Docker Hub is super neat and very intuitive and offers a great deal of functionality for free. But what if we need more privacy? Or our client wants to use its own server. If that’s the case, we can make our own Docker Registry.
So how do we do that?
Well, we can set up the registry in different ways:
- directly with the Docker command
- using Dockerfile
- using Kubernetes
- using Docker compose
In this tutorial I cover the first way using the official image from the Docker hub.
Note : Install Docker before pefomorming any operations described here. To Install Docker go to this link, and to learn how to work with docker I recomamnd for you this training https://training.play-with-docker.com
Run a local registry
Start your registry :
$ docker run -d -p 5000:5000 --restart=always --name rcherara-local-registry registry:2
Now we can navigate to http://localhost:5000/v2/_catalog and see for yourself that your registry is up and running and that you have no repositories pushed to it.
You should be able to see something like this:
Let's tests this registry :
# Pull (or build) some image from the hub :
$ docker pull ubuntu
# Tag the image so that it points to your registry
$ docker image tag ubuntu localhost:5000/my-ubuntu-image
# Push it
$ docker push localhost:5000/my-ubuntu-image
# Pull it back
$ docker pull localhost:5000/my-ubuntu-image
# Now stop your registry and remove all data
$ docker container stop registry && docker container rm -v registry
You should be able to see something like this:
The same thing can be done with Docker Compose. Just we run docker-compose up -d
with this file.
version: '3.0'
services:
rcherara-registry:
image: registry:latest
container_name: rcherara-local-registry
volumes:
- registry:/var/lib/registry
ports:
- "50000:5000"
restart: unless-stopped
volumes:
registry:
You can also use this UI public container as docker registry :
$ docker pull joxit/docker-registry-ui:debian-static
$ docker run -d -p 50001:80 joxit/docker-registry-ui
Before to create local Docker registry you need for decide about storage and security.
Storage with Amazon S3 bucket
One of storages solution with Docker Registry is Amazon S3 bucket.
With this command to launch a registry on port 5000, using an Amazon S3 bucket to store images with a custom path, and enables the search endpoint:
$ docker run \
-e SETTINGS_FLAVOR=s3 \
-e AWS_BUCKET=mybucket \
-e STORAGE_PATH=/registry \
-e AWS_KEY=myawskey \
-e AWS_SECRET=myawssecret \
-e SEARCH_BACKEND=sqlalchemy \
-p 5000:5000 \
registry
or
#!/bin/sh
docker run -d -p 80:5000 \
-e "REGISTRY_STORAGE=s3" \
-e "REGISTRY_STORAGE_S3_REGION=us-east-1" \
-e “REGISTRY_STORAGE_S3_BUCKET=my_registry_bucket" \
-e "REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory" \
registry:2
or
$ docker run \
-e SETTINGS_FLAVOR=s3 \
-e AWS_BUCKET=mybucket \
-e STORAGE_PATH=/registry \
-e AWS_KEY=myawskey \
-e AWS_SECRET=myawssecret \
-e SEARCH_BACKEND=sqlalchemy \
-e DEBUG=True \
-e LOGLEVEL=debug \
-p 5000:5000 \
registry
or
$ docker run -d -p 5000:5000 --name registry --restart always \
-e REGISTRY_STORAGE=s3 \
-e REGISTRY_STORAGE_S3_REGION=us-east-1 \
-e REGISTRY_STORAGE_S3_BUCKET=your.bucket.example.com \
registry:2
If you prefer, you can store the information in a configuration file as well. The equivalent of the previous example would be:
config.yml
storage:
s3:
region: us-east-1
bucket: your.bucket.example.com
$ docker run -d -p 5000:5000 --name registry --restart always -v `pwd`/config.yml:/etc/docker/registry/config.yml registry:2
We already addressed storage, now let’s discuss security.
For more security we using TLS for communication with clients. This is similar to using SSL in NGINX. Providing you already have your certificates in place, all that is needed is to bind mount the directory containing certificates and set appropriate variables:
$ docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.example.com.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.example.com.key \
-e REGISTRY_STORAGE=s3 \
-e REGISTRY_STORAGE_S3_REGION=us-east-1 \
-e REGISTRY_STORAGE_S3_BUCKET=your.bucket.example.com \
registry:2
If you don't have you certificat use letsencrypt
to configure TLS certificates provided by Let’s Encrypt.