Forum Navigation
You need to log in to create posts and topics.

Installing & Configuring Offline Docker registry with authentication

Overview

A registry is a storage and content delivery system, holding named Docker images, available in different tagged versions. Running your own Registry is a great solution to integrate with and complement your CI/CD system. In a typical workflow, a commit to your source revision control system would trigger a build on your CI system, which would then push a new image to your Registry if the build is successful. A notification from the Registry would then trigger a deployment on a staging environment, or notify other systems that a new image is available. It’s also an essential component if you want to quickly deploy a new image over a large cluster of machines. Finally, it’s the best way to distribute images inside an isolated network.

Prerequisites

Installation

Follow this steps to install your offline registry with authentication and self signed certificates

Create the following directories under your repository storage

mkdir ./auth

mkdir ./certs

mkdir ./storage

Generate self-signed SSL certificate to use with your registry

The keys will be used for:

  • Docker Registry
  • Nginx
  • connect to the remote registry

openssl req   -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key   -x509 -days 365 -out certs/domain.crt

Create / Add the following the following actions in the /etc/docker

Registry file:

echo “{” >> /etc/docker/daemon.json

echo ” \”insecure-registries\” : [\”registry.tracston.com\”]” >> /etc/docker/daemon.json

echo “}”

Certificates file:

mkdir /etc/docker/certs.d/registry.tracston.com

Either copy it from the domain.crt

cp certs/domain.crt /etc/docker/certs.d/registry.tracston.com/ca.crt

Or import it from your registry after its up and running

openssl s_client -showcerts -connect $OFFLINE_REPOSITORY < /dev/null | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > /etc/docker/certs.d//$OFFLINE_REPOSITORY/ca.crt

Create Registry with certificates and without authentication

docker run -d \

          –restart=always \

          –name registry \

          -v “$(pwd)”/auth:/auth \

          -v `pwd`/certs:/certs \

          -v `pwd`/certs:/certs \

          -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \

          -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \

          -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \

          -p 443:443 \

          registry:2

Create Registry with authentication with Nginx proxy

Create file docker-compose.yml

nginx:

image: “nginx:alpine”

ports:

– 443:443

links:

– registry:registry

volumes:

– ./auth:/etc/nginx/conf.d

– ./auth/nginx.conf:/etc/nginx/nginx.conf:ro

registry:

image: registry:2

volumes:

– ./storage:/var/lib/registry

Create htpasswd file under auth directory

htpasswd -c ./auth/htpasswd  user

If you already have htpasswd file add a user

htpasswd htpasswd  admin

Run the command in the directory to start docker-compose and enable nginx + registry

 docker-compose up -d

Authenticate to your registry

docker login registry.tracston.com

Username:

Password:

Pulling Images from Docker.io registry to local offline registry

docker pull docker.io/tracston/ai-observer:L1.0.2

docker tag  docker.io/tracston/ai-observer:L1.0.2 registry.tracston.com:443/ai-observer

docker tag  docker.io/tracston/ai-observer:L1.0.2 registry.tracston.com:443/ai-observer:L1.0.2

docker push $OFFLINE_REPOSITORY/ai-observer:L1.0.2

## Remove Docker hub Image from local repository

docker image rm docker.io/tracston/ai-observer:L1.0.2

Add All images to your local registry

If you have found my website, guides, articles or videos useful, please buy me a coffee