public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-16 10:03:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

air gap changes

Browse Source
This commit is contained in:
Denise Schannon
2018-09-27 15:03:24 -07:00
committed by Denise
parent 59df0b1200
commit 0ff8b8470a
5 changed files with 138 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/installation/air-gap-installation/_index.md
+9 -7
View File
@@ -2,19 +2,21 @@
title: Air Gap Install
weight: 300
---
In environments where security is high priority, you can set up Rancher in an air gap configuration. Air gap installs are more secure than standard single-node or HA deployments because the network that runs Rancher is disconnected from the Internet, reducing your security surface area.
In environments where security is high priority, you can set up Rancher in an air gap configuration. Air gap installs are more secure than standard single-node or HA deployments because the network that runs Rancher is disconnected from the Internet, reducing your security surface area.
## Prerequisites
- Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing docker images to your machine. If you need help with creating a private registry, please refer to the [Docker documentation](https://docs.docker.com/registry/).
- Rancher supports air gap installs using a private registry. You must have your own private registry or other means of distributing Docker images to your machine. If you need help with creating a private registry, please refer to the [Docker documentation](https://docs.docker.com/registry/).
For each Rancher [release](https://github.com/rancher/rancher/releases), we provide the Docker images and scripts needed to mirror those images to your own registry. The Docker images are used when nodes are added to a cluster, or when you enable features like pipelines or logging.
For each Rancher [release](https://github.com/rancher/rancher/releases), we provide the Docker images and scripts needed to mirror these images to your own registry. The Docker images are used when installing Rancher in a HA setup, when provisioning a cluster where Rancher is launching Kubernetes, or when you enable features like pipelines or logging.
- **Installation Option:** Before beginning your air gap installation, choose whether you want ~~a~~ [single-node install]({{< baseurl >}}/rancher/v2.x/en/installation/single-node) or a [high availability install]({{< baseurl >}}/rancher/v2.x/en/installation/ha). View your chosen configuration's introduction notes along with Rancher's [node requirements]({{< baseurl >}}/rancher/v2.x/en/installation/requirements).
## Caveats
In Rancher v2.0.x, registries with authentication are not supported for installing from a private registry. The Docker images can only be pulled from a registry without authentication enabled. This limitation only applies to Docker images.
Any Rancher version prior to v2.1.0, registries with authentication are not supported when installing Rancher in HA or provisioning clusters, but after clusters are provisioned, registries with authentication can be used in the Kubernetes clusters.
As of v2.1.0, registries with authentication work for installing Rancher as well as provisioning clusters.
## Air Gap Installation Outline
@@ -22,7 +24,7 @@ While installing Rancher in an air gap configuration, you'll complete several di
- [1—Preparing the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/)
- [2—Installing Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/)
- [3—Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/)
- [3—Configuring Rancher to default to the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/private-registry/)
### [Next: Prepare the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/)
### [Next: Prepare the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/)
content/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/_index.md
+6 -8
View File
@@ -4,20 +4,20 @@ weight: 75
draft: true
---
Rancher needs to be configured to use the private registry as source for the needed images.
Rancher needs to be configured to use the private registry in order to provision any [Rancher launched Kubernetes clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) or [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/) .
1. Log into Rancher and configure the default admin password.
1. Go into the **Settings** view.
![Settings]({{< baseurl >}}/img/rancher/airgap/settings.png)
1. Look for the setting called `system-default-registry` and choose **Edit**.
![Edit]({{< baseurl >}}/img/rancher/airgap/edit-system-default-registry.png)
1. Change the value to your registry (e.g. `registry.yourdomain.com:port`). Do not prefix the registry with `http://` or `https://`.
![Save]({{< baseurl >}}/img/rancher/airgap/enter-system-default-registry.png)
@@ -27,8 +27,6 @@ Rancher needs to be configured to use the private registry as source for the nee
> ```
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
-e CATTLE_SYSTEM_DEFAULT_REGISTRY=<registry.yourdomain.com:port> \
<registry.yourdomain.com:port>/rancher/rancher:v2.0.0
-e CATTLE_SYSTEM_DEFAULT_REGISTRY=<REGISTRY.YOURDOMAIN.COM:PORT> \
<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:<RANCHER_VERSION_TAG>
```
content/rancher/v2.x/en/installation/air-gap-installation/install-rancher/_index.md
+17 -16
View File
@@ -4,7 +4,7 @@ weight: 50
draft: true
---
After your private registry is setup for your Rancher installation, complete that installation. Follow one of the procedures below based on the configuration in which you want to run Rancher.
