containers-certs.d - Directory for storing custom container-registry TLS
configurations
A custom TLS configuration for a container registry can be configured by
creating a directory under
$HOME/.config/containers/certs.d or
/etc/containers/certs.d. The name of the directory must correspond to
the
host:port of the registry (e.g.,
my-registry.com:5000).
A certs directory can contain one or more files with the following extensions:
- •
-
*.crt files with this extensions will be interpreted
as CA certificates
- •
-
*.cert files with this extensions will be
interpreted as client certificates
- •
-
*.key files with this extensions will be interpreted
as client keys
Note that the client certificate-key pair will be selected by the file name
(e.g.,
client.{cert,key}). An exemplary setup for a registry running at
my-registry.com:5000 may look as follows:
/etc/containers/certs.d/ <- Certificate directory
└── my-registry.com:5000 <- Hostname:port
├── client.cert <- Client certificate
├── client.key <- Client key
└── ca.crt <- Certificate authority that signed the registry certificate
Feb 2019, Originally compiled by Valentin Rothberg
[email protected]
⟨mailto:
[email protected]⟩