docker/dtr install

Estimated reading time: 3 minutes

These are the docs for DTR version 2.2

To select a different version, use the selector below.

Install Docker Trusted Registry

Usage

docker run -it --rm docker/dtr \
    install [command options]

Description

This command installs Docker Trusted Registry (DTR) on a node managed by Docker Universal Control Plane (UCP).

After installing DTR, you can join additional DTR replicas using the join command.

Example usage:

$ docker run -it --rm docker/dtr:2.2.0 install \
    --ucp-node <UCP_NODE_HOSTNAME> \
    --ucp-insecure-tls

Note: We recommend --ucp-ca "$(cat ca.pem)" instead of --ucp-insecure-tls for a production deployment.

Options

OptionDescription
--debugEnable debug mode for additional logging
--dtr-caUse a PEM-encoded TLS CA certificate for DTR. If not provided, one will be generated at install time.
--dtr-certUse a PEM-encoded TLS certificate for DTR. If not provided, one will be generated at install time.
--dtr-external-urlURL of the host or load balancer clients use to reach DTR. Format https://host[:port]
--dtr-keyUse a PEM-encoded TLS private key for DTR. If not provided, one will be generated at install time.
--dtr-storage-volumeFull path or volume name to store Docker images in the local filesystem
--enable-pprofEnable pprof profiling of the server
--extra-envsEnvironment variables or swarm constraints for DTR containers. Format var=val[&var=val]
--http-proxyThe HTTP proxy used for outgoing requests
--https-proxyThe HTTPS proxy used for outgoing requests
--hub-passwordPassword to use when pulling images
--hub-usernameUsername to use when pulling images
--log-hostEndpoint to send logs to, required if --log-protocol is tcp or udp
--log-levelLog level for container logs. Default: INFO
--log-protocolThe protocol for sending container logs: tcp, tcp+tls, udp or internal. Default: internal
--nfs-storage-urlNFS to store Docker images. Requires NFS client libraries. Format nfs://<ip|hostname>/
--no-proxyDon’t use a proxy for these domains. Format acme.org[, acme.com]
--overlay-subnetThe subnet used by the dtr-ol overlay network. Example: 10.0.0.0/24
--replica-http-portThe public HTTP port for the DTR replica. Default is 80
--replica-https-portThe public HTTPS port for the DTR replica. Default is 443
--replica-idAssign an ID to the DTR replica. By default the ID is random
--ucp-caUse a PEM-encoded TLS CA certificate for UCP
--ucp-insecure-tlsDisable TLS verification for UCP
--ucp-nodeThe hostname of the target UCP node. Set to empty string or “random” to pick one at random.
--ucp-passwordThe UCP administrator password
--ucp-urlThe UCP URL including domain and port
--ucp-usernameThe UCP administrator username
--unsafeAllow DTR to be installed on any engine version
docker, dtr, cli, install