Setup your own Docker Private Registry

In the Registry Server

  1. Create an htpasswd file containing the login credentials for the initial account.
mkdir -p ~/registry/auth
docker run --entrypoint htpasswd registry:2.7.0 -Bbn hienhoang SupP3rS3cureP@ssW0rd > ~/registry/auth/htpasswd
  1. Create a directory to hold the certs for the registry server
mkdir -p ~/registry/certs
  1. Create a self-signed certificate for the registry.

NOTE: For the Common Name field, enter the hostname of the registry server. Here I will use registry.internal

openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout ~/registry/certs/domain.key \
-x509 -days 365 -out ~/registry/certs/domain.crt
  1. Create a container to run the registry.
docker run -d -p 443:443 --restart=always --name registry \
-v /home/hienhoang/registry/certs:/certs \
-v /home/hienhoang/registry/auth:/auth \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e REGISTRY_AUTH=htpasswd \
  1. Once the registry starts up, verify that it is responsive. It's OK if this command returns nothing, just make sure it does not fail.
curl -k https://localhost:443

In the Docker Client

  1. Add the registry's public self-signed certificate to /etc/docker/certs.d. The scp command is copying the file from the registry server to the client.
sudo mkdir -p /etc/docker/certs.d/registry.internal:443
sudo scp hienhoang@registry.internal:/home/hienhoang/registry/certs/domain.crt /etc/docker/certs.d/registry.internal:443
  1. Log in to the private registry. The credentials should be username hienhoang and password SupP3rS3cureP@ssW0rd.
docker login registry.internal:443
  1. Test the setup by push a image to the registry
docker pull ubuntu
docker tag ubuntu registry.internal:443/test-image:1
docker push registry.internal:443/test-image:1