This article will guide you on how to create your private docker registry? Docker allows you to package your program into several containers, making it easier to create and deploy your applications. But where do these container images originate from, and how can you deploy your own?
This article will look at what a registry is, why it’s essential, and how you may create up your private registry. We’ll also look at various security and storage choices that might help you customize your configuration. Also read a complete guide on Docker Compose.
So, without further ado, let’s get this time began.
What is a Container Registry?
A container registry is a location where container images can be stored and shared without having to keep track of them. They offer secure image management and a quick way to pull and push images with the appropriate permissions.
DockerHub, the standard registry for Docker and Kubernetes, is the most well-known container registry. The main issue with public registries is that you don’t have complete control over their operations, and they can be costly if you require several private images.
That is why, in many circumstances, hosting your own private registry might be beneficial. Private registries provide various storage and authentication solutions that may be tailored to your specific needs. Read full article you create your own private docker registry and secure it with password.
Why should you use a Private Registry?
Before creating private docker registry, Here are several compelling reasons to use your own private registry rather than a public one like DockerHub.
- Control where your images are saved – With a private registry, you have complete control over where your images are stored and how you access them.
- Personalized image pipeline
- Increased privacy for proprietary and private images
- Customizable configuration options, such as logging, authentication, load balancing, and so forth.
Creating your own Registry
Now that you understand what registries are and what they are used for let’s continue creating a private registry using docker-compose.
version: '3' services: registry: image: registry:2 ports: - "5000:5000"
The configuration employs the official registry image and passes the container’s port 5000 to the host system. It enables us to send requests to the registry server’s port 5000.
You can now use the following command to run the container:
docker-compose up -d
After the image has been downloaded and the container has started, we can push an image to the registry to create private docker registry.
Pushing an image
When you’re done, you can push an image to the registry. First, you require to create a local image and tag it correctly; then, you can do that. We’ll use the Alpine Linux image for this because it’s compact and quick to download.
We must first pull the image and then tag it with the address of our registry as a prefix (localhost:5000 in our case).
docker pull alpine docker tag alpine localhost:5000/my-alpine
The freshly tagged image should now be visible:
Images created with Docker
docker images # output alpine latest e7d92cdc71fe 6 weeks ago 5.59MB localhost:5000/my-alpine latest e7d92cdc71fe 6 weeks ago 5.59MB
We can now use the push command to push the image:
docker push localhost:5000/my-alpine
Please remember that this only works if you host your registry on your local machine. If you host it on a server, you’ll require a secure SLL connection, which we’ll later discuss in more sections.
Pulling an image
Pulling an image from the registry is likewise simple and may be accomplished with a single command.
docker pull localhost:5000/my-alpine
You should receive a notice indicating that the image already exists. If you want to make it work properly, delete the image and re-pull it.
The image may then be run as follows.
docker run -it localhost:5000/my-alpine sh
Most registries will need you to log in before pulling and pushing images for authentication concerns. That is also what we shall do in the following section.
Setting up Authentication
To prevent misuse, any registries not situated on a secure local network that only authorized individuals can access will require some form of authentication.
The most accessible approach to establish basic registry security and access limitation is to use a primary authentication tool, such as htpasswd, which maintains a secret that allows you to authenticate.
That is the strategy we will concentrate on in this article, but I will also present a few more advanced possibilities for you to consider on your own.
Creating the authentication file
First, we install the htpasswd package by running the following command:
sudo apt install apache2-utils
Then, we’ll create a folder to house our password files.
Following that, we’ll continue by creating a user with the following command:
htpasswd -Bc registry.password testuser
The final parameter is the user’s name, in this instance testUser. You will be asked to enter your password after you do the command.
Updating the docker-compose configuration file
Now that we’ve created the user with htpasswd, we can change the docker-compose.yaml file.
version: '3' services: registry: image: registry:2 ports: - "5000:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password volumes: - ./auth:/auth
It would help if you provide the authentication scheme you are using for REGISTRY AUTH. The path to the authentication file we created is REGISTRY_AUTH_HTPASSWD_PATH.
You may now restart your Docker installation to make the modifications available.
docker-compose up --force-recreate
Log in to the registry using the following credentials
Now that the registry has basic authentication, you can test it by logging in with the user you created earlier.
docker login localhost:5000
You will be required to enter your strong username and password when you start. You may push and pull images in the same way we did previously after successfully logging into your registry.
There are even more sophisticated methods for providing authentication for your registry. The most common method is to create a proxy in front of your registry. This method necessitates a more sophisticated configuration and setup, but it provides you with greater control over registry access.
Docker has published an official tutorial on using Nginx as your authentication proxy.
Adding SSL Certificates
Localhost registry has limited functionality and cannot be accessed from outside sources. That is why, when hosting a registry, it is critical to include an SSL certificate for a secure connection.
This section assumes you meet the following prerequisites:
- You have your own secure domain name, such as https://mydomain.com
- Your DNS configuration allows you to connect to the registry on port 443
- You have a certificate from a certificate authority (CA), such as Let’s Encrypt
There are several methods for adding a certificate to your registry. We’ll look at the most frequent one, which will cover the majority of use-cases.
Adding a certificate
In this case, your CA already sent you two files called “.crt and “.key” just put these into your project’s certs directory and add the following lines to your docker-compose file.
version: '3' services: registry: image: registry:2 ports: - "443:443" environment: REGISTRY_HTTP_ADDR=0.0.0.0:443 REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt REGISTRY_HTTP_TLS_KEY=certs/domain.key volumes - ./certs:/certs
These environment variables instruct the container on where to look for the certificates. The registry will now be secure and run on port 443 now that it’s been made safe, the HTTPS port by default. Now the next step in creating private docker registry is to customizing storage.
The docker registry also allows you to customize where the registry’s data is saved. You only need to add an extra environment variable that specifies the path where the data should be saved.
version: '3' services: registry: image: registry:2 ports: - "5000:5000" environment: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - ./data:/data
Steps to follow
You can take several other configuration steps to increase your registry’s security and performance. Here’s a selection of items you might be interested in:
- Authentication via a proxy before to your service
- Load balancing requests
- Error message logging
- Keeping track of performance and container health
You got to the finish!
You should be able to understand what a container registry is and how to create private docker registry now that you’ve read this article. Please consider promoting and sharing this information with your colleagues if you found this informative. Also read article in how to Fix Broken Registry Windows 10 and 11.