Menu
Our Docker images ship closed sources, we need to store them somewhere safe, using own private docker registry. We search the simplest way to deploy a private docker registry with a simple authentication layer.
I found :
shipyard/docker-private-registry docker image based on stackbrew/registry and adding basic auth via Nginx - https://github.com/shipyard/docker-private-registry I think use shipyard/docker-private-registry, but is there one another best way?
722
One server will host your private Docker Registry and the other will be your client server. Docker installed on both servers by following Step 1 and 2 of How To Install and Use Docker on Ubuntu 20.04.
More than a private Docker repository Container Registry is a single place for your team to manage Docker images, perform vulnerability analysis, and decide who can access what with fine-grained access control. Existing CI/CD integrations let you set up fully automated Docker pipelines to get fast feedback.
I'm still learning how to run and use Docker, consider this an idea:
# Run the registry on the server, allow only localhost connection docker run -p 127.0.0.1:5000:5000 registry # On the client, setup ssh tunneling ssh -N -L 5000:localhost:5000 user@server The registry is then accessible at localhost:5000, authentication is done through ssh that you probably already know and use.
Sources:
176
You can also use an Nginx front-end with a Basic Auth and an SSL certificate.
Regarding the SSL certificate I have tried couple of hours to have a working self-signed certificate but Docker wasn't able to work with the registry. To solve this I have a free signed certificate which work perfectly. (I have used StartSSL but there are others). Also be careful when generating the certificate. If you want to have the registry running at the URL registry.damienroch.com, you must give this URL with the sub-domain otherwise it's not going to work.
You can perform all this setup using Docker and my nginx-proxy image (See the README on Github: https://github.com/zedtux/nginx-proxy). This means that in the case you have installed nginx using the distribution package manager, you will replace it by a containerised nginx.
.crt and .key files) on your server in a folder (I'm using /etc/docker/nginx/ssl/ and the certificate names are private-registry.crt and private-registry.key)/etc/docker/nginx/htpasswd/ and the filename is accounts.htpasswd)/etc/docker/registry/)Here is an example of the commands to run for the previous steps:
sudo docker run -d --name nginx -p 80:80 -p 443:443 -v /etc/docker/nginx/ssl/:/etc/nginx/ssl/ -v /var/run/docker.sock:/tmp/docker.sock -v /etc/docker/nginx/htpasswd/:/etc/nginx/htpasswd/ zedtux/nginx-proxy:latest sudo docker run -d --name registry -e VIRTUAL_HOST=registry.damienroch.com -e MAX_UPLOAD_SIZE=0 -e SSL_FILENAME=private-registry -e HTPASSWD_FILENAME=accounts -e DOCKER_REGISTRY=true -v /etc/docker/registry/data/:/tmp/registry registry The first line starts nginx and the second one the registry. It's important to do it in this order.
When both are up and running you should be able to login with:
docker login https://registry.damienroch.com If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
