A Docker Registry is a secure repository for Docker container images. In this guide, we will walk you through setting up your own private Docker Registry on an Ubuntu 22.04 server. This is useful for keeping your Docker images private or when working with proprietary software.
Prerequisites
Before we begin, ensure you have the following:
- Two Ubuntu 22.04 Servers: You’ll need one server to host your private Docker Registry and another to act as the client.
- Docker Installed: Make sure you have Docker installed on both servers. You can follow the Docker installation instructions for Ubuntu 22.04 if you haven’t already.
- Docker Compose: Install Docker Compose on your host server. Refer to the official Docker Compose installation guide.
- NGINX: NGINX is a web server we’ll use for port forwarding. Install it on your host server using your system’s package manager.
- NGINX with Let’s Encrypt: Secure your NGINX server using Let’s Encrypt for HTTPS. Configure it to redirect HTTP to HTTPS.
- Domain Name: You’ll need a registered domain name that points to your host server. This will be used to access your private Docker Registry.
Step 1: Installing and Configuring the Docker Registry
- Create a directory for your Docker Registry configuration:
```bash mkdir ~/docker-registry cd ~/docker-registry ```
- Create a subdirectory to store registry data:
```bash mkdir data ```
- Create a `docker-compose.yml` file for your Docker Registry configuration:
```bash nano docker-compose.yml ```
- Add the following lines to your `docker-compose.yml` file:
```yaml version: '3' services: registry: image: registry:latest ports: - "5000:5000" environment: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data volumes: - ./data:/data ```
Save and close the file.
- Start your Docker Registry configuration:
```bash docker-compose up ```
Your Docker Registry container is now running. You can stop it later by pressing `CTRL+C`.
Step 2: Setting Up NGINX Port Forwarding
- Open your NGINX configuration file for your domain:
```bash sudo nano /etc/nginx/sites-available/your_domain ```
- Modify the `location /` block as follows:
```nginx
location / {
# Do not allow connections from older Docker clients
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$") {
return 404;
}
proxy_pass http://localhost:5000;
proxy_set_header Host $http_host; # required for Docker client
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
```
Save and close the file.
- Restart Nginx to apply the changes:
```bash sudo systemctl restart nginx ```
Your NGINX server is now forwarding traffic to your Docker Registry.
Step 3: Setting Up Authentication
- Install the `apache2-utils` package for `htpasswd`:
```bash sudo apt install apache2-utils -y ```
- Create a directory to store authentication credentials:
```bash mkdir ~/docker-registry/auth cd ~/docker-registry/auth ```
- Create the first user for authentication (replace `username` with your desired username):
```bash htpasswd -Bc registry.password username ```
You will be prompted to set a password for the user.
- Edit your `docker-compose.yml` file again:
```bash nano ~/docker-registry/docker-compose.yml ```
- Add the following environment variables to your `docker-compose.yml` file:
```yaml environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password ```
Save and close the file.
- Start your Docker Registry again:
```bash docker-compose up -d ```
Your registry is now secured with basic authentication.
Step 4: Starting Docker Registry as a Service
- Edit your `docker-compose.yml` file once more:
```bash nano ~/docker-registry/docker-compose.yml ```
- Add the following line to the `registry` service block:
```yaml restart: always ```
Save and close the file.
- Start your Docker Registry as a background process:
```bash docker-compose up -d ```
Your Docker Registry will now start automatically on system boot and recover from crashes.
Step 5: Increasing File Upload Size for NGINX
- Open your NGINX configuration file for editing:
```bash sudo nano /etc/nginx/nginx.conf ```
- Add the following line within the `http` section to increase the maximum file upload size to 16GB:
```nginx client_max_body_size 16384m; ```
Save and close the file.
- Restart NGINX to apply the changes:
```bash sudo systemctl restart nginx ```
Nginx is now configured to accept larger file uploads.
Step 6: Publishing to Your Private Docker Registry
- On your client server, log in to your Docker Registry with the username and password:
```bash docker login https://your_domain ```
- Rename the image you want to push:
```bash docker tag test-image your_domain/test-image ```
- Push the image to your private registry:
```bash docker push your_domain/test-image ```
Your image is now securely stored in your private Docker Registry.
Step 7: Pulling From Your Private Docker Registry
- On your main server, log in to your Docker Registry:
```bash docker login https://your_domain ```
- Pull the image from your private registry:
```bash docker pull your_domain/test-image ```
- Run a container using the pulled image:
```bash docker run -it your_domain/test-image ```
This revised tutorial removes specific website links and focuses on the essential steps to set up a private Docker Registry on Ubuntu 22.04. You should replace placeholders like `your_domain` and customize it according to your needs.
Well done! You have made it to the end of our tutorial. You now know all the steps to set up your own private Docker Registry on an Ubuntu 22.04 server.