The normal way to setup a private Docker repository is to simply use the container which has it all setup. This works really well for a lot of cases. I recently deployed a private repo where I need an implementation that was a bit easier to manage with existing tooling and infrastructure. Basically, this meant not running docker for the repo and integration with an existing authentication framework.
Instructions are CentOS 7 specific, but shouldn't be too hard to map to your distribution of choice.
nginx is used as a proxy to terminate TLS and handle the federated authentication, leaving the docker repository service running on localhost only.
Install
Repos: CentOS Extras, Docker-CE, (possibly EPEL)
Packages: docker-distribution, docker-ce, nginx
Configure
docker-distribution
I only customized the rootdirectory and http addr. See Docker's documentation.
/etc/docker-distribution/registry/config.yml (select parts)
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /path/to/storage/repo
http:
addr: localhost:5000
nginx
(Not including SSL and federated authentication)
/etc/nginx/conf.d/docker.conf
server {
server_name myrepo.mydomain;
listen 443 ssl;
# omit SSL directives here
client_max_body_size 0;
# This just has a simple HTML info page
root /path/to/storage/docroot;
index index.html;
# proxy docker API
location /v2 {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host myrepo.mydomain;
proxy_pass http://localhost:5000;
}
}
docker
(This is optional. I use it to do local admin and some maintenance scripts.
/etc/docker/daemon.json
{
"data-root": "/path/to/storage/root"
}
Run and Test
docker-distribution
systemctl start docker-distribution
systemctl enable docker-distribution
Verify
curl http://localhost:5000/v2/_catalog
Should return an empty repository list
{
"repositories": []
}
nginx
systemctl start nginx
systemctl enable nginx
Verify
curl https://myrepo.mydomain/
Should return whatever you put at /path/to/storage/docroot/index.html
curl https://myrepo.mydomain/v2/_catalog
Should return an empty repository list
{
"repositories": []
}
docker
systemctl start docker
systemctl enable docker
Verify
docker info
Should return some information about your docker installation (including the customized root path).
You have now setup a local Docker repository which will work just like the docker container based one.
Top comments (0)