alex/proxmox-ha-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a4b7d3c73841fd9a01706b3bfb4fc4e15a186eaf
proxmox-ha-setup/scripts/install-registry-cert.sh
alex a4b7d3c738 build image
2025-11-29 19:51:15 +01:00

144 lines
4.6 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# install-registry-cert.sh
# Script per installare il certificato del registry Docker
# Supporta sia Docker standard che Docker Snap
set -e
CERT_FILE="/tmp/registry-new.crt"
REGISTRY_URL="192.168.1.204:5000"
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
print_success() { echo -e "${GREEN}$1${NC}"; }
print_error() { echo -e "${RED}$1${NC}"; }
print_info() { echo -e "${BLUE} $1${NC}"; }
print_warning() { echo -e "${YELLOW}$1${NC}"; }
echo -e "${BLUE}================================================${NC}"
echo -e "${BLUE}INSTALLAZIONE CERTIFICATO REGISTRY${NC}"
echo -e "${BLUE}================================================${NC}"
echo ""
# Verifica che il certificato esista
if [ ! -f "$CERT_FILE" ]; then
print_error "Certificato non trovato: $CERT_FILE"
print_info "Scaricalo prima con: scp root@192.168.1.204:/opt/docker-registry/certs/domain.crt $CERT_FILE"
exit 1
fi
print_success "Certificato trovato: $CERT_FILE"
echo ""
# Verifica SANs
print_info "Verifica Subject Alternative Names nel certificato:"
if openssl x509 -in "$CERT_FILE" -text -noout | grep -q "Subject Alternative Name"; then
openssl x509 -in "$CERT_FILE" -text -noout | grep -A 2 "Subject Alternative Name"
print_success "Certificato ha SANs corretti"
else
print_error "Certificato non ha Subject Alternative Names!"
print_warning "Il certificato deve essere rigenerato sul registry"
exit 1
fi
echo ""
# Rileva tipo di installazione Docker
DOCKER_TYPE="standard"
if snap list docker &>/dev/null; then
DOCKER_TYPE="snap"
print_info "Rilevato: Docker Snap"
elif command -v docker &>/dev/null; then
print_info "Rilevato: Docker Standard"
else
print_error "Docker non trovato"
exit 1
fi
echo ""
# Installazione certificato nel sistema (funziona per entrambi)
print_info "Installazione certificato nel sistema..."
sudo cp "$CERT_FILE" /usr/local/share/ca-certificates/registry-192.168.1.204.crt
sudo chmod 644 /usr/local/share/ca-certificates/registry-192.168.1.204.crt
sudo update-ca-certificates
print_success "Certificato installato in /usr/local/share/ca-certificates/"
echo ""
# Per Docker standard, installa anche in /etc/docker/certs.d
if [ "$DOCKER_TYPE" = "standard" ]; then
print_info "Installazione certificato per Docker daemon..."
sudo mkdir -p /etc/docker/certs.d/$REGISTRY_URL
sudo cp "$CERT_FILE" /etc/docker/certs.d/$REGISTRY_URL/ca.crt
sudo chmod 644 /etc/docker/certs.d/$REGISTRY_URL/ca.crt
print_success "Certificato installato in /etc/docker/certs.d/$REGISTRY_URL/"
echo ""
fi
# Docker Snap usa i certificati di sistema, quindi non serve altro
# Verifica installazione
print_info "Verifica installazione..."
if ls /etc/ssl/certs/ | grep -q registry; then
CERT_LINK=$(ls -la /etc/ssl/certs/ | grep registry | awk '{print $9}')
print_success "Certificato symlink trovato: $CERT_LINK"
else
print_warning "Symlink non trovato (potrebbe essere normale)"
fi
echo ""
# Test connessione
echo -e "${BLUE}================================================${NC}"
echo -e "${BLUE}TEST CONNESSIONE${NC}"
echo -e "${BLUE}================================================${NC}"
echo ""
print_info "Test connessione HTTPS al registry..."
if curl -s https://$REGISTRY_URL/v2/ | grep -q '{}'; then
print_success "Connessione HTTPS: OK"
else
print_warning "Test connessione fallito (verifica che il registry sia in esecuzione)"
fi
echo ""
print_info "Test API registry..."
if curl -s https://$REGISTRY_URL/v2/_catalog >/dev/null 2>&1; then
print_success "API registry: OK"
echo ""
print_info "Immagini nel registry:"
curl -s https://$REGISTRY_URL/v2/_catalog | python3 -m json.tool 2>/dev/null || curl -s https://$REGISTRY_URL/v2/_catalog
else
print_warning "API registry non risponde"
fi
echo ""
# Istruzioni finali
echo -e "${BLUE}================================================${NC}"
echo -e "${GREEN}INSTALLAZIONE COMPLETATA!${NC}"
echo -e "${BLUE}================================================${NC}"
echo ""
print_info "Comandi per testare:"
echo ""
echo " # Test con curl"
echo " curl https://$REGISTRY_URL/v2/_catalog"
echo ""
echo " # Push immagine"
echo " docker push $REGISTRY_URL/orchestrator-app:latest"
echo ""
echo " # Pull immagine"
echo " docker pull $REGISTRY_URL/orchestrator-app:latest"
echo ""
if [ "$DOCKER_TYPE" = "snap" ]; then
print_info "Note per Docker Snap:"
print_info " - Docker Snap usa i certificati di sistema (/etc/ssl/certs/)"
print_info " - Non serve riavviare il daemon Docker"
print_info " - Se il push fallisce ancora, riavvia Snap: sudo snap restart docker"
fi
echo ""
Reference in New Issue View Git Blame Copy Permalink