After your private registry is set up for your Rancher installation, complete your installation. Follow one of the procedures below based on the configuration in which you want to run Rancher.
<!-- TOC -->
@@ -19,22 +19,22 @@ To deploy Rancher on a single node in an air gap environment, follow the instruc
### Add Private Registry URL to Run Command
When you get to the section [Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/#2-choose-an-ssl-option-and-install-rancher), regardless of which install option you choose, prepend your Rancher image tag with your private registry URL (`<registry.yourdomain.com:port>`), as shown in the example below.
When you get to the section [Choose an SSL Option and Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/#2-choose-an-ssl-option-and-install-rancher), regardless of which install option you choose, prepend your Rancher image tag with your private registry URL (`<REGISTRY.YOURDOMAIN.COM:PORT>`), as shown in the example below.
```
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
<registry.yourdomain.com:port>/rancher/rancher:latest
<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:<RANCHER_VERSION_TAG>
```
>**Note:** If you want to skip [3—Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/) later, you can complete it now by setting the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`.
>**Note:** If you want to automatically configure Rancher to default to the private registry, you can do it during the installation by setting the environment variable `CATTLE_SYSTEM_DEFAULT_REGISTRY`. This will allow you to skip [3—Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/)
>
> Example:
```
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
-e CATTLE_SYSTEM_DEFAULT_REGISTRY=<registry.yourdomain.com:port> \
<registry.yourdomain.com:port>/rancher/rancher:v2.0.0
-e CATTLE_SYSTEM_DEFAULT_REGISTRY=<REGISTRY.YOURDOMAIN.COM:PORT> \
<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:v2.0.0
```
## High Availability Air Gap Install
@@ -43,7 +43,7 @@ To install Rancher in a high availability configuration within an air gap enviro
### Add Private Registry to RKE YAML
When you get to [Create the rancher-cluster.yml File]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/#create-the-rancher-cluster-yml-file), replace its code sample with the one below, which adds the `private registries` block. Replace each `address`, `internal_address`, and `url` with the with the address information for each of your hosts.
When you get to the [Create the rancher-cluster.yml File]({{< baseurl >}}/rancher/v2.x/en/installation/ha/kubernetes-rke/#create-the-rancher-cluster-yml-file) step, replace its code sample with the one below, which adds the `private_registries` code block. By adding this private registry into the file, it automatically uses the private registry when pulling any images.
Replace values in the code sample according to the table below.
@@ -53,6 +53,7 @@ Replace values in the code sample according to the table below.
| `internal_address` | The IP address for each of your air gap nodes within the cluster. |
| `url` | The URL for your private registry. |
<br>
```yaml
nodes:
@@ -72,7 +73,7 @@ nodes:
role: [ "controlplane", "etcd", "worker" ]
ssh_key_file: /home/user/.ssh/id_rsa
private_registries:
- url: my_registry.example.com # private registry url
- url: <REGISTRY.YOURDOMAIN.COM:PORT> # private registry url
user: rancher
password: "*********"
is_default: true
@@ -80,32 +81,32 @@ nodes:
### Initialize Helm Using Private Registry
When you get to [Helm Init]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/#helm-init), add your private registry in the step to initialize Helm, as shown below. Replace `user-ag-2-registry.rancher.space` with your registry's hostname and domain.
When you get to [Helm Init]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-init/#helm-init), add your private registry in the step to initialize Helm, as shown below. Replace `<REGISTRY.YOURDOMAIN.COM:PORT>` with your registry's hostname and domain.
```
helm init --service-account tiller \
--tiller-image user-ag-2-registry.rancher.space/gcr.io/kubernetes-helm/tiller:v2.10.0
--tiller-image <REGISTRY.YOURDOMAIN.COM:PORT>/gcr.io/kubernetes-helm/tiller:v2.10.0
```
### Install cert-manager Using Private Registry
When you get to [Install cert-manager]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#install-cert-manager), replace the install commands provided with the one below. Replace `user-ag-2-registry.rancher.space` with your registry's hostname and domain.
