- \n
- Ubuntu 18.04 server<\/li>\n
- Root privileges<\/li>\n<\/ul>\n
What we will do?<\/strong><\/p>\n
- \n
- Install Dependencies<\/li>\n
- Install Docker and Docker-compose<\/li>\n
- Setup Private Docker Registry<\/li>\n
- Testing<\/li>\n<\/ol>\n
Step 1 – Install Package Dependencies<\/h2>\n
First of all, we’re going to install some packages dependencies for deploying the Private Docker Registry.<\/p>\n
Install packages dependencies using the following command.<\/p>\n
sudo apt install -y gnupg2 pass apache2-utils httpie<\/code><\/pre>\nThe gnupg2 and pass packages will be used to store the password authentication to the docker registry. And the apache2-utils will be used to generate the basic authentication, and httpie will be used for testing.<\/p>\n
Step 2 – Install Docker and Docker-compose<\/h2>\n
Now we’re going to install the docker and docker-compose from the official Ubuntu repository.<\/p>\n
Install Docker and Docker-compose by running the following command.<\/p>\n
sudo apt install -y docker.io docker-compose -y<\/code><\/pre>\nOnce the installation is finished, start the docker service and add it to the boot time.<\/p>\n
sudo systemctl start docker\r\nsudo systemctl enable docker<\/code><\/pre>\nThe Docker is up and running, and the Docker-compose has been installed. Check using the command below.<\/p>\n
docker version\r\ndocker-compose version<\/code><\/pre>\nAnd you will be displayed version of Docker and Docker-compose installed on your system.<\/p>\n
![\"Install](\"https:\/\/www.howtoforge.com\/images\/how_to_setup_private_docker_registry_on_ubuntu_1804_lts\/11.png\")
<\/a><\/p>\nStep 3 – Setup Private Docker Registry<\/h2>\n
In this step, we’re going to configure the Docker Registry environment by creating some directories environment, and create some configuration including the docker-compose.yml, nginx virtual host and additional configuration etc.<\/p>\n
– Create Project Directories<\/strong><\/p>\n
Create a new directory for the project called ‘registry’ and create the ‘nginx’ and ‘auth’ directories inside.<\/p>\n
mkdir -p registry\/{nginx,auth}<\/code><\/pre>\nAfter that, go to the directory ‘registry’ and create new directories again inside ‘nginx’.<\/p>\n
cd registry\/\r\nmkdir -p nginx\/{conf.d\/,ssl}<\/code><\/pre>\nAnd as a result, the project directories look like the following picture.<\/p>\n
tree<\/code><\/pre>\n![\"Create](\"https:\/\/www.howtoforge.com\/images\/how_to_setup_private_docker_registry_on_ubuntu_1804_lts\/21.png\")
<\/a><\/p>\n– Create Docker-compose Script<\/strong><\/p>\n
Now we want to create a new docker-compose.yml script for deploying the Docker Registry.<\/p>\n
Go to the ‘registry’ directory and create a new configuration file ‘docker-compose.yml’.<\/p>\n
cd registry\/\r\nvim docker-compose.yml<\/code><\/pre>\nFirstly, define the compose version that you want to use and the service.<\/p>\n
version: '3'\r\nservices:<\/code><\/pre>\nAfter that, add the first service named ‘registry’. The Docker Registry service will be using the docker image that’s provided by docker team ‘registry:2. It will mount the docker volume ‘registrydata’ and the local directory named ‘auth’ that contains basic authentication file ‘registry.passwd’. And the last, it will run on the custom docker image named ‘mynet’ and expose the port 5000 on both container and host.<\/p>\n
#Registry\r\n registry:\r\n image: registry:2\r\n restart: always\r\n ports:\r\n - \"5000:5000\"\r\n environment:\r\n REGISTRY_AUTH: htpasswd\r\n REGISTRY_AUTH_HTPASSWD_REALM: Registry-Realm\r\n REGISTRY_AUTH_HTPASSWD_PATH: \/auth\/registry.passwd\r\n REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: \/data\r\n volumes:\r\n - registrydata:\/data\r\n - .\/auth:\/auth\r\n networks:\r\n - mynet<\/pre>\n
Next, the configuration of ‘nginx’ service that will run HTTP and HTTPS ports and mount the local directory ‘conf.d’ for virtual host configuration, and the ‘ssl’ for ssl certificates.<\/p>\n
