
Your own private docker registry with digitalocean and caddy
- Create a droplet 1-click app for docker ($20/mo).
- Get a domain name and point the nameservers to digitalocean.
- Configure the DNS record.
- SSH to the droplet.
- Pull the registry image from docker hub.
- Start the registry image.
- Open firewall to port 5000.
- Download caddy.
- Edit the
Caddyfileconfiguration file. - Run
caddy. - 🍻.
Dated Aug 26, 2017
Historically, hosting your own private docker registry up was a pain. It’s much easier now. In this article I’ll share one way to get up and running with your our own docker registry on digitalocean with docker and caddy.
Note: this is simplified and not intended for a hardened, secure setup.
Provision a droplet to host docker
In the digitalocean admin UI, create a new droplet for docker:

Provision a domain name
We’re going to use caddy for it’s simple SSL/LetsEncrypt setup, so get a domain name from your domain name seller of choice. Configure the nameservers to point to ns1.digitalocean.com, ns2.digitalocean.com, and ns3.digitalocean.com.
I picked dock5r.io for this example.

Create a DNS entry in the networking section. Create a new A record for the root @ pointing to the droplet you just created and a wildcard CNAME entry * to the root @ .

Pull down the registry image from docker hub
SSH to the droplet and pull down the registry image with docker pull registry:

Start it up as a daemon such that it automatically restarts, mapping the host port to container port 5000: docker run -d --name registry -p 5000:5000 — restart always registry:2 .

Open firewall to tcp traffic on port 5000
Run ufw allow 5000/tcp to open the standard docker registry port.
Download caddy
Here we’re using curl to download, piping it into bash and installing into /usr/local/bin .

Note: you can also run caddy as another docker container (of course you’d think that).
Configure caddy to proxy traffic to the docker container
$ vi Caddyfile to edit the configuration file for caddy. In this example we’re creating 2 subdomains: www.dock5r.io to browse whatever static content we might like (echo "Hello World" > index.html). This is just for fun and to test the https connection, and is not relevant to the registry itself.
The second stanza provisions a virtual host registry.dock5r.io that will transparently proxy traffic /v2 to the registry container. You can get the IP address of the container by running docker inspect registry (or whatever the docker process identifier you assigned it). We’ll want to set the Docker-Distribution-Api-Version header to registry/2.0 .

Finally, start caddy in the same directory where the Caddyfile exists, and you’re good to go: caddy . It will reach out to letsencrypt and automatically provision SSL certificates for thewww.* and registry.* subdomains.
You should now be able to push and pull images to and from this docker registry instance over a secure socket (you can additionally secure the instance with the caddy basicauth module).
docker push registry.dock5r.io/myorganization/myimage:mytag
docker pull registry.dock5r.io/myorganization/myimage:mytag
To list the images in the registry, open a browser and type https://registry.dock5r.io:5000/v2/_catalog .
Happy coding!
