How to Set up self-hosted Private Docker Registry

The Docker Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. The Registry is open-source, under the permissive Apache license.

Docker registry is just a Docker image. So you need to have docker to set up the registry.

You should use the Registry if you want to:

tightly control where your images are being stored
fully own your images distribution pipeline
integrate image storage and distribution tightly into your in-house development workflow

Alternatives

Docker Hub provides a zero maintenance, ready-to-go solution. It is a free-to-use, hosted Registry, plus additional features (organization accounts, automated builds, and more).

Install docker

The Registry is compatible with Docker engine version 1.6.0 or higher.

Use one of the guides to set up docker on your machine.

Up and running with docker registry

Start your registry. This will run registry version 6d1579cfd3393c40ea39332beee7f203MARKDOWN, get the latest version here.

1
docker run -d -p 5000:5000 --name registry registry:2.7.1

Pull (or build) some image from the hub

1
docker pull alpine:3.14.0

Output:

1
2
3
4
5
6
$ docker pull alpine:3.14.0

3.14.0: Pulling from library/alpine
Digest: sha256:adab3844f497ab9171f070d4cae4114b5aec565ac772e2f2579405b78be67c96
Status: Downloaded newer image for alpine:3.14.0
docker.io/library/alpine:3.14.0

Tag the image so that it points to your registry

1
docker image tag alpine:3.14.0 localhost:5000/alpine-latest

Push it

1
docker push localhost:5000/alpine-latest

Pull it back

1
docker pull localhost:5000/alpine-latest

Cleaning up the registry when not needed

1
docker container stop registry && docker container rm -v registry

Using docker compose for more solid

Create data dir

1
mkdir /opt/docker-data

Create the yaml file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

```yml
services:
  registry:
    image: registry:2.7.1
    ports:
      - 5080:5000
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
    volumes:
      - /opt/docker-registry:/data

Run an externally-accessible registry

Running a registry only accessible on localhost has limited usefulness. In order to make your registry accessible to external hosts, you must first secure it using TLS.

Nginx conf file /etc/nginx/conf.d/registry.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
server {
    listen 80;
    server_tokens off;
    client_max_body_size 100M;
    server_name registry.citizix.com;

    ## Deny illegal Host headers
    if ($host !~* ^(registry.citizix.com)$ ) {
        return 444;
    }

    location / {
        proxy_pass http://127.0.0.1:5080;
        proxy_set_header   Host $host;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Scheme $scheme;
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }
}