Configure the Docker Notary Server

JFrog Artifactory Documentation

Products
JFrog Artifactory
Content Type
User Guide
ft:sourceType
Paligo

Create a directory for your Notary server. In the code snippets below we will use notarybox .

Create a dockerfile with the following content:

FROM ubuntu                                                                                                                                                                                                                            

RUN apt-get update \
&& apt-get install -y \
tree \
vim \
git \
ca-certificates \
curl \
--no-install-recommends
RUN install -m 0755 -d /etc/apt/keyrings \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc \
&& chmod a+r /etc/apt/keyrings/docker.asc

RUN echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null

RUN apt-get update && apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

WORKDIR /root
RUN git clone https://github.com/docker/notary.git && \
cp /root/notary/fixtures/root-ca.crt /usr/local/share/ca-certificates/root-ca.crt && \
update-ca-certificates

ENTRYPOINT ["bash”]

Use a private certificate

This configuration runs with a public certificate. Any Docker client running with the same public certificate may be able to access your Notary server.

For a secure setup, we recommend replacing it with your organization's private certificate by replacing the public root-ca.crt certificate file with your private certificate under /root/notary/fixtures on your Notary server, and under/usr/local/share/ca-certificates on the machine running your Docker client.

Build the test image:

docker build -t [image name] [path to dockerfile]

If you are running the build in your dockerfile directory, you can just use "." as the path to the Docker file.

Start the Notary server:

To start the Notary server, you first need to have Docker Compose installed.

Then execute the following steps:

cd notarybox 
git clone -b trust-sandbox https://github.com/docker/notary.git
cd notary
docker-compose build
docker-compose up -d