How to Set up a Private Docker Registry on Ubuntu 22.04| Kamatera

A Docker Registry is a secure repository for Docker container images. In this guide, we will walk you through setting up your own private Docker Registry on an Ubuntu 22.04 server. This is useful for keeping your Docker images private or when working with proprietary software.

Prerequisites

Before we begin, ensure you have the following:

Two Ubuntu 22.04 Servers: You’ll need one server to host your private Docker Registry and another to act as the client.
Docker Installed: Make sure you have Docker installed on both servers. You can follow the Docker installation instructions for Ubuntu 22.04 if you haven’t already.
Docker Compose: Install Docker Compose on your host server. Refer to the official Docker Compose installation guide.
NGINX: NGINX is a web server we’ll use for port forwarding. Install it on your host server using your system’s package manager.
NGINX with Let’s Encrypt: Secure your NGINX server using Let’s Encrypt for HTTPS. Configure it to redirect HTTP to HTTPS.
Domain Name: You’ll need a registered domain name that points to your host server. This will be used to access your private Docker Registry.

Step 1: Installing and Configuring the Docker Registry

Create a directory for your Docker Registry configuration:

   ```bash

   mkdir ~/docker-registry

   cd ~/docker-registry

   ```

Create a subdirectory to store registry data:

   ```bash

   mkdir data

   ```

Create a `docker-compose.yml` file for your Docker Registry configuration:

   ```bash

   nano docker-compose.yml

   ```

Add the following lines to your `docker-compose.yml` file:

   ```yaml

   version: '3'

   services:

     registry:

       image: registry:latest

       ports:

       - "5000:5000"

       environment:

         REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data

       volumes:

         - ./data:/data

   ```

Save and close the file.

Start your Docker Registry configuration:

   ```bash

   docker-compose up

   ```

Your Docker Registry container is now running. You can stop it later by pressing `CTRL+C`.

Step 2: Setting Up NGINX Port Forwarding

Open your NGINX configuration file for your domain:

   ```bash

   sudo nano /etc/nginx/sites-available/your_domain

   ```

Modify the `location /` block as follows:

   ```nginx

   location / {

       # Do not allow connections from older Docker clients

       if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$") {

           return 404;

       }

 

       proxy_pass                          http://localhost:5000;

       proxy_set_header  Host              $http_host;   # required for Docker client

       proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP

       proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;

       proxy_set_header  X-Forwarded-Proto $scheme;

       proxy_read_timeout                  900;

   }

   ```

Save and close the file.

Restart Nginx to apply the changes:

   ```bash

   sudo systemctl restart nginx

   ```

Your NGINX server is now forwarding traffic to your Docker Registry.

Step 3: Setting Up Authentication

Install the `apache2-utils` package for `htpasswd`:

   ```bash

   sudo apt install apache2-utils -y

   ```

Create a directory to store authentication credentials:

   ```bash

   mkdir ~/docker-registry/auth

   cd ~/docker-registry/auth

   ```

Create the first user for authentication (replace `username` with your desired username):

   ```bash

   htpasswd -Bc registry.password username

   ```

You will be prompted to set a password for the user.

Edit your `docker-compose.yml` file again:

   ```bash

   nano ~/docker-registry/docker-compose.yml

   ```

Add the following environment variables to your `docker-compose.yml` file:

```yaml

   environment:

     REGISTRY_AUTH: htpasswd

     REGISTRY_AUTH_HTPASSWD_REALM: Registry

     REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password

   ```

Save and close the file.

Start your Docker Registry again:

   ```bash

   docker-compose up -d

   ```

Your registry is now secured with basic authentication.

Step 4: Starting Docker Registry as a Service

Edit your `docker-compose.yml` file once more:

   ```bash

   nano ~/docker-registry/docker-compose.yml

   ```

Add the following line to the `registry` service block:

   ```yaml

   restart: always

   ```

Save and close the file.

Start your Docker Registry as a background process:

   ```bash

   docker-compose up -d

   ```

Your Docker Registry will now start automatically on system boot and recover from crashes.

Step 5: Increasing File Upload Size for NGINX

Open your NGINX configuration file for editing:

   ```bash

   sudo nano /etc/nginx/nginx.conf

   ```

Add the following line within the `http` section to increase the maximum file upload size to 16GB:

   ```nginx

   client_max_body_size 16384m;

   ```

Save and close the file.

Restart NGINX to apply the changes:

   ```bash

   sudo systemctl restart nginx

   ```

Nginx is now configured to accept larger file uploads.

Step 6: Publishing to Your Private Docker Registry

On your client server, log in to your Docker Registry with the username and password:

   ```bash

   docker login https://your_domain

   ```

Rename the image you want to push:

   ```bash

   docker tag test-image your_domain/test-image

   ```

Push the image to your private registry:

   ```bash

   docker push your_domain/test-image

   ```

Your image is now securely stored in your private Docker Registry.

Step 7: Pulling From Your Private Docker Registry

On your main server, log in to your Docker Registry:

   ```bash

   docker login https://your_domain

   ```

Pull the image from your private registry:

   ```bash

   docker pull your_domain/test-image

   ```

Run a container using the pulled image:

   ```bash

   docker run -it your_domain/test-image

   ```

This revised tutorial removes specific website links and focuses on the essential steps to set up a private Docker Registry on Ubuntu 22.04. You should replace placeholders like `your_domain` and customize it according to your needs.