Docker : Use Registry2026/05/08

	Install Docker-Registry to build Private Registry for Docker images.
[1]	Install Registry.

root@dlp:~#

apt -y install docker-registry

[2]	If UFW is enabled, allow service port.

root@dlp:~#

ufw allow 5000/tcp

Rule added
Rule added (v6)

[3]	Configure Registry. This is the settings to use HTTP connection and no-authentication.

root@dlp:~#

vi /etc/docker/registry/config.yml

# comment out [auth] section like follows

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/docker-registry
  delete:
    enabled: true
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
#auth:
#  htpasswd:
#    realm: basic-realm
#    path: /etc/docker/registry
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

root@dlp:~#

systemctl restart docker-registry

# verify possible to access from any clients
# for HTTP connection, it needs to add [insecure-registries] setting

root@dlp:~#

vi /etc/docker/daemon.json

# create new
# add hosts to allow HTTP connection

{
  "insecure-registries":
    [
      "docker.internal:5000",
      "dlp.srv.world:5000"
    ]
}

root@dlp:~#

systemctl restart docker

# [push] from localhost

root@dlp:~#

docker images

IMAGE                             ID             DISK USAGE   CONTENT SIZE   EXTRA
mariadb:latest                    e0236fc6386e        467MB          111MB
root-web:latest                   094ea18e9ca0        340MB         92.8MB
srv.world/ubuntu-apache2:latest   c6da801438b0        340MB         92.8MB    U
srv.world/ubuntu-nginx:latest     305dfeaadebc        227MB         69.9MB    U
ubuntu:latest                     f3d28607ddd7        160MB         45.3MB    U

root@dlp:~#

docker tag ubuntu dlp.srv.world:5000/ubuntu:my-registry

root@dlp:~#

docker push dlp.srv.world:5000/ubuntu:my-registry

root@dlp:~#

docker images

IMAGE                                   ID             DISK USAGE   CONTENT SIZE   EXTRA
dlp.srv.world:5000/ubuntu:my-registry   f3d28607ddd7        160MB         45.3MB    U
mariadb:latest                          e0236fc6386e        467MB          111MB
root-web:latest                         094ea18e9ca0        340MB         92.8MB
srv.world/ubuntu-apache2:latest         c6da801438b0        340MB         92.8MB    U
srv.world/ubuntu-nginx:latest           305dfeaadebc        227MB         69.9MB    U
ubuntu:latest                           f3d28607ddd7        160MB         45.3MB    U

# [pull] from another node

root@node01:~#

docker pull dlp.srv.world:5000/ubuntu:my-registry

root@node01:~#

docker images

IMAGE                                   ID             DISK USAGE   CONTENT SIZE   EXTRA
dlp.srv.world:5000/ubuntu:my-registry   d31acef2a964        157MB         41.6MB

[4]	To enable Basic authentication, Configure like follows.

root@dlp:~#

apt -y install apache2-utils

root@dlp:~#

vi /etc/docker/registry/config.yml

# uncomment [auth] section and specify passwd file

.....
.....
auth:
  htpasswd:
    realm: basic-realm
    path: /etc/docker/registry/.htpasswd
.....
.....

# add users
# add [-c] at initial file creation

root@dlp:~#

htpasswd -Bc /etc/docker/registry/.htpasswd ubuntu

New password:
Re-type new password:
Adding password for user ubuntu

root@dlp:~#

systemctl restart docker-registry

# verify possible to access
# an error is shown if access with no-authentication

root@node01:~#

docker pull dlp.srv.world:5000/ubuntu:my-registry

Error response from daemon: failed to resolve reference "dlp.srv.world:5000/ubuntu:my-registry": pull access denied, repository does not exist or may require authorization: authorization failed: no basic auth credentials

# authenticate by a user added with [htpasswd]

root@node01:~#

docker login dlp.srv.world:5000

Username: ubuntu
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

root@node01:~#

docker pull dlp.srv.world:5000/ubuntu:my-registry

root@node01:~#

docker images

IMAGE                                   ID             DISK USAGE   CONTENT SIZE   EXTRA
dlp.srv.world:5000/ubuntu:my-registry   d31acef2a964        157MB         41.6MB

[5]	To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows. This example is based on the environment that certificates have been gotten under the [/etc/letsencrypt/live/dlp.srv.world].

root@dlp:~#

mkdir /etc/docker/certs.d

root@dlp:~#

cp -p /etc/letsencrypt/live/dlp.srv.world/{fullchain,privkey}.pem /etc/docker/certs.d/

root@dlp:~#

chown docker-registry /etc/docker/certs.d/{fullchain,privkey}.pem

root@dlp:~#

vi /etc/docker/registry/config.yml

# add [tls] section under the [http] section like follows

.....
.....
http:
  addr: :5000
  tls:
    certificate: /etc/docker/certs.d/fullchain.pem
    key: /etc/docker/certs.d/privkey.pem
  headers:
    X-Content-Type-Options: [nosniff]
.....
.....

root@dlp:~#

systemctl restart docker-registry

# verify possible to access
# on HTTPS connection, it does not need to add [insecure-registries] on Docker

root@node01:~#

docker pull dlp.srv.world:5000/ubuntu:my-registry

root@node01:~#

docker images

IMAGE                                   ID             DISK USAGE   CONTENT SIZE   EXTRA
dlp.srv.world:5000/ubuntu:my-registry   d31acef2a964        157MB         41.6MB

[6]	To access via HTTPS and use self signed certificates, Configure like follows. This example is based on the environment that certificates have been created under the [/etc/ssl/private].

root@dlp:~#

mkdir -p /etc/docker/certs.d/dlp.srv.world:5000

root@dlp:~#

cp -p /etc/ssl/private/server.{crt,key} /etc/docker/certs.d/dlp.srv.world:5000/

root@dlp:~#

chown docker-registry /etc/docker/certs.d/dlp.srv.world:5000/server.{crt,key}

root@dlp:~#

vi /etc/docker/registry/config.yml

# add [tls] section under the [http] section like follows

.....
.....
http:
  addr: :5000
  tls:
    certificate: /etc/docker/certs.d/dlp.srv.world:5000/server.crt
    key: /etc/docker/certs.d/dlp.srv.world:5000/server.key
  headers:
    X-Content-Type-Options: [nosniff]
.....
.....

root@dlp:~#

systemctl restart docker-registry

# verify possible to access
# an error is shown because of self signed certificate

root@node01:~#

docker pull dlp.srv.world:5000/ubuntu:my-registry

Error response from daemon: failed to resolve reference "dlp.srv.world:5000/ubuntu:my-registry": failed to do request: Head "https://dlp.srv.world:5000/v2/ubuntu/manifests/my-registry": tls: failed to verify certificate: x509: certificate signed by unknown authority

# copy certificate on registry server to client

root@node01:~#

mkdir -p /etc/docker/certs.d/dlp.srv.world:5000

root@node01:~#

scp root@dlp.srv.world:"/etc/docker/certs.d/dlp.srv.world:5000/server.crt" /etc/docker/certs.d/dlp.srv.world:5000/ca.crt

root@node01:~#

docker pull dlp.srv.world:5000/ubuntu:my-registry

root@node01:~#

docker images

IMAGE                                   ID             DISK USAGE   CONTENT SIZE   EXTRA
dlp.srv.world:5000/ubuntu:my-registry   d31acef2a964        157MB         41.6MB

Matched Content