Ubuntu 23.04
Sponsored Link

Docker : Use Registry2023/04/27
 
Install Docker-Registry to build Private Registry for Docker images.
[1] Install Registry.
root@dlp:~#
apt -y install docker-registry
[2] Configure Registry.
This is the settings to use HTTP connection and no-authentication.
root@dlp:~#
vi /etc/docker/registry/config.yml
# comment out [auth] section like follows

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/docker-registry
  delete:
    enabled: true
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
#auth:
#  htpasswd:
#    realm: basic-realm
#    path: /etc/docker/registry
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
root@dlp:~#
systemctl restart docker-registry
# verify possible to access from any clients
# for HTTP connection, it needs to add [insecure-registries] setting

root@dlp:~#
vi /etc/docker/daemon.json
# create new
# add hosts to allow HTTP connection

{
  "insecure-registries":
    [
      "docker.internal:5000",
      "dlp.srv.world:5000"
    ]
}
root@dlp:~#
systemctl restart docker
# [push] from localhost

root@dlp:~#
docker images 

REPOSITORY                 TAG       IMAGE ID       CREATED          SIZE
root_web                   latest    75ab1e6bff3e   11 minutes ago   235MB
srv.world/ubuntu-apache2   latest    886e2f7307a1   32 minutes ago   235MB
srv.world/ubuntu-nginx     latest    df0287c5017d   37 minutes ago   177MB
mariadb                    latest    4a632f970181   5 weeks ago      401MB
ubuntu                     latest    08d22c0ceb15   7 weeks ago      77.8MB
root@dlp:~#
docker tag ubuntu dlp.srv.world:5000/ubuntu:my-registry

root@dlp:~#
docker push dlp.srv.world:5000/ubuntu:my-registry

root@dlp:~#
docker images 

REPOSITORY                  TAG           IMAGE ID       CREATED          SIZE
root_web                    latest        75ab1e6bff3e   12 minutes ago   235MB
srv.world/ubuntu-apache2    latest        886e2f7307a1   33 minutes ago   235MB
srv.world/ubuntu-nginx      latest        df0287c5017d   38 minutes ago   177MB
mariadb                     latest        4a632f970181   5 weeks ago      401MB
dlp.srv.world:5000/ubuntu   my-registry   08d22c0ceb15   7 weeks ago      77.8MB
ubuntu                      latest        08d22c0ceb15   7 weeks ago      77.8MB
# [pull] from another node

root@node01:~#
docker pull dlp.srv.world:5000/ubuntu:my-registry

root@node01:~#
docker images 

REPOSITORY                  TAG           IMAGE ID       CREATED       SIZE
dlp.srv.world:5000/ubuntu   my-registry   08d22c0ceb15   7 weeks ago   77.8MB
[3] To enable Basic authentication, Configure like follows.
root@dlp:~#
apt -y install apache2-utils
root@dlp:~#
vi /etc/docker/registry/config.yml
# uncomment [auth] section and specify passwd file

.....
.....
auth:
  htpasswd:
    realm: basic-realm
    path: /etc/docker/registry/.htpasswd
.....
.....
# add users
# add [-c] at initial file creation

root@dlp:~#
htpasswd -Bc /etc/docker/registry/.htpasswd ubuntu 

New password:
Re-type new password:
Adding password for user ubuntu
root@dlp:~#
systemctl restart docker-registry
# verify possible to access
# an error is shown if access with no-authentication

root@node01:~#
docker pull dlp.srv.world:5000/ubuntu:my-registry

Error response from daemon: Head http://dlp.srv.world:5000/v2/nginx/manifests/my-registry: no basic auth credentials
# authenticate by a user added with [htpasswd]

root@node01:~#
docker login dlp.srv.world:5000 

Username: ubuntu
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
root@node01:~#
docker pull dlp.srv.world:5000/ubuntu:my-registry

root@node01:~#
docker images 

REPOSITORY                  TAG           IMAGE ID       CREATED       SIZE
dlp.srv.world:5000/ubuntu   my-registry   08d22c0ceb15   7 weeks ago   77.8MB
[4] To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows.
This example is based on the environment that certificates have been gotten under the [/etc/letsencrypt/live/dlp.srv.world].
root@dlp:~#
mkdir /etc/docker/certs.d

root@dlp:~#
cp -p /etc/letsencrypt/live/dlp.srv.world/{fullchain,privkey}.pem /etc/docker/certs.d/

root@dlp:~#
chown docker-registry /etc/docker/certs.d/{fullchain,privkey}.pem

root@dlp:~#
vi /etc/docker/registry/config.yml
# add [tls] section under the [http] section like follows

.....
.....
http:
  addr: :5000
  tls:
    certificate: /etc/docker/certs.d/fullchain.pem
    key: /etc/docker/certs.d/privkey.pem
  headers:
    X-Content-Type-Options: [nosniff]
.....
.....
root@dlp:~#
systemctl restart docker-registry
# verify possible to access
# on HTTPS connection, it does not need to add [insecure-registries] on Docker

root@node01:~#
docker pull dlp.srv.world:5000/ubuntu:my-registry

root@node01:~#
docker images 

REPOSITORY                 TAG           IMAGE ID       CREATED       SIZE
ubuntu                     latest        7e0aa2d69a15   2 weeks ago   72.7MB
dlp.srv.world:5000/ubuntu  my-registry   62d49f9bab67   4 weeks ago   133MB
[5] To access via HTTPS and use self signed certificates, Configure like follows.
This example is based on the environment that certificates have been created under the [/etc/ssl/private].
root@dlp:~#
mkdir -p /etc/docker/certs.d/dlp.srv.world:5000

root@dlp:~#
cp -p /etc/ssl/private/server.{crt,key} /etc/docker/certs.d/dlp.srv.world:5000/

root@dlp:~#
chown docker-registry /etc/docker/certs.d/dlp.srv.world:5000/server.{crt,key}

root@dlp:~#
vi /etc/docker/registry/config.yml
# add [tls] section under the [http] section like follows

.....
.....
http:
  addr: :5000
  tls:
    certificate: /etc/docker/certs.d/dlp.srv.world:5000/server.crt
    key: /etc/docker/certs.d/dlp.srv.world:5000/server.key
  headers:
    X-Content-Type-Options: [nosniff]
.....
.....
root@dlp:~#
systemctl restart docker-registry
# verify possible to access
# an error is shown because of self signed certificate

root@node01:~#
docker pull dlp.srv.world:5000/ubuntu:my-registry

Error response from daemon: Get https://dlp.srv.world:5000/v2/: x509: certificate signed by unknown authority
# copy certtificate on registry server to client

root@node01:~#
mkdir -p /etc/docker/certs.d/dlp.srv.world:5000

root@node01:~#
scp root@dlp.srv.world:"/etc/docker/certs.d/dlp.srv.world:5000/server.crt" /etc/docker/certs.d/dlp.srv.world:5000/ca.crt

root@node01:~#
docker pull dlp.srv.world:5000/ubuntu:my-registry

root@node01:~#
docker images 

REPOSITORY                 TAG           IMAGE ID       CREATED       SIZE
ubuntu                     latest        7e0aa2d69a15   2 weeks ago   72.7MB
dlp.srv.world:5000/ubuntu  my-registry   62d49f9bab67   4 weeks ago   133MB
Matched Content