In the Registry Server
- Create an
htpasswd file containing the login credentials for the initial account.
mkdir -p ~/registry/auth
docker run --entrypoint htpasswd registry:2.7.0 -Bbn hienhoang SupP3rS3cureP@ssW0rd > ~/registry/auth/htpasswd
|
- Create a directory to hold the certs for the registry server
mkdir -p ~/registry/certs
|
- Create a self-signed certificate for the registry.
NOTE: For the Common Name field, enter the hostname of the registry server. Here I will use registry.internal
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout ~/registry/certs/domain.key \
-x509 -days 365 -out ~/registry/certs/domain.crt
|
- Create a container to run the registry.
docker run -d -p 443:443 --restart=always --name registry \
-v /home/hienhoang/registry/certs:/certs \
-v /home/hienhoang/registry/auth:/auth \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e REGISTRY_AUTH=htpasswd \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
registry:2.7.0
|
- Once the registry starts up, verify that it is responsive. It's OK if this command returns nothing, just make sure it does not fail.
curl -k https://localhost:443
|
In the Docker Client
- Add the registry's public self-signed certificate to
/etc/docker/certs.d. The scp command is copying the file from the registry server to the client.
sudo mkdir -p /etc/docker/certs.d/registry.internal:443
sudo scp hienhoang@registry.internal:/home/hienhoang/registry/certs/domain.crt /etc/docker/certs.d/registry.internal:443
|
- Log in to the private registry. The credentials should be username
hienhoang and password SupP3rS3cureP@ssW0rd.
docker login registry.internal:443
|
- Test the setup by push a image to the registry
docker pull ubuntu
docker tag ubuntu registry.internal:443/test-image:1
docker push registry.internal:443/test-image:1
|