Self-signed certificates
Last updated
Was this helpful?
Last updated
Was this helpful?
This guide will demonstrate the use of a private registry using self-signed certificates in conjunction with Earthly.
For information about configuring the registry itself, see the .
No special considerations are needed in the Earthfile itself. You can use SAVE IMAGE
just like any other repository.
Set the following configuration options in your .
Where <absolute-path-to-ca-file>
is the location of the CA certificate you wish to add and <registry-hostname>
is the hostname of the registry. The quotes are not a mistake, and should be left in.
For testing purposes, you can also define insecure registries for Earthly to access. Note that the non-test use of insecure registries is strongly discouraged due to the risk of man-in-the-middle (MITM) attacks.
In addition, you will need to specify the --insecure
flag in any SAVE IMAGE
command. Again, the quotes are not a mistake, and should be left in.
Note
The http
and insecure
settings are typically mutually exclusive. Setting insecure=true
should only be used when the registry is https and is configured with an insecure certificate. Setting http=true
is only for the case where a standard http-based registry is used (i.e. no SSL encryption). If both are set buildkit will attempt to connect to the registry using either http (port 80), or https (port 443).
To configure Earthly to use an insecure registry, use the following settings.
Other settings for configuring registries in Earthly via can be seen below.