Docker : Use Registry2025/08/26

	Install Docker-Registry to build Private Registry for Docker images.
[1]	Install Registry.

root@dlp:~#

apt -y install docker-registry

[2]	Configure Registry. This is the settings to use HTTP connection and no-authentication.

root@dlp:~#

vi /etc/docker/registry/config.yml

# comment out [auth] section like follows

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/docker-registry
  delete:
    enabled: true
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
#auth:
#  htpasswd:
#    realm: basic-realm
#    path: /etc/docker/registry
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

root@dlp:~#

systemctl restart docker-registry

# verify possible to access from any clients
# for HTTP connection, it needs to add [insecure-registries] setting

root@dlp:~#

vi /etc/docker/daemon.json

# create new
# add hosts to allow HTTP connection

{
  "insecure-registries":
    [
      "docker.internal:5000",
      "dlp.srv.world:5000"
    ]
}

root@dlp:~#

systemctl restart docker

# [push] from localhost

root@dlp:~#

docker images

REPOSITORY                 TAG       IMAGE ID       CREATED          SIZE
srv.world/debian-apache2   latest    8101aa733631   33 minutes ago   226MB
srv.world/debian-nginx     latest    64fe195a727d   44 minutes ago   153MB
debian                     latest    047bd8d81940   2 weeks ago      120MB

root@dlp:~#

docker tag debian dlp.srv.world:5000/debian:my-registry

root@dlp:~#

docker push dlp.srv.world:5000/debian:my-registry

root@dlp:~#

docker images

REPOSITORY                  TAG           IMAGE ID       CREATED          SIZE
srv.world/debian-apache2    latest        8101aa733631   33 minutes ago   226MB
srv.world/debian-nginx      latest        64fe195a727d   44 minutes ago   153MB
dlp.srv.world:5000/debian   my-registry   047bd8d81940   2 weeks ago      120MB
debian                      latest        047bd8d81940   2 weeks ago      120MB

# [pull] from another node

root@node01:~#

docker pull dlp.srv.world:5000/debian:my-registry

root@node01:~#

docker images

REPOSITORY                  TAG           IMAGE ID       CREATED       SIZE
dlp.srv.world:5000/debian   my-registry   047bd8d81940   2 weeks ago   120MB

[3]	To enable Basic authentication, Configure like follows.

root@dlp:~#

apt -y install apache2-utils

root@dlp:~#

vi /etc/docker/registry/config.yml

# uncomment [auth] section and specify passwd file

.....
.....
auth:
  htpasswd:
    realm: basic-realm
    path: /etc/docker/registry/.htpasswd
.....
.....

root@dlp:~#

systemctl restart docker-registry

# add users
# add [-c] at initial file creation

root@dlp:~#

htpasswd -Bc /etc/docker/registry/.htpasswd debian

New password:
Re-type new password:
Adding password for user debian

# verify possible to access
# an error is shown if access with no-authentication

root@node01:~#

docker pull dlp.srv.world:5000/debian:my-registry

Error response from daemon: Head "http://dlp.srv.world:5000/v2/debian/manifests/my-registry": no basic auth credentials

# authenticate by a user added with [htpasswd]

root@node01:~#

docker login dlp.srv.world:5000

Username: debian
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

root@node01:~#

docker pull dlp.srv.world:5000/debian:my-registry

root@node01:~#

docker images

REPOSITORY                  TAG           IMAGE ID       CREATED       SIZE
dlp.srv.world:5000/debian   my-registry   047bd8d81940   2 weeks ago   120MB

[4]	To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows. This example is based on the environment that certificates have been gotten under the [/etc/letsencrypt/live/dlp.srv.world].

root@dlp:~#

mkdir /etc/docker/certs.d

root@dlp:~#

cp -p /etc/letsencrypt/live/dlp.srv.world/{fullchain,privkey}.pem /etc/docker/certs.d/

root@dlp:~#

chown docker-registry /etc/docker/certs.d/{fullchain,privkey}.pem

root@dlp:~#

vi /etc/docker/registry/config.yml

# add [tls] section under the [http] section like follows

.....
.....
http:
  addr: :5000
  tls:
    certificate: /etc/docker/certs.d/fullchain.pem
    key: /etc/docker/certs.d/privkey.pem
  headers:
    X-Content-Type-Options: [nosniff]
.....
.....

root@dlp:~#

systemctl restart docker-registry

# verify possible to access
# on HTTPS connection, it does not need to add [insecure-registries] on Docker

root@node01:~#

docker pull dlp.srv.world:5000/debian:my-registry

root@node01:~#

docker images

REPOSITORY                  TAG           IMAGE ID       CREATED       SIZE
dlp.srv.world:5000/debian   my-registry   047bd8d81940   2 weeks ago   120MB
debian                      latest        047bd8d81940   2 weeks ago   120MB

Matched Content