hauler-dev/hauler

[RFE] Adding TLS termination support for Registry and Fileserver

Closed this issue · 4 comments

ObieBent commented

Is this RFE related to an Existing Problem? If so, please describe:

  • N/A

Describe Proposed Solution(s):

I want to a provide TLS termination when I expose a store, a way to mount or specifiy certs directory to be take into account.

Describe Possible Alternatives:

Additional Context:

Currently, I am unable to provide TLS certs when I expose a store as a registry/fileserver.

ObieBent commented

I finally managed to expose the registry with TLS termination through a config.yml file.
I will close this case.

DrackThor commented

@ObieBent can you please explain how you fixed this issue?
I can't find any docs around the mentioned config.yml.

ObieBent commented

@ObieBent can you please explain how you fixed this issue? I can't find any docs around the mentioned config.yml.

Here is below the content of my config.yml

version: 0.1
storage:
  filesystem:
    rootdirectory: /path/of/the/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
  host: https://<hauler-fqdn>:5000
  tls:
    certificate: /path/to/cert/hauler.crt
    key: /path/to/private/key/hauler.key

Then, I created a systemd service for the registry like this :

$ cat hauler@registry.service
[Unit]
Description=Hauler Rancher %I Service

[Service]
Type=simple
KillMode=process
Environment="HOME=/path/to/hauler/home/directory"
ExecStart=/usr/local/bin/hauler store -s <hauler-store> serve %i -c config.yml
WorkingDirectory=/path/to/hauler/home/directory
ExecStop=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

Hope this will help you.

zackbradys commented

Hey @ObieBent and @DrackThor, we just merged PR #303, which added native support for this. Once the next releases out next week, please give it a try!

zackbradys@Zacks-MacBook-Pro hauler % ./bin/hauler store serve registry --help
Serve the embedded registry

Usage:
  hauler store serve registry [flags]

Flags:
  -c, --config string      Path to config file, overrides all other flags
      --directory string   Directory to use for backend. Defaults to $PWD/registry (default "registry")
  -h, --help               help for registry
  -p, --port int           Port used to accept incoming connections (default 5000)
      --readonly           Run the registry as readonly (default true)
      --tls-cert string    Location of the TLS Certificate
      --tls-key string     Location of the TLS Key

Global Flags:
      --cache string       (deprecated flag and currently not used)
  -l, --log-level string    (default "info")
  -s, --store string       Location to create store at (default "store")
  • ❤️1