docker/dtr install

Estimated reading time: 3 minutes

Install Docker Trusted Registry

Usage

docker run -it --rm docker/dtr \
    install [command options]

Description

This command installs Docker Trusted Registry (DTR) on a node managed by Docker Universal Control Plane (UCP).

After installing DTR, you can join additional DTR replicas using the join command.

Example usage:

$ docker run -it --rm docker/dtr:2.2.0 install \
    --ucp-node <UCP_NODE_HOSTNAME> \
    --ucp-insecure-tls

Note: We recommend --ucp-ca "$(cat ca.pem)" instead of --ucp-insecure-tls for a production deployment.

Options

Option Description
--debug Enable debug mode for additional logging
--dtr-ca Use a PEM-encoded TLS CA certificate for DTR. If not provided, one will be generated at install time.
--dtr-cert Use a PEM-encoded TLS certificate for DTR. If not provided, one will be generated at install time.
--dtr-external-url URL of the host or load balancer clients use to reach DTR. Format https://host[:port]
--dtr-key Use a PEM-encoded TLS private key for DTR. If not provided, one will be generated at install time.
--dtr-storage-volume Full path or volume name to store Docker images in the local filesystem
--enable-pprof Enables pprof profiling of the server
--extra-envs Environment variables or swarm constraints for DTR containers. Format var=val[&var=val]
--http-proxy The HTTP proxy used for outgoing requests
--https-proxy The HTTPS proxy used for outgoing requests
--hub-password Password to use when pulling images
--hub-username Username to use when pulling images
--log-host Endpoint to send logs to, required if --log-protocol is tcp or udp
--log-level Log level for container logs. Default: INFO
--log-protocol The protocol for sending container logs: tcp, tcp+tls, udp or internal. Default: internal
--nfs-storage-url NFS to store Docker images. Requires NFS client libraries. Format nfs://<ip|hostname>/
--no-proxy Don’t use a proxy for these domains. Format acme.org[, acme.com]
--overlay-subnet The subnet used by the dtr-ol overlay network. Example: 10.0.0.0/24
--replica-http-port The public HTTP port for the DTR replica. Default is 80
--replica-https-port The public HTTPS port for the DTR replica. Default is 443
--replica-id Assign an ID to the DTR replica. By default the ID is random
--ucp-ca Use a PEM-encoded TLS CA certificate for UCP
--ucp-insecure-tls Disable TLS verification for UCP
--ucp-node The hostname of the target UCP node. Set to empty string or “random” to pick one at random.
--ucp-password The UCP administrator password
--ucp-url The UCP URL including domain and port
--ucp-username The UCP administrator username
--unsafe Allow DTR to be installed on any engine version
docker, dtr, cli, install