When you get to [Install cert-manager]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#install-cert-manager), replace the install commands provided with the one below. Replace `<REGISTRY.YOURDOMAIN.COM:PORT>` with your registry's hostname and domain.
```
helm install stable/cert-manager --name cert-manager --namespace kube-system \
--set image.repository=user-ag-2-registry.rancher.space/quay.io/jetstack/cert-manager-controller
--set image.repository=<REGISTRY.YOURDOMAIN.COM:PORT>/quay.io/jetstack/cert-manager-controller
```
### Install Rancher Using Private Registry
When you get to [Choose Your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration), set your `hostname` and `rancherImage`, replacing `user-ag-2-registry.rancher.space` with your registry's hostname and domain.
When you get to [Choose Your SSL Configuration]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/#choose-your-ssl-configuration), set your `hostname` and `rancherImage`, replacing `<REGISTRY.YOURDOMAIN.COM:PORT>` with your registry's hostname and domain.
```
helm install rancher-stable/rancher --name rancher --namespace cattle-system \
--set hostname=user-ag-2.rancher.space \
--set rancherImage=user-ag-2-registry.rancher.space/rancher/rancher
--set hostname=<REGISTRY.YOURDOMAIN.COM:PORT> \
--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher:<RANCHER_VERSION_TAG>
```
### [Next: Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/)
### [Next: Configuring Rancher for the Private Registry]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/config-rancher-for-private-reg/)
content/rancher/v2.x/en/installation/air-gap-installation/prepare-private-reg/_index.md
+102 -106
View File
@@ -4,71 +4,139 @@ weight: 25
draft: true
---
For the first part of your air gap install, you'll prepare your private registry for Rancher installation by downloading the Rancher release files, and then pushing them to your private registry.
For the first part of your air gap install, you'll prepare your private registry in order to be able to install and start using Rancher.
<a id="step-1"></a>
1. Browse to the [Rancher releases page](https://github.com/rancher/rancher/releases) and download the following files from the version of Rancher tagged with `Latest release`.
1. Browse to the [Rancher releases page](https://github.com/rancher/rancher/releases) and download the following files for the version that you want to install.
| Release File | Description |
| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `rancher-images.txt` | This file contains all images needed to deploy the release. |
| `rancher-load-images.sh` | This script loads images from `rancher-images.tar.gz` and pushes them to your private registry. You must supply the hostname of your private registry as first argument to the script.<br/>`rancher-load-images.sh registry.yourdomain.com:5000` |
| `rancher-save-images.sh` | This script pulls all needed images from DockerHub and saves all of the images as a compressed file called `rancher-images.tar.gz`. This file can be transferred to your on-premise host that can access your private registry. |
>**Installing on a single node?**
>
>The next two steps don't apply to you. Skip to [step 4](#pop-reg).
| Release File | Description |
| --- | --- |
| `rancher-images.txt` | This file contains the list of all images needed to install the release, create [Rancher launched clusters]({{< baseurl >}}/rancher/v2.x/en/cluster-provisioning/rke-clusters/) and use any of the [Rancher tools]({{< baseurl >}}/rancher/v2.x/en/tools/). |
| `rancher-save-images.sh` | This script pulls all the images in the `rancher-images.txt` from DockerHub and saves all of the images as a compressed file called `rancher-images.tar.gz`. This file can be transferred to your on-premise host that can access your private registry. |
| `rancher-load-images.sh` | This script loads images from the `rancher-images.tar.gz` file and pushes them to your private registry. You must supply the hostname of your private registry as first argument to the script.<br/>`rancher-load-images.sh <REGISTRY.YOURDOMAIN.COM:PORT>` |
1. **High Availablity Installs Only:** You need some additional software to complete installation in an air gap environment. Download the software in the table below.
>**Doing a [single node installation]({{< baseurl >}}/rancher/v2.x/en/installation/single-node/)?** Skip to [step 3](#pop-reg).
1. **High Availability (HA) Installs Only:** For our [HA installation]({{< baseurl >}}/rancher/v2.x/en/installation/ha/), we use additional tools to install Kubernetes and launch Rancher onto a Kubernetes cluster. You will need to install and download additional software and images in order to complete the HA installation.
