How to setup and configure a private Docker Registry
What is a Docker Registry?
A Docker registry is a storage and distribution system for named Docker images. In the same way that you might have a code repository where you version your source code, a Docker registry is a place where you version your container images. Registries centralize container images and provide features like access control, storage optimization, and more.
Now that we know what a docker registry is, let's define a private docker registry
A private Docker registry is a storage and distribution system specifically for Docker container images that aren't publicly accessible. Unlike public registries like Docker Hub, a private registry restricts access, allowing only authorized users to push or pull images.
Creating a private docker registry is a process of 5 steps
Purchase a domain name and generate an SSL certificate for it. Refer to this article for more details
Create a domain.cert file
Secure with SSL: Move the certificate folder to the VM
Secure it with a username and a password
Create and configure the docker registry
2. Create a domain.cert file
This file contains the
Private key
Client Certificate
Intermediate or Sub-CA certifiacate
Root certificate
The contents of these files should be extracted and arranged in this format
--- Begin Private Key ---
#private key details here
--- End Private Key---
--- Begin Certificate---
#client certificate details here
---End certificate---
--- Begin certificate---
#sub-ca certificate details here
---End certificate---
--- Begin certificate ---
#root certificate details here
--- End certificate ---
3. Secure with SSL: Move the certificate folder to the VM
Put all 3 certificates in one folder. This folder should also contain the private key and the domain.cert file that was just created.
Move this folder to the VM or wherever you are running docker.
For instance, if you’re working on the Google Cloud platform, this command will suffice
gcloud compute scp PATH_TO_FOLDER_CONTAINING_CERTS_AND_ PRIVATE_KEY/* VM_NAME:HOMEDIR/test/certs/ --zone=$ZONE
If you’re working on a PC, follow these steps
Open PowerShell in administrator mode
Set the execution policy to remote signed with this command
Set-ExecutionPolicy RemoteSigned
4. Secure it with a username and a password
Authentication is an important set when setting up a private Registry. A username and a password can on the terminal where docker is running. Here is a sample code
htpasswd -Bbn $USERNAME $PASSWORD > auth/htpasswd
5. Create and configure the docker registry
The docker registry will now be created using this command
docker run -d -p 443:443 --name=local-registry --restart=always \
-v /HOMEDIR/test/certs:/certs \
-v /HOMEDIR/test/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.cert \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
And that’s a wrap! Congratulations, you have successfulled created and configured a private docker registry!
#docker #privatedockerregistry