Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / operating-systems / Linux

Docker Private Registry on CentOS

0.00/5 (No votes)
18 Feb 2019CPOL1 min read 5.2K  
Docker Private registry on CentOS

Introduction

Most IT companies won't provide Internet facility to production systems, but Docker hub needs internet and it is less secure (available to all). In order to secure our Docker images, we have to save Images locally in a Private Docker Registry.

When we have a large number of docker hosts in our environment, creating our own Private Docker Registry within internal network helps us to manage images from a private server without the need to provide internet access to docker clients.

Required

  • Docker Registry Host: k8s-master.com
  • Client: k8s-client.com
  • Operating system: CentOS
  • Docker Version: 18.06
  • Internet: Required on Registry server to pull images from Docker hub

Note: Docker setup is mandatory on both Docker Registry and client machines For Docker Private Registry.

Private Docker Registry Setup

  1. Create a directory and place your TTL certificates in that directory if you don't have TTL Certificates, create SSL certificate to secure our Docker private registry:
    mkdir -p /data/certs
    cp domain.crt domain.key /data/certs/ 
    openssl req \
      -newkey rsa:4096 -nodes -sha256 -keyout /data/certs/domain.key \
      -x509 -days 365 -out /data/certs/domain.crt (if you don't have original TTL Certificates).
  2. Create a directory to store Docker images:
    mkdir -p /data/images 
  3. Run Docker registry container in docker host machine:
     docker run -d -p 6000:5000 \
    -v /data/images:/var/lib/registry \
    -v /data/certs:/certs \
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
    -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
    --restart on-failure \
    --name registry \
    docker.io/registry
  4. Check the Docker registry container status on Host machine and the listening port in linux:
    docker ps
    netstat -tulpn | grep 6000
  5. Pull images from Docker hub and push them to private Docker hub:
    docker pull nginx 
    docker tag nginx localhost:6000/nginx
  6. Verify the Docker images pushed to private registry:
    ll data/images/docker/registry/v2/repositories/
  7. Copy the TTL Certificates from host machine to client machines:
    scp -r /data/certs/* <IP-Addr-Clent>:/root/

Operations Required on Client Machine

  1. Docker client to use our TTL/SSL certificate.
    mkdir -p /etc/docker/certs.d/k8s-master.com:6000/
    cp -rf /root/tcsmkrishi.crt /etc/docker/certs.d/k8s-master.com:6000/
  2. Pull the image from docker private registry and use it.
    docker pull k8s-master.com:6000/nginx
    docker push k8s-master.com:6000/nginx

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)