Download the software in the table below.
| Software | Description |
|----------|-------------|
| RKE | Rancher Kubernetes Engine (RKE) is Rancher's fast, light-weight Kubernetes installer. |
| Helm Image (tiller) | You can discover the tiller image compatible with your installed version of Helm.
| cert-manager | Rancher uses the [cert-manager](https://github.com/jetstack/cert-manager) project to issue self-singed certificates for Rancher GUI/Agent access.
| RKE | [Rancher Kubernetes Engine (RKE)]({{< baseurl >}}/rke/v1.x/en/) is Rancher's fast, light-weight Kubernetes installer. Please download the RKE version that is listed in the release notes of the Rancher version that you are planning to launch. The Docker images in Step 1 will match with this RKE version. |
| Helm | As you are installing Rancher through a helm chart, you will need to download [Helm](https://docs.helm.sh/using_helm/#installing-helm).
<br>
1. **High Availablity Installs Only:** From a system with internet access, paste the sample below into an empty file and save it as a shell script. Run the script to compile the images required by the latest Rancher release and write them to `images.txt` in the local directory.
After the software is installed, run the following shell script to compile the list of additional images required to [install Rancher as a helm chart]({{< baseurl >}}/rancher/v2.x/en/installation/ha/helm-rancher/).
| Images | Description |
|----------|-------------|
| Helm Image (tiller) | You can need a tiller image that is compatible with your installed version of Helm.
| cert-manager | Rancher uses the [cert-manager](https://github.com/jetstack/cert-manager) project to issue self-signed certificates for Rancher GUI/Agent access.
```bash
#!/bin/bash
set -e
# Collect images for Air Gap/Private Registry install
# Requires:
# rke - https://rancher.com/docs/rke/v0.1.x/en/installation/
# helm - https://docs.helm.sh/using_helm/#installing-helm
# curl
# jq
echo "RKE Images"
rke config --system-images 2>/dev/null > tmp-images.txt
echo "Helm Tiller Image"
helm init --dry-run --debug | grep image: | awk '{print $2}' >> tmp-images.txt
echo "Rancher Images"
latest_url=$(curl -sS "https://api.github.com/repos/rancher/rancher/releases/latest" | jq -r '.assets[]|select(.name=="rancher-images.txt")|.browser_download_url')
curl -sSL ${latest_url} >> tmp-images.txt
echo "Cert-Manager Image"
cm_repo=$(helm inspect values stable/cert-manager | grep repository: | awk '{print $2}')
cm_tag=$(helm inspect values stable/cert-manager | grep tag: | awk '{print $2}')
echo "${cm_repo}:${cm_tag}" >> tmp-images.txt
echo "Sort and uniq the images list"
cat tmp-images.txt | sort -u | uniq > images.txt
cat tmp-images.txt | sort -u | uniq > helm-images.txt
# cleanup tmp file
rm tmp-images.txt
```
<a id="pop-reg"></a>
1. Use the Rancher release files that you downloaded in [step 1](#step-1) to populate your private registry with Rancher images. Use the scenario that best matches your use case.
1. Use the Rancher release files that you downloaded in [step 1](#step-1) to populate your private registry with Rancher images. Use the scenario that best matches your use case:
* **Scenario 1**: You have node(s) that can access both DockerHub and your private registry.
* **Scenario 2**: You have a node that can access DockerHub to pull and save the images, and a separate node(s) that access your private registry to push the images.
<br/>
{{% tabs %}}
{{% tab "Scenario 1" %}}
<br/>
The architecture for this scenario is:
- A host that can access both DockerHub and your private registry.
- An on-premise private registry, which you'll use to deploy Rancher in your air gap environment.
<br/>
<br/>
![Scenario2]({{< baseurl >}}/img/rancher/airgap/privateregistrypushpull.svg)
1. You will need to pull all the required images, re-tag each image with the location of your registry, and push the image to the registry. This action requires at least 20GB of disk space.
Use the shell script below to to populate the private registry. This shell script can be used with the list of images from Step 1 (i.e. `rancher-images.txt`) as well as the list of images required for a HA install from Step 2 (i.e. `helm-images.txt`).
