Geekdosage
  • Home
  • Computer hardware
    • GPU
      • AMD
      • Nvidia
    • Processor
  • Linux
    • CentOS
    • Ubuntu
  • Docker
  • Computer Software
    • Operating System
      • Windows
      • MacOS
      • Android
  • Gaming
  • Computer Science
    • Network Engineering
    • Comparisons

Geekdosage

  • Home
  • Computer hardware
    • GPU
      • AMD
      • Nvidia
    • Processor
  • Linux
    • CentOS
    • Ubuntu
  • Docker
  • Computer Software
    • Operating System
      • Windows
      • MacOS
      • Android
  • Gaming
  • Computer Science
    • Network Engineering
    • Comparisons
DockerLinuxUbuntu

How to Create a Private Docker Registry in Ubuntu 20.04

by GeekDosage December 23, 2020
written by GeekDosage December 23, 2020
Create a private docker registry

Docker registry is an open-source application where you can store Docker images. There are some use cases where you don’t want to expose your images publicly but still want to store them in a centralized location. So you can create a private docker registry instead of using Docker Hub. Similarly, in development pipelines, you have to consider network bandwidth, storage usage, and other resources. As a result of using a private docker registry, according to the official docs, you can save more bandwidth, control your application docker image storage, and distribute tightly into your in-house development workflows.

Let’s learn how to set up a private docker registry in Ubuntu using docker-compose.

Prerequisites

  • A non-root user with sudo privileges.
  • Docker installed PC. Docker installation tutorial.

Installing Docker Compose

Docker-compose allows the user to define how to set up an application in the docker environment using the YAML file named docker-compose.yml. It automates the manual processes of application configuration, including container links and docker volumes.

This command will download the current stable release of Docker Compose.

$ sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

Apply executable permissions to the downloaded binary:

$ sudo chmod +x /usr/local/bin/docker-compose

Verify the docker-compose installation.

$ docker-compose --version
OUTPUT

docker-compose version 1.25.5, build 8a1c60f6
Docker hub

Docker hub

Configure Docker registry

Let’s create a directory to store docker-compose.yaml file and registry data in your home folder.

$ mkdir -p ~/docker-registry

Create a directory named as data, inside the docker-registry directory to use as docker volume. This directory uses to store docker registry data, including docker images.

$ mkdir -p ~/docker-registry/data

You can configure a private docker registry in 3 different methods.

Create private docker registry with HTTP

you can create a private docker registry with plain HTTP with the following docker-compose file.

version: '3.0'
services:
  registry:
    container_name: docker-registry
    restart: always
    image: registry:2
    ports:
      - 5000:5000
    volumes:
      - data:/var/lib/registry
 volumes:
  data: {}

Save this docker-compose.yaml file inside the previously created docker-registry directory. Secondly, you should keep the indentation as above. otherwise, it will output errors. In the registry section, the container name is set as docker-registry and it uses the registry:2 docker image to create the container. The container will be restarted when a server reboots with the “restart: always” option. Moreover, 5000 port of there server is mapped with 5000 port of the container. In the same vein, the data directory has been set as a volume into /var/lib/registry path inside the container, thus you can preserve data in a situation where the container got crashed.

create the docker registry with the following command and the Docker container will be run in the background with the ‘-d‘ option.

$ docker-compose up -d

You can stop containers that are created through docker-compose by the following command.

$ docker-compose down

Since this method creates a plain docker registry without HTTPS, you will come across the following error when trying to pull docker images.

error ... http: server gave HTTP response to HTTPS client

In such cases, add the following content to /etc/docker/daemon.json file of the server where you are trying to pull docker images.

{
  "insecure-registries" : ["private-docker-registry-IP/domain:5000"]
 }

Restart docker service to apply changes.

$ sudo systemctl restart docker

Create private docker registry with SSL/TLS

In addition to the previous method with some extra steps, you can create a secure private docker registry. You need to add a certificate and key pair to enable SSL/TLS with the docker registry.

version: '3.0'
services:
registry:
    container_name: docker-registry
    restart: always
    image: registry:2
    environment:
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/certificate.crt
      REGISTRY_HTTP_TLS_KEY: /certs/certificate.key
    ports:
      - 5000:5000
    volumes:
      - data:/var/lib/registry
      - ./certs:/certs
volumes:
  docker-registry-data: {}

Let’s create certs directory to store the certificate.

$ mkdir -p ~/docker-registry/certs

You have to create the following openssl.conf file to provide details to generate certificates with openssl

[ req ]
distinguished_name = req_distinguished_name
x509_extensions = req_ext
default_md = sha256
prompt = no
encrypt_key = no[ req_distinguished_name ]
countryName = ""
localityName = ""
organizationName = ""
organizationalUnitName = ""
commonName = ""
emailAddress = ""

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS = ""
IP = ""

IMPORTANT: add a correct domain name or the IP address to the commonName

Run the following command to generate the certificate and key pair valid for 365 days (1 year).

