Podman : Use Registry2026/05/07

	Install Docker-Registry to build Private Registry for Docker images.
[1]	Install Registry.

root@dlp:~#

apt -y install docker-registry

[2]	If UFW is enabled, allow service port.

root@dlp:~#

ufw allow 5000/tcp

Rule added
Rule added (v6)

[3]	Configure Registry. This is the settings to use HTTP connection and no-authentication.

root@dlp:~#

vi /etc/docker/registry/config.yml

# comment out [auth] section like follows

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/docker-registry
  delete:
    enabled: true
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
#auth:
#  htpasswd:
#    realm: basic-realm
#    path: /etc/docker/registry
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

root@dlp:~#

systemctl restart docker-registry

# verify possible to access from any clients

root@dlp:~#

podman images

REPOSITORY                TAG         IMAGE ID      CREATED       SIZE
srv.world/ubuntu-nginx    latest      4bb5563726cd  16 hours ago  153 MB
srv.world/ubuntu-apache2  latest      53b7e6d878bc  17 hours ago  231 MB
docker.io/library/ubuntu  latest      30ba44506a6d  2 weeks ago   111 MB

# [push] from localhost

root@dlp:~#

podman tag ubuntu dlp.srv.world:5000/ubuntu:my-registry

root@dlp:~#

podman push dlp.srv.world:5000/ubuntu:my-registry --tls-verify=false

root@dlp:~#

podman images

REPOSITORY                 TAG          IMAGE ID      CREATED       SIZE
srv.world/ubuntu-nginx     latest       4bb5563726cd  17 hours ago  153 MB
srv.world/ubuntu-apache2   latest       53b7e6d878bc  17 hours ago  231 MB
dlp.srv.world:5000/ubuntu  my-registry  30ba44506a6d  2 weeks ago   111 MB
docker.io/library/ubuntu   latest       30ba44506a6d  2 weeks ago   111 MB

# [pull] from another node

root@node01:~#

podman pull dlp.srv.world:5000/ubuntu:my-registry --tls-verify=false

root@node01:~#

podman images

REPOSITORY                 TAG          IMAGE ID      CREATED      SIZE
dlp.srv.world:5000/ubuntu  my-registry  30ba44506a6d  2 weeks ago  111 MB

[4]	To enable Basic authentication, Configure like follows.

root@dlp:~#

apt -y install apache2-utils

root@dlp:~#

vi /etc/docker/registry/config.yml

# uncomment [auth] section and specify passwd file

.....
.....
auth:
  htpasswd:
    realm: basic-realm
    path: /etc/containers/registries.conf.d/.htpasswd
.....
.....

# add users
# add [-c] at initial file creation

root@dlp:~#

htpasswd -Bc /etc/containers/registries.conf.d/.htpasswd ubuntu

New password:
Re-type new password:
Adding password for user ubuntu

root@dlp:~#

systemctl restart docker-registry

# verify possible to access
# an error is shown if access with no-authentication

root@node01:~#

podman pull dlp.srv.world:5000/ubuntu:my-registry --tls-verify=false

Trying to pull dlp.srv.world:5000/ubuntu:my-registry...
Error: initializing source docker://dlp.srv.world:5000/ubuntu:my-registry: reading manifest my-registry in dlp.srv.world:5000/ubuntu: authentication required

# authenticate by a user added with [htpasswd]

root@node01:~#

podman login dlp.srv.world:5000 --tls-verify=false

Username: ubuntu
Password:
Login Succeeded!

root@node01:~#

podman pull dlp.srv.world:5000/ubuntu:my-registry --tls-verify=false

root@node01:~#

podman images

REPOSITORY                 TAG          IMAGE ID      CREATED      SIZE
dlp.srv.world:5000/ubuntu  my-registry  30ba44506a6d  2 weeks ago  111 MB

[5]	To access via HTTPS and use valid certificates like from Let's Encrypt and so on, Configure like follows. This example is based on the environment that certificates have been gotten under the [/etc/letsencrypt/live/dlp.srv.world].

root@dlp:~#

cp -p /etc/letsencrypt/live/dlp.srv.world/{fullchain,privkey}.pem /etc/containers/registries.conf.d/

root@dlp:~#

chown docker-registry /etc/containers/registries.conf.d/{fullchain,privkey}.pem

root@dlp:~#

vi /etc/docker/registry/config.yml

# add [tls] section under the [http] section like follows

.....
.....
http:
  addr: :5000
  tls:
    certificate: /etc/containers/registries.conf.d/fullchain.pem
    key: /etc/containers/registries.conf.d/privkey.pem
  headers:
    X-Content-Type-Options: [nosniff]
.....
.....

root@dlp:~#

systemctl restart docker-registry

# verify possible to access
# on HTTPS connection, it does not need to add [insecure-registries] on Docker

root@node01:~#

podman pull dlp.srv.world:5000/ubuntu:my-registry

root@node01:~#

podman images

REPOSITORY                 TAG          IMAGE ID      CREATED      SIZE
dlp.srv.world:5000/ubuntu  my-registry  30ba44506a6d  2 weeks ago  111 MB

Matched Content