 +01:00

Add documentation for let's encrypt

Signed-off-by: Richard Scothern <richard.scothern@docker.com>
This commit is contained in:
Richard Scothern 2016-06-13 11:42:13 -07:00 committed by Derek McGowan
parent be2ed961aa
commit 015df6cdea
2 changed files with 45 additions and 0 deletions

@ -191,6 +191,9 @@ information about each option that appears later in this page.
clientcas:
- /path/to/ca.pem
- /path/to/another/ca.pem
letsencrypt:
cachefile: /path/to/cache-file
email: emailused@letsencrypt.com
debug:
addr: localhost:5001
headers:
@ -892,6 +895,9 @@ configuration may contain both.
clientcas:
- /path/to/ca.pem
- /path/to/another/ca.pem
letsencrypt:
cachefile: /path/to/cache-file
email: emailused@letsencrypt.com
debug:
addr: localhost:5001
headers:
@ -1037,6 +1043,40 @@ and proxy connections to the registry server.
</tr>
</table>
### letsencrypt
The `letsencrypt` struct within `tls` is **optional**. Use this to configure TLS
certificates provided by [Let's Encrypt](https://letsencrypt.org/how-it-works/).
<table>
<tr>
<th>Parameter</th>
<th>Required</th>
<th>Description</th>
</tr>
<tr>
<td>
<code>cachefile</code>
</td>
<td>
yes
</td>
<td>
Absolute path to a file for the Let's Encrypt agent to cache data
</td>
</tr>
<tr>
<td>
<code>email</code>
</td>
<td>
yes
</td>
<td>
Email used to register with Let's Encrypt.
</td>
</tr>
</table>
### debug

@ -88,6 +88,11 @@ A certificate issuer may supply you with an *intermediate* certificate. In this
cat domain.crt intermediate-certificates.pem > certs/domain.crt
### Let's Encrypt
The registry supports using Let's Encrypt to automatically obtain a browser-trusted certificate. For more
information on Let's Encrypt, see [https://letsencrypt.org/how-it-works/](https://letsencrypt.org/how-it-works/) and the relevant section of the [registry configuration](configuration.md#letsencrypt).
### Alternatives
While rarely advisable, you may want to use self-signed certificates instead, or use your registry in an insecure fashion. You will find instructions [here](insecure.md).