Private Docker Registry Part 1: basic local example
We wanted to be able to host our own docker registry in order to use it with Rancher. There was a very nice post by them on how to do it, but we wanted to have a bit more control over the services that will route the actual registry.
Here were the full set of requirements we had:
- Uses SSL certificate
- Is password protected
- Hosted on Azure
- Has a simple UI to browse the images
But first thing first: let’s stand up a very simple registry with a UI!
NOTE: The reference material for this article can be found here
The Services Definition
Here is the template of the docker-compose.yml file for a basic local docker registry
version: '2'
services:
lb:
image: dockercloud/haproxy:1.6.2
links:
- registry
- registry-ui
ports:
- '80:80'
- '443:443'
- '5000:5000'
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sockregistry:
build: ./registry
restart: always
expose:
- 5000
environment:
TCP_PORTS: '5000'
VIRTUAL_HOST: '*:5000, https://*:5000'
FORCE_SSL: 'true'
REGISTRY_STORAGE_DELETE_ENABLED: 'true'registry-ui:
image: konradkleine/docker-registry-frontend:v2
restart: always
environment:
VIRTUAL_HOST: '*, https://*'
ENV_DOCKER_REGISTRY_HOST: 'registry'
ENV_DOCKER_REGISTRY_PORT: 5000
links:
- registry
expose:
- 80
Services
HAProxy
This service is the load balancer. The only thing we had to do, is to bind port 5000 in order to redirect the traffic to the registry.
Registry
This service is the docker registry. A lot of configuration was required:
- Set the TCP_PORTS and VIRTUAL_HOST environment variable
This is required for HAProxy to redirect all traffic from port 5000 to this service - Set registry sevice specific environment variables:
- REGISTRY_STORAGE_DELETE_ENABLED=true: otherwise, the registry does not support deleting images
Registry UI (Docker Registry Frontend)
This service hosts a very simple docker UI name docker-registry-frontend by Konrad Kleine (thanks a lot!). In this service, not so much was required to be configured:
- Set the VIRTUAL_HOST environment variable
This is required for HAProxy to redirect all traffic (NOT already taken care of ) to this service - Set the registry-ui service specific environment variables:
ENV_DOCKER_REGISTRY_HOST=registry : name of the service for which a link exist
ENV_DOCKER_REGISTRY_PORT=5000 : the port on which the registry listens to
How to start it
To start the registry locally, simply run this command
docker-compose up -d- The registry is reachable at localhost:5000
- The registry UI is reachable http://localhost:80
IMPORTANT NOTES: The registry is:
- Running locally
- Not using any authentication mechanism
- Storing docker images in the container only.
If you want to persist it for some reason, add this volume to the registry service definition - Not using SSL
volumes:
./local_registry_backup:/var/lib/registryHow to validate it works
- Pull a know small image
docker pull alpine:3.4- Tag that image to point to your local registry
NOTE: there is an optional username parameter that can be added if you want to name your image
docker tag alpine:3.4 localhost:5000/<optional-username>/alpine:3.4- Push the image to your registry
docker push localhost:5000/<optional-username>/alpine:3.4- Validate it’s available in your registry UI by navigating to http://localhost:80
- Delete the image from your local docker images
docker rmi localhost:5000/<optional-username>/alpine:3.4- You should not have any local docker images tagged with your registry now. To validate it
docker images | grep localhost:5000- Fetch the image from your private registry
docker fetch localhost:5000/<optional-username>/alpine:3.4You’re good to go, the very basic registry is up and running! Now let’s secure it a bit: Private Docker Registry Part 2: let’s add basic authentication
