Private registries are used to store and distribute Docker images within your organization, providing control and security over your containerized applications. It is a common task when working with containerization technologies like Docker. In this post, I'll walk you through the steps to set up a private Docker registry.
There are various tools available for creating private registries, and Docker itself provides a registry image called Docker Registry. We will focus on using Docker Registry, depending on your needs, you may also explore Harbor, Artifactory, or Azure Container Registry.
A Linux host where you'll host the private registry.
Docker is installed on the host.
Docker Compose installed (optional but recommended for ease of management).
Here are the steps:
Install Docker Registry:
You can use Docker Compose to easily set up the Docker Registry. Create a
docker-compose.yml file with the following content
version: '3' services: registry: image: registry:2 ports: - 5000:5000 environment: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
Configure TLS (Optional but recommended):
It is strongly advised that you configure TLS to secure your private registry. You can use tools like certbot or generate a self-signed certificates. Then, update the TLS configuration to your docker-compose.yml file.
version: '3' services: registry: image: registry:2 ports: - 5000:5000 environment: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry volumes: - /path/to/certs:/certs tls: certificate: /certs/your.crt key: /certs/your.key
your.key with the actual paths and filenames of your TLS certificates.
Secure the Registry:
To secure the registry, you can set up authentication. Docker Registry supports both basic authentication and token-based authentication. Basic authentication involves creating a
htpasswd file, and token-based authentication can be set up using Docker Notary.
For basic authentication, create an
htpasswd file and mount it into the registry container. Update your
docker-compose.yml to include the authentication:
version: '3' services: registry: image: registry:2 ports: - 5000:5000 environment: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm volumes: - /path/to/certs:/certs - /path/to/auth:/auth tls: certificate: /certs/your.crt key: /certs/your.key
/path/to/auth with the path to your
Save this file and run the registry as a Docker container.
docker-compose up -d
Access the Registry:
Once your private registry is up and running, you can login to the registry if authentication was setup, push and pull Docker images to and from it using the following format:
docker login <registry-host>:5000 docker pull <registry-host>:5000/<image-name>:<tag> docker push <registry-host>:5000/<image-name>:<tag>
<registry-host> is the hostname or IP address of your private registry server.
That's it! You now have a private Docker registry up and running. Make sure to configure the necessary firewall rules and access controls to restrict access to authorized users only. Additionally, consider setting up regular backups and monitoring your registry to ensure its reliability and security.