The Docker Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. The Registry is open-source, under the permissive Apache license.
Docker registry is just a Docker image. So you need to have docker to set up the registry.
You should use the Registry if you want to:
- tightly control where your images are being stored
- fully own your images distribution pipeline
- integrate image storage and distribution tightly into your in-house development workflow
Alternatives
Docker Hub provides a zero maintenance, ready-to-go solution. It is a free-to-use, hosted Registry, plus additional features (organization accounts, automated builds, and more).
Install docker
The Registry is compatible with Docker engine version 1.6.0 or higher.
Use one of the guides to set up docker on your machine.
Up and running with docker registry
Start your registry. This will run registry version MARKDOWN_HASH6d1579cfd3393c40ea39332beee7f203MARKDOWN<em>HASH
, get the latest version [here](https://hub.docker.com//registry).
docker run -d -p 5000:5000 --name registry registry:2.7.1
Pull (or build) some image from the hub
docker pull alpine:3.14.0
Output:
➜ docker pull alpine:3.14.0
3.14.0: Pulling from library/alpine
Digest: sha256:adab3844f497ab9171f070d4cae4114b5aec565ac772e2f2579405b78be67c96
Status: Downloaded newer image for alpine:3.14.0
docker.io/library/alpine:3.14.0
Tag the image so that it points to your registry
docker image tag alpine:3.14.0 localhost:5000/alpine-latest
Push it
docker push localhost:5000/alpine-latest
Pull it back
docker pull localhost:5000/alpine-latest
Cleaning up the registry when not needed
docker container stop registry && docker container rm -v registry
Using docker compose for more solid
Create data dir
mkdir /opt/docker-data
Create the yaml file
version: '3.9'
services:
registry:
image: registry:2.7.1
ports:
- 5080:5000
environment:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
volumes:
- /opt/docker-registry:/data
Run an externally-accessible registry
Running a registry only accessible on localhost
has limited usefulness. In order to make your registry accessible to external hosts, you must first secure it using TLS.
Nginx conf file /etc/nginx/conf.d/registry.conf
server {
listen 80;
server_tokens off;
client_max_body_size 100M;
server_name registry.citizix.com;
## Deny illegal Host headers
if ($host !~* ^(registry.citizix.com)$ ) {
return 444;
}
location / {
proxy_pass http://127.0.0.1:5080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}