Install Private Docker Registry on Centos 7

A Docker Registry is a service which you can push Docker images to for storage and sharing. We can deploy our own private Docker Registry behind our firewall with SSL encryption and HTTP authentication. Here we can use centos 7 to install docker registry and using Apache for secure connection with htpasswd.

Install Private Docker Registry on Centos 7

Update all packages and install docker registry

#yum update
#yum install docker-registry
#systemctl enable docker-registry.service
#service docker-registry start

Change your customized registry storage path if you need.

vi /etc/docker-registry.yml

search the storage path location and change it.

storage_path =

Once the changes are completed restart docker registry.

To verify the docker registry, use curl command

“\”docker-registry server\””

That’s it!! Your insecure registry is working now.

Browse your Insecure Registry docker registry
Tag your images to push to registry


#docker tag <imageID>

Run your insecure docker registry with docker

#service docker stop
#docker -d --insecure-registry &


change your docker startup script with insecure registry

#vi /usr/lib/systemd/system/docker.service

add insecure registry url on ExecStart


Example entry

ExecStart=/usr/bin/docker -d $OPTIONS \

Push your images

#docker push

Your images will successfully be pushed to insecure registry

Pull your images

change your docker startup script with insecure registry as per previous step

#docker pull

You are done with insecure registry

Secure Docker Private Registry

In order to use docker registry with secure URL, try to install apache and configure SSL.

install apache with mod SSL.

#yum install httpd mod_ssl

Create user authentication using htpasswd for docker registry

# htpasswd -c /etc/httpd/.htpasswd USERNAME

create your SSL certificate whether Self Signed or valid SSL cert, open your ssl.conf and add proxy settings before </VirtualHost>

#vi /etc/httpd/conf.d/ssl.conf

ProxyRequests off
 ProxyPreserveHost on
 ProxyPass /
 ProxyPassReverse /
<Location />
 Order deny,allow
 Allow from all
AuthName "Registry Authentication"
 AuthType basic
 AuthUserFile "/etc/httpd/.htpassword"
 Require valid-user
# Allow ping and users to run unauthenticated.
 <Location /v1/_ping>
 Satisfy any
 Allow from all
 # Allow ping and users to run unauthenticated.
 <Location /_ping>
 Satisfy any
 Allow from all

Change the valid SSL certificate paths

Now you try to restart httpd service.

# service httpd restart

Browse your registry with SSL and make sure it works.
Now you can login to private registry server

docker login

provide your username and password, the same you provided when creating the htpasswd file.

-Push your images to docker registry

#docker push


Docker registry itself authentication setup

New private docker repository moved as docker distribution. Once you installed docker registry.

Create htpasswd in any file, example /etc/nginx/.htpasswd


# htpasswd -c /etc/nginx/.htpasswd admin

Once done, modify the following docker distribution configuration config

vi /etc/docker-distribution/registry/config.yml

add the additional auth configuration.

 realm: basic-realm
 path: /etc/nginx/.htpasswd


Example config.yml file

version: 0.1
 service: registry
 layerinfo: inmemory
 rootdirectory: /var/lib/registry
 addr: :5000
 realm: basic-realm
 path: /etc/nginx/.htpasswd

Restart docker registry service.

Done, before you push or pull the images. you must log in the Docker registry.

docker login