diff --git a/.gitignore b/.gitignore
index 5202da831..8f9222025 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,4 @@
target
work
-demo/snapshot-plugins/
.idea
*.iml
diff --git a/demo/.dockerignore b/demo/.dockerignore
deleted file mode 100644
index 16d3c4dbb..000000000
--- a/demo/.dockerignore
+++ /dev/null
@@ -1 +0,0 @@
-.cache
diff --git a/demo/.gitignore b/demo/.gitignore
new file mode 100644
index 000000000..4a2f970cc
--- /dev/null
+++ b/demo/.gitignore
@@ -0,0 +1,2 @@
+snapshot-plugins/
+certs/
diff --git a/demo/Dockerfile b/demo/Dockerfile
index acad2c266..0e99c410f 100644
--- a/demo/Dockerfile
+++ b/demo/Dockerfile
@@ -37,6 +37,9 @@ RUN /usr/local/maven/bin/mvn -s settings.xml -Dmaven.repo.local=/usr/share/jenki
COPY plugins.txt /tmp/files/
RUN /usr/local/bin/plugins.sh /tmp/files/plugins.txt
+# Remove the base workflow-demo "cd" job
+RUN rm -rf /usr/share/jenkins/ref/jobs/cd
+
ADD JENKINS_HOME /usr/share/jenkins/ref
COPY run-demo.sh /usr/local/bin/run-demo.sh
diff --git a/demo/Dockerfile-proxy b/demo/Dockerfile-proxy
deleted file mode 100644
index 3a1da4454..000000000
--- a/demo/Dockerfile-proxy
+++ /dev/null
@@ -1,6 +0,0 @@
-FROM nginx:1.9.0
-RUN apt-get update
-RUN apt-get install -y apache2-utils
-COPY workflow-reg-proxy.conf /etc/nginx/conf.d/
-COPY gen-security-data.sh /usr/local/bin/
-RUN /usr/local/bin/gen-security-data.sh /var/registry/certs
diff --git a/demo/Dockerfile-registry b/demo/Dockerfile-registry
new file mode 100644
index 000000000..235838cfb
--- /dev/null
+++ b/demo/Dockerfile-registry
@@ -0,0 +1,7 @@
+FROM registry:2.5.1
+ADD certs/ca.crt certs/ca.key certs/docker-registry.htpasswd /var/registry/certs/
+ENV REGISTRY_HTTP_TLS_CERTIFICATE /var/registry/certs/ca.crt
+ENV REGISTRY_HTTP_TLS_KEY /var/registry/certs/ca.key
+ENV REGISTRY_AUTH htpasswd
+ENV REGISTRY_AUTH_HTPASSWD_REALM Registry Realm
+ENV REGISTRY_AUTH_HTPASSWD_PATH /var/registry/certs/docker-registry.htpasswd
diff --git a/demo/JENKINS_HOME/credentials.xml b/demo/JENKINS_HOME/credentials.xml
index 8b90faca4..d4c6ffbc1 100644
--- a/demo/JENKINS_HOME/credentials.xml
+++ b/demo/JENKINS_HOME/credentials.xml
@@ -10,7 +10,7 @@
GLOBAL
docker-registry-login
- workflowuser
+ pipelineuser
123123123
diff --git a/demo/Makefile b/demo/Makefile
index 8913aadd3..970bb0628 100644
--- a/demo/Makefile
+++ b/demo/Makefile
@@ -25,11 +25,12 @@
TAG=$(shell perl -n -e 'if (/docker-workflow:(.+)/) {print $$1}' plugins.txt)
IMAGE=jenkinsci/docker-workflow-demo
-build-proxy:
- docker build -t nginx:docker-workflow-demo -f Dockerfile-proxy .
+build-registry:
+ ./gen-security-data.sh certs
+ docker build -t registry:docker-workflow-demo -f Dockerfile-registry .
# Builds a demo based on a released version of the plugin.
-build: build-proxy
+build: build-registry
docker build -t $(IMAGE):$(TAG) .