```bash
#!/bin/bash
# Usage:
# ./populate-images.sh --registry <REGISTRY.YOURDOMAIN.COM:PORT> --images ./images.txt
POSITIONAL=()
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
-r|--registry)
reg="$2"
shift # past argument
shift # past value
;;
-i|--images)
images="$2"
shift
shift
;;
esac
done
if [[ -z $reg ]]; then
echo "-r|--registry is required"
exit 1
fi
if [[ -z $images ]]; then
echo "-i|--images file is required"
exit 1
fi
echo "Log into Docker registry ${reg}"
docker login ${reg}
for i in $(cat ${images}); do
docker pull ${i}
docker tag ${i} ${reg}/${i}
docker push ${reg}/${i}
done
```
{{% /tab %}}
{{% tab "Scenario 2" %}}
<br/>
The architecture for this scenario is:
@@ -90,81 +158,9 @@ The architecture for this scenario is:
1. Transfer the output file from the previous step (`rancher-images.tar.gz`) to the host that can access the private registry.
1. Transfer and run `rancher-load-images.sh` on the host that can access the private registry. It should be run in the same directory as `rancher-images.tar.gz`.
{{% /tab %}}
{{% tab "Scenario 2" %}}
<br/>
The architecture for this scenario is:
1. Transfer and run `rancher-load-images.sh` on the host that can access the private registry. It should be run in the same directory as `rancher-images.tar.gz`.
- A host that can access both DockerHub and your private registry.
- An on-premise private registry, which you'll use to deploy Rancher in your air gap environment.
<br/>
<br/>
![Scenario2]({{< baseurl >}}/img/rancher/airgap/privateregistrypushpull.svg)
2. Pull all the images present in `rancher-images.txt`, re-tag each image with the location of your registry, and push the image to the registry. This action requires at least 20GB of disk space. See an example script below:
```
#!/bin/sh
IMAGES=`curl -s -L https://github.com/rancher/rancher/releases/download/v2.0.0/rancher-images.txt`
for IMAGE in $IMAGES; do
until docker inspect $IMAGE > /dev/null 2>&1; do
docker pull $IMAGE
done
docker tag $IMAGE <registry.yourdomain.com:port>/$IMAGE
docker push <registry.yourdomain.com:port>/$IMAGE
done
```
{{% /tab %}}
{{% /tabs %}}
1. Use the shell script below to to populate the private registry. This shell script can be used with a list of images (`images.txt`). To use this script, the system needs access to both the Internet and the private registry.
```bash
#!/bin/bash
# Usage:
# ./populate-images.sh --registry my_registry.example.com --images ./images.txt
POSITIONAL=()
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
-r|--registry)
reg="$2"
shift # past argument
shift # past value
;;
-i|--images)
images="$2"
shift
shift
;;
esac
done
if [[ -z $reg ]]; then
echo "-r|--registry is required"
exit 1
fi
if [[ -z $images ]]; then
echo "-i|--images file is required"
exit 1
fi
echo "Log into Docker registry ${reg}"
docker login ${reg}
for i in $(cat ${images}); do
docker pull ${i}
docker tag ${i} ${reg}/${i}
docker push ${reg}/${i}
done
```
### [Next: Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/)
### [Next: Install Rancher]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/)
content/rancher/v2.x/en/installation/single-node/_index.md
+4 -4
View File
@@ -33,7 +33,7 @@ If you are installing Rancher in a development or testing environment where iden
Log into your Linux host, and then run the minimum installation command below.
>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image tag.
>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image.
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
@@ -55,7 +55,7 @@ After creating your certificate, run the Docker command below to install Rancher
- Replace `<CERT_DIRECTORY>` with the directory path to your certificate file.
- Replace `<FULL_CHAIN.pem>`,`<PRIVATE_KEY.pem>`, and `<CA_CERTS>` with your certificate names.
>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image tag.
>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image.
```
docker run -d --restart=unless-stopped \
@@ -81,7 +81,7 @@ After obtaining your certificate, run the Docker command below.
- Use the `--no-cacerts` as argument to the container to disable the default CA certificate generated by Rancher.
>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image tag.
>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image.
```
docker run -d --restart=unless-stopped \
@@ -104,7 +104,7 @@ For production environments, you also have the options of using [Let's Encrypt](
After you fulfill the prerequisites, you can install Rancher using a Let's Encrypt certificate by running the following command. Replace `<YOUR.DNS.NAME>` with your your domain.
>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image tag.
>**Air Gap User?** [Add your private registry URL]({{< baseurl >}}/rancher/v2.x/en/installation/air-gap-installation/install-rancher/#add-private-registry-url-to-run-command) before the `rancher/rancher` image.
docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \