A Docker Registry is a service which you can push Docker images to for storage and sharing. We can deploy our own private Docker Registry behind our firewall with SSL encryption and HTTP authentication. Here we can use centos 7 to install docker registry and using apache for secure connection with htpasswd.
Install Private Docker Registry on Centos 7
Update all packages and install docker registry
#yum update #yum install docker-registry
#systemctl enable docker-registry.service #service docker-registry start
Change your customized registry storage path if you need.
search the storage path location and change it.
Once the changes are completed restart docker registry.
To verify the docker registry, use curl command
Thats it!! You’re insecure registry is working now.
Browse your Insecure Registry docker registry
Tag your images to push to registry
#docker tag <imageID> 192.168.1.88:5000/centos
Run your insecure docker registry with docker
#service docker stop
#docker -d --insecure-registry 192.168.1.88:5000 &
change your docker startup script with insecure registry
add insecure registry url on ExecStart
ExecStart=/usr/bin/docker -d $OPTIONS \ $DOCKER_STORAGE_OPTIONS \ $DOCKER_NETWORK_OPTIONS \ $ADD_REGISTRY \ $BLOCK_REGISTRY \ --insecure-registry 192.168.1.88:5000
Push your images
#docker push 192.168.1.88:5000/centos
Your images will successfully pushed to insecure registry
Pull your images
change your docker startup script with insecure registry as per previous step
#docker pull 192.168.1.88:5000/centos
You are done with insecure registry
Secure Docker Private Registry
In order to use docker registry with secure URL, try to install apache and configure SSL.
install apache with mod SSL.
#yum install httpd mod_ssl
Create user authentication using htpasswd for docker registry
# htpasswd -c /etc/httpd/.htpasswd USERNAME
create your SSL certificate whether Self Signed or valid SSL cert, open your ssl.conf and add proxy settings before </VirtualHost>
ProxyRequests off ProxyPreserveHost on ProxyPass / http://127.0.0.1:5000/ ProxyPassReverse / http://127.0.0.1:5000/
<Location /> Order deny,allow Allow from all
AuthName "Registry Authentication" AuthType basic AuthUserFile "/etc/httpd/.htpassword" Require valid-user </Location>
# Allow ping and users to run unauthenticated. <Location /v1/_ping> Satisfy any Allow from all </Location> # Allow ping and users to run unauthenticated. <Location /_ping> Satisfy any Allow from all </Location>
Change the valid SSL certificate paths
Now you try to restart httpd service.
# service httpd restart
Browse your registry with SSL and make sure it works.
Now you can login to private registry server
docker login https://192.168.1.88/
provide your username and password, the same you provided when creating the htpasswd file.
-Push your images to docker registry
#docker push 192.168.1.88/centos