docker

Private Docker Registry

Published on Author admin
docker
docker

 

Private Docker Registry

(on Debian8)

A Docker registry in the repository of images your created or downloaded. Registry may be public or private. If you using docker in your organisation you’ll definitely want your images to be secured. So, it’s time to deploy your own private docker registry.

 

Let’s start with the initial conditions. This private docker registry example based on 2 hosts:

  • 1st is docker registry (192.168.56.102) OS: Debian 8
  • 2nd is docker test (192.168.56.101) OS: Debian 8

 

# Docker Engine

First of all we need docker engine to be installed on your private docker registry host (192.168.56.102)

after all we can check docker

# Docker Compose

We also will need docker-compose

# Docker Registry

Firstly, we’ll create directories to store images, certs and auth file. I like all the docker data to be placed in the custom directory /data. I often mount separate disk to /data volume

Create user with password
https://docs.docker.com/registry/deploying/#/restricting-access

Create certificates
https://docs.docker.com/registry/insecure/
You can create self-signed certificate or use letsencrypt(https://letsencrypt.org/) if you have a domain name registered.

Next steps are shown for those who are playing with IP as a docker private registry name
on the 192.168.56.102(registy server)
edit /etc/ssl/openssl.cnf
and add after ‘[ v3_ca ]’ next:
subjectAltName = IP:192.168.2.102

example:

Let’s create sertificates:

WARNING!!
You can leave everything by default EXCEPT the line
Common Name (e.g. server FQDN or YOUR name) []:192.168.56.102:5000

NOTE!!!
You will need to copy your domain.crt to all servers and put it right to

Otherwise you will have an error at login:

Create file /data/docker_registry_compose/docker-compose.yml:

Starting docker private registry:

My output:

Try it! Checking on the test host(NOT DOCKER REGISTRY)

Console:

Web:

# Playing with registry

 

Good luck, have fun! No drama 🙂

 

Useful links:

https://github.com/docker/distribution/issues/948

https://docs.docker.com/registry/insecure/

https://docs.docker.com/engine/security/https/

https://docs.docker.com/engine/tutorials/dockerimages/