10K Views

How to Setup and Manage a Secured Private Docker Registry on Ubuntu

In our previous blogs, we have discussed various possible docker architectures and its integration with e-commerce platforms like Magento. In today’s discussion, we will setup a secure private docker registry.

Docker being a very powerful deployment tool, allows flexibility, scalability and centralisation. A centralised storage hub is facilitated by Docker hub, a public registry for storing docker images. Using Docker hub for storing and accessing docker images is indeed a good idea for Devops personnel, however you might not want to share everything on a public docker registry, making it accessible to everyone.

Docker provides its own image to setup a private docker registry, deploying which we can store docker images within our internal server architecture. All images stored in private docker registry will be saved on the server.

 

Docker Registry Setup

 

In our project, we are using Ubuntu 16.04 as Operating System and docker-registry version 2. To deploy docker registry, please ensure that you have latest versions of docker engine and docker-compose tool installed on your server.

To install docker CE:

 

 

To install docker-compose tool:

 

 

Now, create a project directory for docker registry,

 

 

Create a docker-compose.yml file and a directory naming data in the docker-registry directory. Contents of docker-compose.yml are,

 

 

This docker-compose.yml file will pull registry:latest image and will run it on port 5000. Also, we are storing Images on our docker host, so we will map data directory with the registry storage filesystem root directory inside registry container. Also, we have enabled image deletion parameter in docker registry.

So far we have added a block for registry setup in docker-compose.yml file. Still our private docker registry is running over plain HTTP and is accessible to everyone having docker registry URL.

Now we will proceed with deploying SSL and user authentication mechanism in the registry. Create a directory nginx inside docker-registry directory. Upload your SSL certificates for your registry domain or create private SSL certificates to be added in nginx configuration file.

To generate private certificates, run the following command,

 

 

For user authentication management, create a user for basic HTTP authentication as,

 

 

Now, setup nginx configuration file as registry.conf inside nginx docker directory and mention path to SSL certificates, basic authentication configuration and registry info as,

 

 

Here nginx will act as a SSL terminator for private docker registry. Now add Nginx block in docker-compose.yml.

 

 

Now docker environment is ready to be created. We will build the images and deploy containers to run a secure private docker registry.

 

 

To check created docker images,

 

 

To check running docker containers.

 

 

Pushing an Image to Secured Private Docker Registry

 

Your secured private docker registry is ready to be used. We will now push a docker image to docker-registry. Lets pull docker image hello-world

 

 

Login to private docker registry and enter your registry auth user and password. As in this case,

 

 

Now tag docker image hello-world with the registry,

 

 

Push the tagged docker image as,

 

 

Now check the uploaded image on docker registry from terminal using curl,

 

 

Above command will list images in json format. We can also check list of docker images stored on registry by inspecting data directory on docker host,

 

 

In order to delete any particular image, first check image availability along with its tag as,

 

 

Now, delete image repositories and blobs, and restart registry container as,

 

 

Finally, list all the images of docker registry to check available images,

 

 

At last, you are all set to launch your own private docker registry over ssl. Explore more and more with docker containers and docker registry applications. A well managed container architecture lays strong foundation of distributed architecture.

You can discuss your doubts and queries with us at [email protected].

 

 

. . .

Comment

Add Your Comment

Be the first to comment.

css.php