$ openssl req \
-x509 -newkey rsa:4096 -days 365 -config openssl.conf \
-out certs/certificate.crt -keyout certs/certificate.key

Now, run the docker-compose file to start SSL/TLS enabled docker registry container.

$ docker-compose up -d

You can stop containers that are created through docker-compose by the following command.

$ docker-compose down

Create Private docker registry with SSL/TLS enabled and with basic authentication

Let’s create an authentication based docker registry with SSL/TLS. In other words, how to use the username and password-based authentication with a private docker registry. Use the following docker-compose file

version: '3.0'
services:
 registry:
    container_name: docker-registry
    restart: always
    image: registry:2
    environment:
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/certificate.crt
      REGISTRY_HTTP_TLS_KEY: /certs/certificate.key
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
    ports:
      - 5000:5000
    volumes:
      - data:/var/lib/registry
      - ./certs:/certs
      - ./auth:/auth
volumes:
  data: {}

You have to create an authentication file with the htpasswd tool and it should save in a directory called auth. Let’s create the auth directory and install the htpasswd tool.

$ mkdir -p ~/docker-registry/auth
$ sudo apt-get install apache2-utils -y

Create htpasswd file inside the auth directory with a username and password.

$ htpasswd -bBn registry-user registry-password > ~/docker-registry/auth/htpasswd

Similarly, you can choose any username and password as required.

In conclusion, Start basic authentication enabled the private docker registry by running the following command.

$ docker-compose up -d

You can stop containers that are created through docker-compose by the following command.

$ docker-compose down

since now it has enabled the authentication, you have to log in to the docker registry with the created username and password.

$ docker login host-IP:5000

Read this tutorial to learn more about docker push, docker pull, and other basic commands. Start creating a docker image for your application by referring to this article.

Docker images

Conclusion

In this tutorial, you got to know how to create a private docker registry with three different methods. You can create your pipelines in the development environment with the use of a private docker registry. Read more about best-practices in creating images here.

GeekDosage
2 comments
0
FacebookTwitterPinterest
previous post
How to Build a Docker Image from Dockerfile
next post
How to Install VirtualBox in Ubuntu 20.04

Related Posts

How to fix “dial unix /var/run/docker.sock: connect: permission...

August 10, 2021

How to connect to your VirtualBox VM from...

August 8, 2021

How To Install Cloudflare Origin SSL Certificate with...

July 20, 2021

How to Stop all Docker Containers

June 8, 2021

Cloudflare Origin SSL vs. Let’s encrypt SSL

May 9, 2021

Best 10 Docker Hosting Services

April 7, 2021

How to Exit Vim

March 11, 2021

SCP Linux – Securely Copy Files in Linux...

February 22, 2021

How to Copy, Paste and Delete in Vim...

February 7, 2021

How to Copy Files Between Linux Servers Using...

February 4, 2021

2 comments

How to Stop all Docker Containers | Geekdosage June 8, 2021 - 4:05 am

[…] How to Create a Private Docker Registry in Ubuntu 20.04 […]

Reply
How To Install Cloudflare Origin SSL Certificate with Nginx. | Geekdosage July 20, 2021 - 3:34 am

[…] How to Create a Private Docker Registry in Ubuntu 20.04 […]

Reply

Leave a Comment Cancel Reply

Save my name, email, and website in this browser for the next time I comment.

In This Article

  • 1 Prerequisites
  • 2 Installing Docker Compose
  • 3 Configure Docker registry
    • 3.1 Create private docker registry with HTTP
    • 3.2 Create private docker registry with SSL/TLS
    • 3.3 Create Private docker registry with SSL/TLS enabled and with basic authentication
  • 4 Conclusion

Keep in touch

Facebook Twitter Google + Instagram Pinterest Email

Popular Posts

  • How to change the forgotten root password in CentOS 8

  • How to remove/delete user in Linux

  • How to Create a Private Docker Registry in Ubuntu 20.04

  • How to Build a Docker Image from Dockerfile

About Geekdosage

Geekdosage is a technology based website which mainly focuses on network engineering, computer science, automation, computer hardware and software and internet technologies. Our purpose is to create a platform where anyone can access the subject areas without barriers.

Recent Posts

  • How to fix “dial unix /var/run/docker.sock: connect: permission denied” error

    August 10, 2021
  • How to connect to your VirtualBox VM from your Host OS using SSH

    August 8, 2021

Find us

Facebook Twitter Instagram Pinterest Email
  • About Us
  • Contact Us
  • Disclaimer
  • Terms and Conditions
  • Cookie Privacy policy
  • Privacy Policy
  • DCMA

@2021 - All Right Reserved | Designed and Developed by GeekDosage