How to setup and configure a private Docker Registry

What is a Docker Registry?

A Docker registry is a storage and distribution system for named Docker images. In the same way that you might have a code repository where you version your source code, a Docker registry is a place where you version your container images. Registries centralize container images and provide features like access control, storage optimization, and more.

Now that we know what a docker registry is, let's define a private docker registry

A private Docker registry is a storage and distribution system specifically for Docker container images that aren't publicly accessible. Unlike public registries like Docker Hub, a private registry restricts access, allowing only authorized users to push or pull images.

Creating a private docker registry is a process of 5 steps

  1. Purchase a domain name and generate an SSL certificate for it. Refer to this article for more details

  2. Create a domain.cert file

  3. Secure with SSL: Move the certificate folder to the VM

  4. Secure it with a username and a password

  5. Create and configure the docker registry

2. Create a domain.cert file

This file contains the

  1. Private key

  2. Client Certificate

  3. Intermediate or Sub-CA certifiacate

  4. Root certificate

The contents of these files should be extracted and arranged in this format

--- Begin Private Key ---

#private key details here

--- End Private Key---

--- Begin Certificate---

#client certificate details here

---End certificate---

--- Begin certificate---

#sub-ca certificate details here

---End certificate---

--- Begin certificate ---

#root certificate details here

--- End certificate ---

3. Secure with SSL: Move the certificate folder to the VM

Put all 3 certificates in one folder. This folder should also contain the private key and the domain.cert file that was just created.

Move this folder to the VM or wherever you are running docker.

For instance, if you’re working on the Google Cloud platform, this command will suffice

gcloud compute scp PATH_TO_FOLDER_CONTAINING_CERTS_AND_ PRIVATE_KEY/* VM_NAME:HOMEDIR/test/certs/ --zone=$ZONE

If you’re working on a PC, follow these steps

  1. Open PowerShell in administrator mode

  2. Set the execution policy to remote signed with this command

Set-ExecutionPolicy RemoteSigned

4. Secure it with a username and a password

Authentication is an important set when setting up a private Registry. A username and a password can on the terminal where docker is running. Here is a sample code

htpasswd -Bbn $USERNAME $PASSWORD > auth/htpasswd

5. Create and configure the docker registry

The docker registry will now be created using this command

docker run -d -p 443:443 --name=local-registry --restart=always \
-v /HOMEDIR/test/certs:/certs \
-v /HOMEDIR/test/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.cert \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2

And that’s a wrap! Congratulations, you have successfulled created and configured a private docker registry!

#docker #privatedockerregistry