Skip to content
This repository has been archived by the owner on Sep 12, 2018. It is now read-only.

Commit

Permalink
If REGISTRY_TLS_VERIFY is set, but GUNICORN_OPTS is not, then serve via
Browse files Browse the repository at this point in the history
a TLS endpoint instead of plain HTTP.

This is done by setting GUNICORN_OPTS to some default value, expecting
the following files to be present:

* /ssl/ca.crt
* /ssl/registry.cert
* /ssl/registry.key

Signed-off-by: Tibor Vass <teabee89@gmail.com>
  • Loading branch information
tiborvass committed Nov 7, 2014
1 parent 14796be commit 5ab86d7
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion docker_registry/run.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import logging
import os
import sys
import ssl

from .server import env

Expand Down Expand Up @@ -84,7 +85,11 @@ def run_gunicorn():
else:
logger.warn('You asked we drop priviledges, but we are not root!')

args += env.source('GUNICORN_OPTS')
gunicorn_opts = env.source('GUNICORN_OPTS')
if len(gunicorn_opts) == 0 and len(env.source('REGISTRY_TLS_VERIFY')) > 0:
gunicorn_opts = ['--certfile','/ssl/registry.cert','--keyfile','/ssl/registry.key','--ca-certs','/ssl/ca.crt','--ssl-version', ssl.PROTOCOL_TLSv1]

args += gunicorn_opts
args.append('docker_registry.wsgi:application')
# Stringify all args and call
os.execl(*[str(v) for v in args])

0 comments on commit 5ab86d7

Please sign in to comment.