Docker : Use Registry2021/04/06

	Install Docker-Registry to build Private Registry for Docker images.
[1]	Pull the Registry image and run it. Container Images are located under [/var/lib/regstry] on Registry v2 Container, so map to mount [/var/lib/docker/registry] on parent Host for Registry Container to use as Persistent Storage.

[root@dlp ~]#

docker pull registry:2

[root@dlp ~]#

mkdir /var/lib/docker/registry

[root@dlp ~]#

docker run -d -p 5000:5000 \
-v /var/lib/docker/registry:/var/lib/registry \
registry:2

ecabc506bcdf2acc06d2444fcf8b4fb5a88e6d87772500bc7319eb0562052413

[root@dlp ~]#

docker ps

CONTAINER ID   IMAGE        COMMAND                  CREATED          STATUS         PORTS                    NAMES
ecabc506bcdf   registry:2   "/entrypoint.sh /etc…"   10 seconds ago   Up 9 seconds   0.0.0.0:5000->5000/tcp   strange_merkle

# if Firewalld is running, allow ports

[root@dlp ~]#

firewall-cmd --add-port=5000/tcp --permanent

[root@dlp ~]#

firewall-cmd --reload

# to use the Registry from other Docker Client Hosts, set like follows

[root@client ~]#

vi /etc/docker/daemon.json

# create new or add

# add Hosts you allow HTTP connection (default is HTTPS)

{
  "insecure-registries":
    [
      "docker.internal:5000",
      "dlp.srv.world:5000"
    ]
}

[root@client ~]#

systemctl restart docker

[root@client ~]#

docker tag nginx dlp.srv.world:5000/nginx:my-registry

[root@client ~]#

docker push dlp.srv.world:5000/nginx:my-registry

[root@client ~]#

docker images

REPOSITORY                 TAG           IMAGE ID       CREATED      SIZE
dlp.srv.world:5000/nginx   my-registry   7ce4f91ef623   6 days ago   133MB
nginx                      latest        7ce4f91ef623   6 days ago   133MB

[2]	This is for the case you set self-signed certificate and enable HTTPS connection. This example is based on that certificate were created under the [/etc/pki/tls/certs] directory.

[root@dlp ~]#

docker run -d -p 5000:5000 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/server.key \
-v /etc/pki/tls/certs:/certs \
-v /var/lib/docker/registry:/var/lib/registry \
registry:2

8da97eb2aa58269558ac8ed76da4eb4d29ecd4c94b7115fde9377fe881ac0794

# to use the Registry from other Docker Client Hosts, set like follows

# it's not need to add [insecure-registries] but

# need to locate server's certificate on the client side like follows

[root@client ~]#

mkdir -p /etc/docker/certs.d/dlp.srv.world:5000

[root@client ~]#

scp dlp.srv.world:/etc/pki/tls/certs/server.crt /etc/docker/certs.d/dlp.srv.world:5000/ca.crt

[root@client ~]#

docker tag centos dlp.srv.world:5000/centos:my-registry

[root@client ~]#

docker push dlp.srv.world:5000/centos:my-registry

[root@client ~]#

docker images

REPOSITORY                  TAG           IMAGE ID       CREATED        SIZE
dlp.srv.world:5000/centos   my-registry   300e315adb2f   3 months ago   209MB
centos                      latest        300e315adb2f   3 months ago   209MB

[3]	This is for the case you set valid certificate like Let's Encrypt and enable HTTPS connection. This example is based on that certificate were created under the [/etc/letsencrypt] directory.

[root@dlp ~]#

docker run -d -p 5000:5000 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem \
-e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem \
-v /etc/letsencrypt/live/dlp.srv.world:/certs \
-v /var/lib/docker/registry:/var/lib/registry \
registry:2

28512a4b96d93172b7af66f6b7263fdbff8d729a76659c8b955c60800b557f4f

# to use the Registry from other Docker Client Hosts, set like follows

# it's not need to change any specific settings, it can use with default

[root@client ~]#

docker tag nginx dlp.srv.world:5000/my-nginx:my-registry

[root@client ~]#

docker push dlp.srv.world:5000/my-nginx:my-registry

[root@client ~]#

docker images

dlp.srv.world:5000/my-nginx    my-registry   7ce4f91ef623   6 days ago     133MB
nginx                          latest        7ce4f91ef623   6 days ago     133MB

Matched Content