Containers

How to Set up self-hosted Private Docker Registry

The Docker Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. The Registry is open-source, under the permissive Apache license.

Docker registry is just a Docker image. So you need to have docker to set up the registry.

You should use the Registry if you want to:

  • tightly control where your images are being stored
  • fully own your images distribution pipeline
  • integrate image storage and distribution tightly into your in-house development workflow

# Alternatives

Docker Hub provides a zero maintenance, ready-to-go solution. It is a free-to-use, hosted Registry, plus additional features (organization accounts, automated builds, and more).

# Install docker

The Registry is compatible with Docker engine version 1.6.0 or higher.

Use one of the guides to set up docker on your machine.

# Up and running with docker registry

Start your registry. This will run registry version MARKDOWN_HASH6d1579cfd3393c40ea39332beee7f203MARKDOWN<em>HASH, get the latest version [here](https://hub.docker.com//registry).

docker run -d -p 5000:5000 --name registry registry:2.7.1

Pull (or build) some image from the hub

docker pull alpine:3.14.0

Output:

&#x279C; docker pull alpine:3.14.0

3.14.0: Pulling from library/alpine
Digest: sha256:adab3844f497ab9171f070d4cae4114b5aec565ac772e2f2579405b78be67c96
Status: Downloaded newer image for alpine:3.14.0
docker.io/library/alpine:3.14.0

Tag the image so that it points to your registry

docker image tag alpine:3.14.0 localhost:5000/alpine-latest

Push it

docker push localhost:5000/alpine-latest

Pull it back

docker pull localhost:5000/alpine-latest

Cleaning up the registry when not needed

docker container stop registry && docker container rm -v registry

# Using docker compose for more solid

Create data dir

mkdir /opt/docker-data

Create the yaml file

version: '3.9'

services:
  registry:
    image: registry:2.7.1
    ports:
      - 5080:5000
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
    volumes:
      - /opt/docker-registry:/data

# Run an externally-accessible registry

Running a registry only accessible on localhost has limited usefulness. In order to make your registry accessible to external hosts, you must first secure it using TLS.

Nginx conf file /etc/nginx/conf.d/registry.conf

server {
    listen 80;
    server_tokens off;
    client_max_body_size 100M;
    server_name registry.citizix.com;

    ## Deny illegal Host headers
    if ($host !~* ^(registry.citizix.com)$ ) {
        return 444;
    }

    location / {
        proxy_pass http://127.0.0.1:5080;
        proxy_set_header   Host $host;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Scheme $scheme;
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
    }
}
Docker
Last updated on Mar 20, 2024 17:19 +0300
comments powered by Disqus
© 2020 - 2024 Citizix, Inc.
Citizix Ltd
Built with Hugo
Theme Stack designed by Jimmy