Create Registry Server certificate

domain.sh

#!/bin/bash

# Retrieve public and private ip of instance
PUBLIC_HOSTNAME=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname)
PUBLIC_IP=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
PRIVATE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)

# Generate openssl config for self-signed certificate with SANs
cat << EOF > ~/domain.cnf
[ ca ]
default_ca  = CA_default

[ CA_default ]
x509_extensions   = usr_cert
name_opt          = ca_default
cert_opt          = ca_default
default_days      = 365
default_crl_days  = 30
default_md        = default
preserve          = no

[ req ]
default_bits        = 2048
default_keyfile     = privkey.pem
distinguished_name  = req_distinguished_name
attributes          = req_attributes
x509_extensions     = v3_ca
string_mask         = utf8only

[ req_distinguished_name ]

[ req_attributes ]

[ v3_req ]
basicConstraints  = CA:FALSE
keyUsage          = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always,issuer
basicConstraints        = CA:true
subjectAltName          = @alt_names

[alt_names]
DNS.1 = ${PUBLIC_HOSTNAME}
IP.1 = ${PUBLIC_IP}
IP.2 = ${PRIVATE_IP}
EOF

# Generate self-signed certificate for Registry Server
openssl req -newkey rsa:2048 -nodes -sha256 -keyout domain.key -x509 \
  -subj "/CN=${PUBLIC_HOSTNAME}/OU=Registry Server/O=Docker Training/L=London/C=UK" \
  -config ~/domain.cnf -days 365 -out domain.crt