How about Docker Registry?
Is it possible to host private Docker Registry on my local server?
- fully own your images and where your images stored.
- customize images pipeline.
- securely distribute your images into your in-house development workflow without expose images to outside world.
Drawback
- required maintenance
- take care authentication and security by yourself.
- need third party UI or build your own one, If you need user friendly interaction.
Setup your own private Docker Registry
Pre-Requirements
Installation
Pull Docker Registry Image into your server.
docker pull registryWrite docker-compose.yaml file
version: '3.1'
services:
private-registry:
container_name: private_registry
image: registry:latest
volumes:
- ~/private-registry/data:/var/lib/registry
ports:
- "5000:5000"
restart: always
Docker Registry container should up and and runing, to verify check, use below url to check.
[your-domain-name/server-ip]:[running-port]/v2/_catalogExample:
$ curl -X GET http://192.168.1.9:5000/v2/_catalogIf everything work properly, it should display as below:
{"repositories":[]}
Our registry ready to serve images, but we need a local image to demonstrate, We’ll use amazoncorretto as example.
docker pull amazoncorrettoTag our image with registry address as prefix.
docker tag amazoncorretto 192.168.1.9:5000/my-amazoncorrettoNow our image ready to push into private Docker Registry.
docker push 192.168.1.9:5000/my-amazoncorretto99.99% of chance you will get following error:
The push refers to repository [192.168.1.9:5000/my-amazoncorretto]
Get https://192.168.1.9:5000/v2/: http: server gave HTTP response to HTTPS clientDocker required a secured channel by default, and that’s naturally a very good thing. Straightforward solution we
configure Docker to accept connections to unsecure registries. In every OS, you need to update a
daemon.json file. In Linux the file located /etc/docker/daemon.json, In case the file
not exist, you can create it. Your configuration should look like this:
{
"insecure-registries" : ["your_registry_address:5000"]
}
Restart docker is required after updated daemon.json. Now try to push image again to registry, this
time it should success:
The push refers to repository [192.168.1.9:5000/my-amazoncorretto]
a4bc6155782e: Pushed
latest: digest: sha256:1cbce97a7806e4138c8bd82873e78bdf0c6b095ca1f66d6b4eb660faf6a2620c size: 742The image should saftly shiped to your private Docker Registry. Use Docker Registry web API to check it.
$ curl -X GET http://192.168.1.9:5000/v2/_catalogIt should return the following data:
{"repositories":["my-amazoncorrectto"]}
Now it ready to use, the problem is that your private Docker Registry could access by everyone, since security not set up yet.
Setup Authentication
It’s importance to setup authenication, Its help you keep your private registry safe from bad guys. The common way to achieve basic registry security and access restriction is through some kind of basic authentification tool like htpasswd, which stores a secret that helps you authenticate.
sudo apt install apache2-utils
Next, we will create a directory that will hold our password files.
mkdir registryauth
cd registryauth
Then, we will continue by creating a user using the following command:
htpasswd -Bc registry.password registryadminThe last parameter is the name of the user in this case registryadmin. After executing the command, you
will be prompted to enter your password.
Update docker-compose file
version: '3.1'
services:
private-registry:
container_name: private_registry
image: registry:latest
volumes:
- ~/private-registry/data:/var/lib/registry
- ~/registryauth:/auth
ports:
- "5000:5000"
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
restart: always
The last thing you to do is recreate your registry container.
docker-compose up --force-recreateLogin to Docker Registry
docker login 192.168.1.9:5000Docker will prompted to enter your username and password.
0 Comments