Guide on How to Deploy a Private Container Registry

·

2 min read

Guide on How to Deploy a Private Container Registry

Private registries are used to store and distribute Docker images within your organization, providing control and security over your containerized applications. It is a common task when working with containerization technologies like Docker. In this post, I'll walk you through the steps to set up a private Docker registry.

There are various tools available for creating private registries, and Docker itself provides a registry image called Docker Registry. We will focus on using Docker Registry, depending on your needs, you may also explore Harbor, Artifactory, or Azure Container Registry.

Prerequisites:

  1. A Linux host where you'll host the private registry.

  2. Docker is installed on the host.

  3. Docker Compose installed (optional but recommended for ease of management).

Here are the steps:

Install Docker Registry:

You can use Docker Compose to easily set up the Docker Registry. Create a docker-compose.yml file with the following content

version: '3'
services:
  registry:
    image: registry:2
    ports:
      - 5000:5000
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry

Configure TLS (Optional but recommended):

It is strongly advised that you configure TLS to secure your private registry. You can use tools like certbot or generate a self-signed certificates. Then, update the TLS configuration to your docker-compose.yml file.

version: '3'
services:
  registry:
    image: registry:2
    ports:
      - 5000:5000
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
    volumes:
      - /path/to/certs:/certs
    tls:
      certificate: /certs/your.crt
      key: /certs/your.key

Replace /path/to/certs, your.crt, and your.key with the actual paths and filenames of your TLS certificates.

Secure the Registry:

To secure the registry, you can set up authentication. Docker Registry supports both basic authentication and token-based authentication. Basic authentication involves creating a htpasswd file, and token-based authentication can be set up using Docker Notary.

For basic authentication, create an htpasswd file and mount it into the registry container. Update your docker-compose.yml to include the authentication:

version: '3'
services:
  registry:
    image: registry:2
    ports:
      - 5000:5000
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
    volumes:
      - /path/to/certs:/certs
      - /path/to/auth:/auth
    tls:
      certificate: /certs/your.crt
      key: /certs/your.key

Replace /path/to/auth with the path to your htpasswd file.

Save this file and run the registry as a Docker container.

docker-compose up -d

Access the Registry:

Once your private registry is up and running, you can login to the registry if authentication was setup, push and pull Docker images to and from it using the following format:

docker login <registry-host>:5000
docker pull <registry-host>:5000/<image-name>:<tag>
docker push <registry-host>:5000/<image-name>:<tag>

<registry-host> is the hostname or IP address of your private registry server.

That's it! You now have a private Docker registry up and running. Make sure to configure the necessary firewall rules and access controls to restrict access to authorized users only. Additionally, consider setting up regular backups and monitoring your registry to ensure its reliability and security.