How to Set up self-hosted Private Docker Registry

The Docker Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. The Registry is open-source, under the permissive Apache license.

Docker registry is just a Docker image. So you need to have docker to set up the registry.

You should use the Registry if you want to:

  • tightly control where your images are being stored
  • fully own your images distribution pipeline
  • integrate image storage and distribution tightly into your in-house development workflow

Alternatives

Docker Hub provides a zero maintenance, ready-to-go solution. It is a free-to-use, hosted Registry, plus additional features (organization accounts, automated builds, and more).

Install docker

The Registry is compatible with Docker engine version 1.6.0 or higher.

Use one of the guides to set up docker on your machine.

Up and running with docker registry

Start your registry. This will run registry version MARKDOWN_HASH6d1579cfd3393c40ea39332beee7f203MARKDOWN<em>HASH, get the latest version [here](https://hub.docker.com//registry).

docker run -d -p 5000:5000 --name registry registry:2.7.1

Pull (or build) some image from the hub

docker pull alpine:3.14.0

Output:

&#x279C; docker pull alpine:3.14.0

3.14.0: Pulling from library/alpine
Digest: sha256:adab3844f497ab9171f070d4cae4114b5aec565ac772e2f2579405b78be67c96
Status: Downloaded newer image for alpine:3.14.0
docker.io/library/alpine:3.14.0

Tag the image so that it points to your registry

docker image tag alpine:3.14.0 localhost:5000/alpine-latest

Push it

docker push localhost:5000/alpine-latest

Pull it back

docker pull localhost:5000/alpine-latest

Cleaning up the registry when not needed

docker container stop registry && docker container rm -v registry

Using docker compose for more solid

Create data dir

mkdir /opt/docker-data

Create the yaml file

version: '3.9'

services:
  registry:
    image: registry:2.7.1
    ports:
      - 5080:5000
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
    volumes:
      - /opt/docker-registry:/data

Run an externally-accessible registry

Running a registry only accessible on localhost has limited usefulness. In order to make your registry accessible to external hosts, you must first secure it using TLS.

Nginx conf file /etc/nginx/conf.d/registry.conf

server {
    listen 80;
    server_tokens off;
    client_max_body_size 100M;
    server_name registry.citizix.com;

    ## Deny illegal Host headers
    if ($host !~* ^(registry.citizix.com)$ ) {
        return 444;
    }

    location / {
        proxy_pass http://127.0.0.1:5080;
        proxy_set_header   Host $host;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Scheme $scheme;
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }
}
Last updated on Oct 14, 2024 11:46 +0300
comments powered by Disqus
Citizix Ltd
Built with Hugo
Theme Stack designed by Jimmy