Deploy a registry - saviovettoor/DevOps-wiki GitHub Wiki

Docker privet registry setup

Lets setup up a Private plain HTTP docker registry with local storage using docker registry.

Before Start docker needs to be installed link in the server.

Edit the daemon.json file, /etc/docker/daemon.json on Linux. If the daemon.json file does not exist, create it. Assuming there are no other settings in the file, it should have the following contents:

{
  "insecure-registries" : ["dockerrepo.com:5000"]
}

Once you made the above change make sure that you have restarted the docker daemon.

NOTE:Warning: It’s not possible to use an insecure registry with basic authentication. Since i dont have a valid domain dockerrepo.com so i added it in localhost entry in all of the machine.

Run the command to bringup the registry:

]#docker run --restart=on-failure:10 -d -p 5000:5000 -e standalone=True -e disable_token_auth=True -v /docker_repo:/tmp/registry --name rego registry

Let me explain those switches:

--restart=on-failure:10
This will cause the Docker service on the host to attempt to restart this container up to 10 times should the container exit, this could exit because of a reboot, or an error that shuts down the container. This way your container will automatically start up at boot so you do not have to do a docker start container-name command after rebooting

-d -p 5000:5000
The -d means daemon mode, that is run it in the background not in interactive mode.The -p 5000:5000 means map port 5000 on the host to port 5000 in the docker container

-e standalone=True -e disable_token_auth=True
Here we are setting two environmental variables, standalone and disable_token_auth

-v /docker_repo:/tmp/registry
This should be pretty simple, we are mapping a volume from the host at /docker_repo into /tmp/registry on the docker container, so now all the docker images that we push to our private registry are stored into a folder at /docker_repo on the host rather than in the container so that they are not lost when the container is shutdown

--name rego registry
This one is also again pretty simple, we are going to name our container “rego” and the name of the docker image we want to pull down from the public docker registry is “registry”

Lets Test our Registry

download and run a ubuntu image, once you are into the ubuntu console make some changes.

docker run -t -i ubuntu /bin/bash

Tag the image

docker tag ubuntu dockerrepo.com:5000/ubuntu:v1

List out the images

docker images

Push your image to Repo

docker push dockerrepo.com:5000/ubuntu:v1

The command to List out the docker images in docker repo:

List all repositories (effectively images):

curl -X GET http://dockerrepo.com:5000/v2/_catalog
> {"repositories":["test_image","ubuntu"]}

List out all tags for a repository:

curl -X GET https://dockerrepo.com:5000/v2/ubuntu/tags/list
> {"name":"ubuntu","tags":["v1","v2"]}

Registry with SSL enabled + authentication

Lets install necessary packages and folder for SSL configuration

yum install openssl
mkdir /opt/certs
mkdir /opt/auth
mkdir /etc/certs.d/myregistrydomain:5000

Generate self signed cert for domain myregistrydomain.com

openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/certs/dockerrepo.key -x509 -days 365 -out /opt/certs/dockerrepo.crt -subj /CN=myregistrydomain.com
cp /opt/certs/dockerrepo.crt /etc/certs.d/myregistrydomain:5000/ca.crt #To make certificate is trusted
docker pull registry:2

Setting up password for the registry

docker run --entrypoint htpasswd registry:2 -Bbn test password@123 > /opt/auth/htpasswd

Now lets run registry

docker run -d -p 5000:5000 -v /opt/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dockerrepo.crt  -e REGISTRY_HTTP_TLS_KEY=/certs/dockerrepo.key -v /opt/auth:/auth -e REGISTRY_AUTH=htpasswd -e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2