Installing & Configuring Offline Docker registry with authentication
Quote from moshe on 15/10/2020, 10:11 pmOverview
A registry is a storage and content delivery system, holding named Docker images, available in different tagged versions. Running your own Registry is a great solution to integrate with and complement your CI/CD system. In a typical workflow, a commit to your source revision control system would trigger a build on your CI system, which would then push a new image to your Registry if the build is successful. A notification from the Registry would then trigger a deployment on a staging environment, or notify other systems that a new image is available. It’s also an essential component if you want to quickly deploy a new image over a large cluster of machines. Finally, it’s the best way to distribute images inside an isolated network.
Prerequisites
- Docker
- Docker-compose
- DNS name for your registry for example: registry.tracston.com
Installation
Follow this steps to install your offline registry with authentication and self signed certificates
Create the following directories under your repository storage
mkdir ./auth
mkdir ./certs
mkdir ./storage
Generate self-signed SSL certificate to use with your registry
The keys will be used for:
- Docker Registry
- Nginx
- connect to the remote registry
openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
Create / Add the following the following actions in the /etc/docker
Registry file:
echo “{” >> /etc/docker/daemon.json
echo ” \”insecure-registries\” : [\”registry.tracston.com\”]” >> /etc/docker/daemon.json
echo “}”
Certificates file:
mkdir /etc/docker/certs.d/registry.tracston.com
Either copy it from the domain.crt
cp certs/domain.crt /etc/docker/certs.d/registry.tracston.com/ca.crt
Or import it from your registry after its up and running
openssl s_client -showcerts -connect $OFFLINE_REPOSITORY < /dev/null | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > /etc/docker/certs.d//$OFFLINE_REPOSITORY/ca.crt
Create Registry with certificates and without authentication
docker run -d \
–restart=always \
–name registry \
-v “$(pwd)”/auth:/auth \
-v `pwd`/certs:/certs \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-p 443:443 \
registry:2
Create Registry with authentication with Nginx proxy
Create file docker-compose.yml
nginx:
image: “nginx:alpine”
ports:
– 443:443
links:
– registry:registry
volumes:
– ./auth:/etc/nginx/conf.d
– ./auth/nginx.conf:/etc/nginx/nginx.conf:ro
registry:
image: registry:2
volumes:
– ./storage:/var/lib/registry
Create htpasswd file under auth directory
htpasswd -c ./auth/htpasswd user
If you already have htpasswd file add a user
htpasswd htpasswd admin
Run the command in the directory to start docker-compose and enable nginx + registry
docker-compose up -d
Authenticate to your registry
docker login registry.tracston.com
Username:
Password:
Pulling Images from Docker.io registry to local offline registry
docker pull docker.io/tracston/ai-observer:L1.0.2
docker tag docker.io/tracston/ai-observer:L1.0.2 registry.tracston.com:443/ai-observer
docker tag docker.io/tracston/ai-observer:L1.0.2 registry.tracston.com:443/ai-observer:L1.0.2
docker push $OFFLINE_REPOSITORY/ai-observer:L1.0.2
## Remove Docker hub Image from local repository
docker image rm docker.io/tracston/ai-observer:L1.0.2
Add All images to your local registry
Overview
A registry is a storage and content delivery system, holding named Docker images, available in different tagged versions. Running your own Registry is a great solution to integrate with and complement your CI/CD system. In a typical workflow, a commit to your source revision control system would trigger a build on your CI system, which would then push a new image to your Registry if the build is successful. A notification from the Registry would then trigger a deployment on a staging environment, or notify other systems that a new image is available. It’s also an essential component if you want to quickly deploy a new image over a large cluster of machines. Finally, it’s the best way to distribute images inside an isolated network.
Prerequisites
- Docker
- Docker-compose
- DNS name for your registry for example: registry.tracston.com
Installation
Follow this steps to install your offline registry with authentication and self signed certificates
Create the following directories under your repository storage
mkdir ./auth
mkdir ./certs
mkdir ./storage
Generate self-signed SSL certificate to use with your registry
The keys will be used for:
- Docker Registry
- Nginx
- connect to the remote registry
openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
Create / Add the following the following actions in the /etc/docker
Registry file:
echo “{” >> /etc/docker/daemon.json
echo ” \”insecure-registries\” : [\”registry.tracston.com\”]” >> /etc/docker/daemon.json
echo “}”
Certificates file:
mkdir /etc/docker/certs.d/registry.tracston.com
Either copy it from the domain.crt
cp certs/domain.crt /etc/docker/certs.d/registry.tracston.com/ca.crt
Or import it from your registry after its up and running
openssl s_client -showcerts -connect $OFFLINE_REPOSITORY < /dev/null | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > /etc/docker/certs.d//$OFFLINE_REPOSITORY/ca.crt
Create Registry with certificates and without authentication
docker run -d \
–restart=always \
–name registry \
-v “$(pwd)”/auth:/auth \
-v `pwd`/certs:/certs \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-p 443:443 \
registry:2
Create Registry with authentication with Nginx proxy
Create file docker-compose.yml
nginx:
image: “nginx:alpine”
ports:
– 443:443
links:
– registry:registry
volumes:
– ./auth:/etc/nginx/conf.d
– ./auth/nginx.conf:/etc/nginx/nginx.conf:ro
registry:
image: registry:2
volumes:
– ./storage:/var/lib/registry
Create htpasswd file under auth directory
htpasswd -c ./auth/htpasswd user
If you already have htpasswd file add a user
htpasswd htpasswd admin
Run the command in the directory to start docker-compose and enable nginx + registry
docker-compose up -d
Authenticate to your registry
docker login registry.tracston.com
Username:
Password:
Pulling Images from Docker.io registry to local offline registry
docker pull docker.io/tracston/ai-observer:L1.0.2
docker tag docker.io/tracston/ai-observer:L1.0.2 registry.tracston.com:443/ai-observer
docker tag docker.io/tracston/ai-observer:L1.0.2 registry.tracston.com:443/ai-observer:L1.0.2
docker push $OFFLINE_REPOSITORY/ai-observer:L1.0.2
## Remove Docker hub Image from local repository
docker image rm docker.io/tracston/ai-observer:L1.0.2
Add All images to your local registry