The Docker Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. The Registry is open-source, under the permissive Apache license.
Docker registry is just a Docker image. So you need to have docker to set up the registry.
You should use the Registry if you want to:
- tightly control where your images are being stored
- fully own your images distribution pipeline
- integrate image storage and distribution tightly into your in-house development workflow
# Alternatives
Docker Hub provides a zero maintenance, ready-to-go solution. It is a free-to-use, hosted Registry, plus additional features (organization accounts, automated builds, and more).
# Install docker
The Registry is compatible with Docker engine version 1.6.0 or higher.
Use one of the guides to set up docker on your machine.
# Up and running with docker registry
Start your registry. This will run registry version MARKDOWN_HASH6d1579cfd3393c40ea39332beee7f203MARKDOWN<em>HASH
, get the latest version [here](https://hub.docker.com//registry).
docker run -d -p 5000:5000 --name registry registry:2.7.1
Pull (or build) some image from the hub
docker pull alpine:3.14.0
Output:
➜ docker pull alpine:3.14.0
3.14.0: Pulling from library/alpine
Digest: sha256:adab3844f497ab9171f070d4cae4114b5aec565ac772e2f2579405b78be67c96
Status: Downloaded newer image for alpine:3.14.0
docker.io/library/alpine:3.14.0
Tag the image so that it points to your registry
docker image tag alpine:3.14.0 localhost:5000/alpine-latest
Push it
docker push localhost:5000/alpine-latest
Pull it back
docker pull localhost:5000/alpine-latest
Cleaning up the registry when not needed
docker container stop registry && docker container rm -v registry
# Using docker compose for more solid
Create data dir
mkdir /opt/docker-data
Create the yaml file
version: '3.9'
services:
registry:
image: registry:2.7.1
ports:
- 5080:5000
environment:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
volumes:
- /opt/docker-registry:/data
# Run an externally-accessible registry
Running a registry only accessible on localhost
has limited usefulness. In order to make your registry accessible to external hosts, you must first secure it using TLS.
Nginx conf file /etc/nginx/conf.d/registry.conf
server {
listen 80;
server_tokens off;
client_max_body_size 100M;
server_name registry.citizix.com;
## Deny illegal Host headers
if ($host !~* ^(registry.citizix.com)$ ) {
return 444;
}
location / {
proxy_pass http://127.0.0.1:5080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}