#Nginx Service\r\n nginx:\r\n image: nginx:alpine\r\n container_name: nginx\r\n restart: unless-stopped\r\n tty: true\r\n ports:\r\n - \"80:80\"\r\n - \"443:443\"\r\n volumes:\r\n - .\/nginx\/conf.d\/:\/etc\/nginx\/conf.d\/\r\n - .\/nginx\/ssl\/:\/etc\/nginx\/ssl\/\r\n networks:\r\n - mynet<\/pre>\n
And the last, define the custom network ‘mynet’ with bridge driver and the ‘registrydata’ with a local driver.<\/p>\n
#Docker Networks\r\nnetworks:\r\n mynet:\r\n driver: bridge\r\n#Volumes\r\nvolumes:\r\n registrydata:\r\n driver: local<\/pre>\n
Save and close the configuration.<\/p>\n
Below is the complete configuration:<\/p>\n
version: '3'\r\nservices:\r\n\r\n#Registry\r\n registry:\r\n image: registry:2\r\n restart: always\r\n ports:\r\n - \"5000:5000\"\r\n environment:\r\n REGISTRY_AUTH: htpasswd\r\n REGISTRY_AUTH_HTPASSWD_REALM: Registry-Realm\r\n REGISTRY_AUTH_HTPASSWD_PATH: \/auth\/registry.passwd\r\n REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: \/data\r\n volumes:\r\n - registrydata:\/data\r\n - .\/auth:\/auth\r\n networks:\r\n - mynet\r\n\r\n#Nginx Service\r\n nginx:\r\n image: nginx:alpine\r\n container_name: nginx\r\n restart: unless-stopped\r\n tty: true\r\n ports:\r\n - \"80:80\"\r\n - \"443:443\"\r\n volumes:\r\n - .\/nginx\/conf.d\/:\/etc\/nginx\/conf.d\/\r\n - .\/nginx\/ssl\/:\/etc\/nginx\/ssl\/\r\n networks:\r\n - mynet\r\n\r\n#Docker Networks\r\nnetworks:\r\n mynet:\r\n driver: bridge\r\n#Volumes\r\nvolumes:\r\n registrydata:\r\n driver: local<\/pre>\n
– Configure Nginx Virtual Host<\/strong><\/p>\n
After creating the docker-compose script, we will create the virtual host and additional configuration for the nginx service.<\/p>\n
Go to ‘nginx\/conf.d\/’ directory and create a new virtual host file called ‘registry.conf’.<\/p>\n
cd nginx\/conf.d\/\r\nvim registry.conf<\/code><\/pre>\nPaste the following configuration.<\/p>\n
upstream docker-registry {\r\n server registry:5000;\r\n}\r\n\r\nserver {\r\n listen 80;\r\n server_name registry.hakase-labs.io;\r\n return 301 https:\/\/registry.hakase-labs.io$request_uri;\r\n}\r\n\r\nserver {\r\n listen 443 ssl http2;\r\n server_name registry.hakase-labs.io;\r\n\r\n ssl_certificate \/etc\/nginx\/ssl\/fullchain.pem;\r\n ssl_certificate_key \/etc\/nginx\/ssl\/privkey.pem;\r\n\r\n # Log files for Debug\r\n error_log \/var\/log\/nginx\/error.log;\r\n access_log \/var\/log\/nginx\/access.log;\r\n\r\n location \/ {\r\n # Do not allow connections from docker 1.5 and earlier\r\n # docker pre-1.6.0 did not properly set the user agent on ping, catch \"Go *\" user agents\r\n if ($http_user_agent ~ \"^(docker\\\/1\\.(3|4|5(?!\\.[0-9]-dev))|Go ).*$\" ) {\r\n return 404;\r\n }\r\n\r\n proxy_pass http:\/\/docker-registry;\r\n proxy_set_header Host $http_host;\r\n proxy_set_header X-Real-IP $remote_addr;\r\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\r\n proxy_set_header X-Forwarded-Proto $scheme;\r\n proxy_read_timeout 900;\r\n }\r\n\r\n}<\/pre>\nSave and close.<\/p>\n
Next, create an additional configuration to increase the max_body_size on nginx. This will allow you to upload docker images with max size 2GB.<\/p>\n
vim additional.conf<\/code><\/pre>\nPaste configuration below.<\/p>\n
client_max_body_size 2G;<\/code><\/pre>\nSave and close.<\/p>\n
– Configure SSL Certificate and Basic Authentication<\/strong><\/p>\n
Copy SSL certificate files of your domain to the ‘ssl’ directory.<\/p>\n
cp \/path\/to\/ssl\/fullchain.pem ssl\/\r\ncp \/path\/to\/ssl\/privkey.pem ssl\/<\/code><\/pre>\nNow go to the ‘auth’ directory and generate the new password file ‘registry.passwd’.<\/p>\n
cd auth\/<\/code><\/pre>\nGenerate a new password for user hakase.<\/p>\n
htpasswd -Bc registry.passwd hakase\r\nTYPE THE STRONG PASSWORD<\/code><\/pre>\n![\"Password](\"https:\/\/www.howtoforge.com\/images\/how_to_setup_private_docker_registry_on_ubuntu_1804_lts\/31.png\")
