Private registries are used to store and distribute Docker images within your organization, providing control and security over your containerized applications. It is a common task when working with containerization technologies like Docker. In this post, I'll walk you through the steps to set up a private Docker registry.
There are various tools available for creating private registries, and Docker itself provides a registry image called Docker Registry. We will focus on using Docker Registry, depending on your needs, you may also explore Harbor, Artifactory, or Azure Container Registry.
Prerequisites:
A Linux host where you'll host the private registry.
Docker is installed on the host.
Docker Compose installed (optional but recommended for ease of management).
Here are the steps:
Install Docker Registry:
You can use Docker Compose to easily set up the Docker Registry. Create a docker-compose.yml
file with the following content
version: '3'
services:
registry:
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
Configure TLS (Optional but recommended):
It is strongly advised that you configure TLS to secure your private registry. You can use tools like certbot or generate a self-signed certificates. Then, update the TLS configuration to your docker-compose.yml file.
version: '3'
services:
registry:
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
volumes:
- /path/to/certs:/certs
tls:
certificate: /certs/your.crt
key: /certs/your.key
Replace /path/to/certs
, your.crt
, and your.key
with the actual paths and filenames of your TLS certificates.
Secure the Registry:
To secure the registry, you can set up authentication. Docker Registry supports both basic authentication and token-based authentication. Basic authentication involves creating a htpasswd
file, and token-based authentication can be set up using Docker Notary.
For basic authentication, create an htpasswd
file and mount it into the registry container. Update your docker-compose.yml
to include the authentication:
version: '3'
services:
registry:
image: registry:2
ports:
- 5000:5000
environment:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /path/to/certs:/certs
- /path/to/auth:/auth
tls:
certificate: /certs/your.crt
key: /certs/your.key
Replace /path/to/auth
with the path to your htpasswd
file.
Save this file and run the registry as a Docker container.
docker-compose up -d
Access the Registry:
Once your private registry is up and running, you can login to the registry if authentication was setup, push and pull Docker images to and from it using the following format:
docker login <registry-host>:5000
docker pull <registry-host>:5000/<image-name>:<tag>
docker push <registry-host>:5000/<image-name>:<tag>
<registry-host>
is the hostname or IP address of your private registry server.
That's it! You now have a private Docker registry up and running. Make sure to configure the necessary firewall rules and access controls to restrict access to authorized users only. Additionally, consider setting up regular backups and monitoring your registry to ensure its reliability and security.