DEV Community

Cover image for Private Docker Repository
James Linden
James Linden

Posted on

Private Docker Repository

The normal way to setup a private Docker repository is to simply use the container which has it all setup. This works really well for a lot of cases. I recently deployed a private repo where I need an implementation that was a bit easier to manage with existing tooling and infrastructure. Basically, this meant not running docker for the repo and integration with an existing authentication framework.

Instructions are CentOS 7 specific, but shouldn't be too hard to map to your distribution of choice.

nginx is used as a proxy to terminate TLS and handle the federated authentication, leaving the docker repository service running on localhost only.

Install

Repos: CentOS Extras, Docker-CE, (possibly EPEL)
Packages: docker-distribution, docker-ce, nginx

Configure

docker-distribution

I only customized the rootdirectory and http addr. See Docker's documentation.
/etc/docker-distribution/registry/config.yml (select parts)

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    layerinfo: inmemory
  filesystem:
     rootdirectory: /path/to/storage/repo
http:
   addr: localhost:5000
Enter fullscreen mode Exit fullscreen mode

nginx

(Not including SSL and federated authentication)

/etc/nginx/conf.d/docker.conf

server {
   server_name myrepo.mydomain;
   listen 443 ssl;
   # omit SSL directives here
   client_max_body_size 0;
   # This just has a simple HTML info page
   root /path/to/storage/docroot;
   index index.html;
   # proxy docker API
   location /v2 {
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host myrepo.mydomain;
      proxy_pass http://localhost:5000;
   }
}
Enter fullscreen mode Exit fullscreen mode

docker

(This is optional. I use it to do local admin and some maintenance scripts.

/etc/docker/daemon.json

{
   "data-root": "/path/to/storage/root"
}
Enter fullscreen mode Exit fullscreen mode

Run and Test

docker-distribution

systemctl start docker-distribution
systemctl enable docker-distribution
Enter fullscreen mode Exit fullscreen mode

Verify

curl http://localhost:5000/v2/_catalog
Enter fullscreen mode Exit fullscreen mode

Should return an empty repository list

{
   "repositories": []
}
Enter fullscreen mode Exit fullscreen mode

nginx

systemctl start nginx
systemctl enable nginx
Enter fullscreen mode Exit fullscreen mode

Verify

curl https://myrepo.mydomain/
Enter fullscreen mode Exit fullscreen mode

Should return whatever you put at /path/to/storage/docroot/index.html

curl https://myrepo.mydomain/v2/_catalog
Enter fullscreen mode Exit fullscreen mode

Should return an empty repository list

{
   "repositories": []
}
Enter fullscreen mode Exit fullscreen mode

docker

systemctl start docker
systemctl enable docker
Enter fullscreen mode Exit fullscreen mode

Verify

docker info
Enter fullscreen mode Exit fullscreen mode

Should return some information about your docker installation (including the customized root path).


You have now setup a local Docker repository which will work just like the docker container based one.

Top comments (0)