docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changed README to reflect the new defaults 

Signed-off-by: Diogo Monica <diogo@docker.com>
This commit is contained in:
Diogo Monica 2015-10-12 17:10:52 -07:00
parent 8299e01b0a
commit 11f823cf2a
1 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -50,7 +50,7 @@ docker-compose build
docker-compose up -d docker-compose up -d
``` ```
Note: To use the local notary server append `-s http://localhost:4443` to all of the commands below. Note: In order to have notary use the local notary server and development root CA we can load the local development configuration by appending `-c cmd/notary/config.json` to every command. If you would rather not have to use `-c` on every command, copy `cmd/notary/config.json and cmd/notary/root-ca.crt` to `~/.notary`.
First, lets initiate a notary collection called `example.com/scripts` First, lets initiate a notary collection called `example.com/scripts`
@ -95,7 +95,7 @@ expand this to other storage options.
## Setup for Development ## Setup for Development
The notary repository comes with Dockerfiles and a docker-compose file The notary repository comes with Dockerfiles and a docker-compose file
to faciliate development. Simply run the following commands to start to facilitate development. Simply run the following commands to start
a notary server with a temporary MySQL database in containers: a notary server with a temporary MySQL database in containers:
``` ```
@ -110,6 +110,16 @@ by running `boot2docker ip`, with kitematic, `echo $DOCKER_HOST` should
show the IP of the VM). If you are using the default Linux setup, show the IP of the VM). If you are using the default Linux setup,
you need to add `127.0.0.1 notary` to your hosts file. you need to add `127.0.0.1 notary` to your hosts file.
## Successfully connecting over TLS
By default notary-server runs with TLS with certificates signed by a local
CA. In order to be able to successfully connect to it using
either `curl` or `openssl`, you will have to use the root CA file in `fixtures/root-ca.crt`.
OpenSSL example:
`openssl s_client -connect localhost:4443 -CAfile fixtures/root-ca.crt`
## Compiling Notary Server ## Compiling Notary Server
Prerequisites: Prerequisites:
@ -166,9 +176,17 @@ either via the CA of your choice, or a self signed certificate.
If using the pem and key provided in fixtures, either: If using the pem and key provided in fixtures, either:
- add `fixtures/root-ca.crt` to your trusted root certificates - add `fixtures/root-ca.crt` to your trusted root certificates
- use the default configuration for notary client that loads the CA root for you by using the flag `-c ./cmd/notary/config.json`
- disable TLS verification by adding the following option notary configuration file in `~/.notary/config.json`: - disable TLS verification by adding the following option notary configuration file in `~/.notary/config.json`:
"skipTLSVerify": true "skipTLSVerify": true
Otherwise, you will see TLS errors or X509 errors upon initializing the Otherwise, you will see TLS errors or X509 errors upon initializing the
notary collection. notary collection:
```
$ notary list diogomonica.com/openvpn
* fatal: Get https://notary-server:4443/v2/: x509: certificate signed by unknown authority
$ notary list diogomonica.com/openvpn -c cmd/notary/config.json
latest b1df2ad7cbc19f06f08b69b4bcd817649b509f3e5420cdd2245a85144288e26d 4056
```