DEV Community

Cover image for Private Docker Repository
James Linden
James Linden

Posted on

Private Docker Repository

#docker

The normal way to setup a private Docker repository is to simply use the container which has it all setup. This works really well for a lot of cases. I recently deployed a private repo where I need an implementation that was a bit easier to manage with existing tooling and infrastructure. Basically, this meant not running docker for the repo and integration with an existing authentication framework.

Instructions are CentOS 7 specific, but shouldn't be too hard to map to your distribution of choice.

nginx is used as a proxy to terminate TLS and handle the federated authentication, leaving the docker repository service running on localhost only.

Install

Repos: CentOS Extras, Docker-CE, (possibly EPEL)
Packages: docker-distribution, docker-ce, nginx

Configure

docker-distribution

I only customized the rootdirectory and http addr. See Docker's documentation.
/etc/docker-distribution/registry/config.yml (select parts)

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    layerinfo: inmemory
  filesystem:
     rootdirectory: /path/to/storage/repo
http:
   addr: localhost:5000
Enter fullscreen mode Exit fullscreen mode

nginx

(Not including SSL and federated authentication)

/etc/nginx/conf.d/docker.conf

server {
   server_name myrepo.mydomain;
   listen 443 ssl;
   # omit SSL directives here
   client_max_body_size 0;
   # This just has a simple HTML info page
   root /path/to/storage/docroot;
   index index.html;
   # proxy docker API
   location /v2 {
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host myrepo.mydomain;
      proxy_pass http://localhost:5000;
   }
}
Enter fullscreen mode Exit fullscreen mode

docker

(This is optional. I use it to do local admin and some maintenance scripts.

/etc/docker/daemon.json

{
   "data-root": "/path/to/storage/root"
}
Enter fullscreen mode Exit fullscreen mode

Run and Test

docker-distribution 

systemctl start docker-distribution
systemctl enable docker-distribution
Enter fullscreen mode Exit fullscreen mode

Verify 

curl http://localhost:5000/v2/_catalog
Enter fullscreen mode Exit fullscreen mode

Should return an empty repository list

{
   "repositories": []
}
Enter fullscreen mode Exit fullscreen mode

nginx 

systemctl start nginx
systemctl enable nginx
Enter fullscreen mode Exit fullscreen mode

Verify 

curl https://myrepo.mydomain/
Enter fullscreen mode Exit fullscreen mode

Should return whatever you put at /path/to/storage/docroot/index.html

curl https://myrepo.mydomain/v2/_catalog
Enter fullscreen mode Exit fullscreen mode

Should return an empty repository list

{
   "repositories": []
}
Enter fullscreen mode Exit fullscreen mode

docker 

systemctl start docker
systemctl enable docker
Enter fullscreen mode Exit fullscreen mode

Verify 

docker info
Enter fullscreen mode Exit fullscreen mode

Should return some information about your docker installation (including the customized root path).

You have now setup a local Docker repository which will work just like the docker container based one.

Top comments (0)

Read next

manuartero profile image

Fix an issue on my Dockerfile: ARG Scope in Multi-Stage Docker Build

Manuel Artero Anguita 🟨 -

giulianaolmos profile image

Technical Interview - Boilerplate 1 - Node + Typescript + PostgreSQL

Giuliana Olmos -

shaiksalam9182 profile image

Introduction to Kubernetes and AWS EKS - Part 1

Salam Shaik -

devkishor8007 profile image

Nodejs | Docker | Multi-stage

Kishor Kc -