# Builds a demo based on the current local snapshot build of the plugin.
@@ -55,7 +56,7 @@ run-snapshot: build-snapshot
$(DOCKER_RUN) $(IMAGE):SNAPSHOT
clean:
- rm -rf snapshot-plugins
+ rm -rf certs snapshot-plugins
push:
docker push $(IMAGE):$(TAG)
diff --git a/demo/gen-security-data.sh b/demo/gen-security-data.sh
index d1ef00cc5..99464d615 100755
--- a/demo/gen-security-data.sh
+++ b/demo/gen-security-data.sh
@@ -31,26 +31,9 @@ mkdir -p $1
pushd $1
-htpasswd -bmc docker-registry.htpasswd workflowuser 123123123
+docker run --entrypoint htpasswd registry:2.5.1 -Bbn pipelineuser 123123123 > docker-registry.htpasswd
# Create the CA Key and Certificate for signing Certs
openssl genrsa -des3 -passout pass:x -out ca.key 4096
openssl rsa -passin pass:x -in ca.key -out ca.key # remove password!
-openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=US/ST=California/L=San Jose/O=Jenkins CI/OU=Workflow Dept/CN=localhost"
-
-# Create the Server Key, CSR, and Certificate
-openssl genrsa -des3 -passout pass:x -out key.pem 1024
-openssl rsa -passin pass:x -in key.pem -out key.pem # remove password!
-openssl req -new -key key.pem -out server.csr -subj "/C=US/ST=California/L=San Jose/O=Jenkins CI/OU=Workflow Dept/CN=localhost"
-
-# Self sign the server cert.
-openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out cert.pem
-
-# cat the ca cert onto the server cert
-cat ca.crt >> cert.pem
-
-# White-list the CA cert (because it is self-signed), otherwise docker client will not be able to authenticate
-cp ca.crt /usr/local/share/ca-certificates
-update-ca-certificates
-
-popd
+openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=US/ST=California/L=San Jose/O=Jenkins CI/OU=Pipeline Dept/CN=localhost"
diff --git a/demo/run-demo.sh b/demo/run-demo.sh
index 85728c7b9..69f532500 100755
--- a/demo/run-demo.sh
+++ b/demo/run-demo.sh
@@ -31,10 +31,9 @@
echo '*************** Installing a local Docker Registry Service for the demo ***************'
echo '*************** Please sit tight for a minute ***************'
-cont1=$(docker run -d --name registry --restart=always registry:0.9.1)
-cont2=$(docker run -d -p 443:443 --name wf-registry-proxy --link registry:registry nginx:docker-workflow-demo)
+cont1=$(docker run -d -p 443:5000 --name registry --restart=always registry:docker-workflow-demo)
# TODO would be natural to switch to Compose
-trap "docker rm -f $cont1 $cont2" EXIT
+trap "docker rm -f $cont1" EXIT
# Note that this https://github.com/docker/docker/issues/23177 workaround is useless since the Docker CLI does not do the hostname resolution, the server does:
# echo $(docker inspect -f '{{.NetworkSettings.Gateway}}' $HOSTNAME) docker.example.com >> /etc/hosts
@@ -44,11 +43,6 @@ echo '*************** Docker Registry Service running now **
# In case some tagged images were left over from a previous run using a cache:
(docker images -q examplecorp/spring-petclinic; docker images -q localhost/examplecorp/spring-petclinic) | xargs docker rmi --no-prune=true --force
-#
-# Remove the base workflow-demo "cd" job
-#
-rm -rf /usr/share/jenkins/ref/jobs/cd /var/jenkins_home/jobs/cd
-
#
# Now run Jenkins.
#
diff --git a/demo/workflow-reg-proxy.conf b/demo/workflow-reg-proxy.conf
deleted file mode 100644
index 6fa502c39..000000000
--- a/demo/workflow-reg-proxy.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-server {
- listen 443 ssl;
- server_name localhost;
-
- ssl on;
- ssl_certificate /var/registry/certs/cert.pem;
- ssl_certificate_key /var/registry/certs/key.pem;
- ssl_verify_client off;
-
- proxy_set_header Host $http_host; # required for Docker client
- proxy_set_header X-Real-IP $remote_addr; # pass client IP
- proxy_set_header Authorization ""; # see https://github.com/dotcloud/docker-registry/issues/170
- proxy_read_timeout 900;
-
- proxy_set_header X-Forwarded-Proto "https";
- proxy_set_header X-Forwarded-Protocol "https";
-
- client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
-
- # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
- chunked_transfer_encoding on;
-
- location / {
- # let Nginx know about our auth file
- auth_basic "Restricted Docker Registry";
- auth_basic_user_file /var/registry/certs/docker-registry.htpasswd;
- proxy_pass http://registry:5000/;
- }
- location /_ping {
- auth_basic off;
- proxy_pass http://registry:5000/;
- }
- location /v1/_ping {
- auth_basic off;
- proxy_pass http://registry:5000/;
- }
-}