<\/a><\/p>\nAnd the environment setup for deploying Private Docker Registry has been completed.<\/p>\n
Below is the screenshot of our environment files and directories.<\/p>\n
tree<\/code><\/pre>\n![\"Directory](\"https:\/\/www.howtoforge.com\/images\/how_to_setup_private_docker_registry_on_ubuntu_1804_lts\/41.png\")
<\/a><\/p>\n– Run Docker Registry<\/strong><\/p>\n
Run the Docker Registry using the docker-compose command below.<\/p>\n
docker-compose up -d<\/code><\/pre>\nAnd you will get the result as below.<\/p>\n
![\"Start](\"https:\/\/www.howtoforge.com\/images\/how_to_setup_private_docker_registry_on_ubuntu_1804_lts\/51.png\")
<\/a><\/p>\nAfter that, make sure the registry and nginx service is up and running. Check using the following command.<\/p>\n
docker-compose ps\r\nnetstat -plntu<\/code><\/pre>\nAnd you will be shown the ‘registry’ service is running on port ‘5000’, and the ‘nginx’ service will expose the HTTP and HTTPS ports as below.<\/p>\n
![\"Check](\"https:\/\/www.howtoforge.com\/images\/how_to_setup_private_docker_registry_on_ubuntu_1804_lts\/61.png\")
<\/a><\/p>\nStep 4 – Testing<\/h2>\n
Before we test our Private Docker Registry, we need to add the Root CA certificate to the docker itself and to the system.<\/p>\n
If you’re using the pem file certificate, export it to the .crt file using the OpenSSL command.<\/p>\n
openssl x509 -in rootCA.pem -inform PEM -out rootCA.crt<\/code><\/pre>\nNow create a new directory for docker certificate and copy the Root CA certificate into it.<\/p>\n
mkdir -p \/etc\/docker\/certs.d\/registry.hakase-labs.io\/\r\ncp rootCA.crt \/etc\/docker\/certs.d\/registry.hakase-labs.io\/<\/code><\/pre>\nAnd then create a new directory ‘\/usr\/share\/ca-certificate\/extra’ and copy the Root CA certificate into it.<\/p>\n
mkdir -p \/usr\/share\/ca-certificates\/extra\/\r\ncp rootCA.crt \/usr\/share\/ca-certificates\/extra\/<\/code><\/pre>\nAfter that, reconfigure the ‘ca-certificate’ package and restart the Docker service.<\/p>\n
dpkg-reconfigure ca-certificates\r\nsystemctl restart docker<\/code><\/pre>\n![\"Create](\"https:\/\/www.howtoforge.com\/images\/how_to_setup_private_docker_registry_on_ubuntu_1804_lts\/71.png\")
<\/a><\/p>\n– Download Docker Image<\/strong><\/p>\n
Download new Docker image using the following command.<\/p>\n
docker pull ubuntu:16.04<\/code><\/pre>\nWhen it’s complete, tag the image for the private registry with the command below.<\/p>\n
docker image tag ubuntu:16.04 registry.hakase-labs.io\/ubuntu16<\/code><\/pre>\nCheck again the list of Docker images on the system and you will get new images as below.<\/p>\n
docker images<\/code><\/pre>\n![\"Download](\"https:\/\/www.howtoforge.com\/images\/how_to_setup_private_docker_registry_on_ubuntu_1804_lts\/81.png\")
<\/a><\/p>\n– Push Image to Private Local Registry<\/strong><\/p>\n
Log in to the Private Docker Registry using the following command.<\/p>\n
docker login https:\/\/registry.hakase-labs.io\/v2\/<\/code><\/pre>\nType the username and password based on the ‘registry.htpasswd’ file.<\/p>\n
Now check the available of docker image on the Registry.<\/p>\n
http -a hakase https:\/\/registry.hakase-labs.io\/v2\/_catalog<\/code><\/pre>\nAnd there is no docker image on the Registry.<\/p>\n
![\"Push](\"https:\/\/www.howtoforge.com\/images\/how_to_setup_private_docker_registry_on_ubuntu_1804_lts\/91.png\")
<\/a><\/p>\nNow push our custom image to the Private Docker Registry.<\/p>\n
docker push registry.hakase-labs.io\/ubuntu16<\/code><\/pre>\nCheck again and make sure you get the ‘ubuntu16’ docker image on the Private Repository.<\/p>\n
http -a hakase https:\/\/registry.hakase-labs.io\/v2\/_catalog<\/code><\/pre>\n
![\"Install](\"https:\/\/www.howtoforge.com\/images\/how_to_setup_private_docker_registry_on_ubuntu_1804_lts\/big\/11.png\")
<\/a><\/p>\n