Monday, June 14, 2021

Docker Registry in Detail

Store Docker Images into Docker Registry (insecurely)

Consideration  for this example

IP address of Registry server is

Step1:-  Let's Tag an image with Run below commands on Registry server

    Remove all the containers
       docker rm -f $(docker ps -a -q)

    Pull the docker image nginx (  you can take any image)   

         docker pull nginx

     Tag the image with private ip adderss of Registry server

           docker image tag nginx

    Verify Image got created 

          docker images

    Create Docker registry container

      docker container run -d -p 5000:5000 --name local_registry registry

    Below command will throw the error because my repiostry is not secure 

    docker push

   Error:-> Get http: server gave HTTP response to HTTPS client


 If you want to push the insecure registry then create a file /etc/docker/daemon.json and enter below lines and save the file(Please change IP as per your docker host system ip



     "insecure-registries": [""]


  Restart Docker daemon

   systemctl restart docker

 Start docker registry container

    docker start local_registry 

  Push nginx repiostry , it should be pushed to docker registry without any error

   docker push

How to pull insecure registry on remote system

Take another Virtual Machine that is in the same network and install docker into that remote machine

Install docker

   apt update && apt install -y

If you want to push the insecure registry then create a file /etc/docker/daemon.json and enter below lines and save the file(Please change IP as per your docker host system ip



     "insecure-registries": [""]


    Restart Docker daemon

     systemctl restart docker

   Pull the Docker Registry image

     docker pull

   Verify image is available on this system

     docker images

How to create secure Regsitry

 First remove daemon.json file on Docker Registry and Remote System

       rm /etc/docker/daemon.json

 Restart docker service

     systemctl restart docker

 On Docker Registry Server remove local_registry Container ( if it is in running state)

   docker rm -f local_registry

 Create a directory to keep the certificates on Docker Registry Server

  mkdir /certs 

 Create a directory certs in /etc/docker directory

  mkdir /etc/docker/certs.d

 Create a directory for images

  mkdir /my_repo  

 Create a self signed certificate with openssl utility.

  openssl req  -newkey rsa:4096 -nodes -sha256 -keyout /certs/domain.key -x509 -days 365 -out /certs/domain.crt

it asks some optional questions but the mandatory step is to provide common name

   Common Name :-  repo.docker.kmit  ( you can give any name)

Create a directory with   repo.docker.kmit:5000 under /etc/docker/certs.d directory

  mkdir -p /etc/docker/certs.d/repo.docker.kmit:5000

Goto /certs directory

  cd /certs

Copy /certs/domain.crt file to  /etc/docker/certs.d/repo.docker.kmit:5000 with name ca.crt

  cp domain.crt /etc/docker/certs.d/repo.docker.kmit\:5000/ca.crt

Run a secure registry

docker run -d -p 5000:5000 -v /my_repo:/var/lib/registry -v /certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key --restart on-failure --name myregistry registry

Resolve repo.docker.kmit name by adding entry in /etc/hosts file ( is docker host ip) repo.docker.kmit

Download any image and tag it as repo.docker.kmit:5000

  docker pull mysql

  docker image tag mysql  repo.docker.kmit:5000/mysql

 Push it to docker registry

  docker push repo.docker.kmit:5000/mysql

How to pull Images securely on Client or Remote System

 Login to remote system which is on same network and docker is installed on it.

Resolve repo.docker.kmit name by adding entry in /etc/hosts file ( is docker registry ip) repo.docker.kmit

Create a directory /etc/docker/certs.d/repo.docker.kmit:5000

mkdir -p /etc/docker/certs.d/repo.docker.kmit:5000

 Copy valid certificate domain.crt file from docker Registry server  and keep it at /etc/docker/certs.d/repo.docker.kmit\:5000/

Pull docker image from docker registry and it will be sucessfull

   docker pull repo.docker.kmit:5000/mysql




Post a Comment