DEV Community

Cover image for Private Docker Repository
James Linden
James Linden

Posted on

Private Docker Repository

#docker

The normal way to setup a private Docker repository is to simply use the container which has it all setup. This works really well for a lot of cases. I recently deployed a private repo where I need an implementation that was a bit easier to manage with existing tooling and infrastructure. Basically, this meant not running docker for the repo and integration with an existing authentication framework.

Instructions are CentOS 7 specific, but shouldn't be too hard to map to your distribution of choice.

nginx is used as a proxy to terminate TLS and handle the federated authentication, leaving the docker repository service running on localhost only.

Install

Repos: CentOS Extras, Docker-CE, (possibly EPEL)
Packages: docker-distribution, docker-ce, nginx

Configure

docker-distribution

I only customized the rootdirectory and http addr. See Docker's documentation.
/etc/docker-distribution/registry/config.yml (select parts)

version: 0.1 log: fields: service: registry storage: cache: layerinfo: inmemory filesystem: rootdirectory: /path/to/storage/repo http: addr: localhost:5000
Enter fullscreen mode Exit fullscreen mode

nginx

(Not including SSL and federated authentication)

/etc/nginx/conf.d/docker.conf

server { server_name myrepo.mydomain; listen 443 ssl; # omit SSL directives here client_max_body_size 0; # This just has a simple HTML info page root /path/to/storage/docroot; index index.html; # proxy docker API location /v2 { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host myrepo.mydomain; proxy_pass http://localhost:5000; } }
Enter fullscreen mode Exit fullscreen mode

docker

(This is optional. I use it to do local admin and some maintenance scripts.

/etc/docker/daemon.json

{ "data-root": "/path/to/storage/root" }
Enter fullscreen mode Exit fullscreen mode

Run and Test

docker-distribution 

systemctl start docker-distribution systemctl enable docker-distribution
Enter fullscreen mode Exit fullscreen mode

Verify 

curl http://localhost:5000/v2/_catalog
Enter fullscreen mode Exit fullscreen mode

Should return an empty repository list

{ "repositories": [] }
Enter fullscreen mode Exit fullscreen mode

nginx 

systemctl start nginx systemctl enable nginx
Enter fullscreen mode Exit fullscreen mode

Verify 

curl https://myrepo.mydomain/
Enter fullscreen mode Exit fullscreen mode

Should return whatever you put at /path/to/storage/docroot/index.html

curl https://myrepo.mydomain/v2/_catalog
Enter fullscreen mode Exit fullscreen mode

Should return an empty repository list

{ "repositories": [] }
Enter fullscreen mode Exit fullscreen mode

docker 

systemctl start docker systemctl enable docker
Enter fullscreen mode Exit fullscreen mode

Verify 

docker info
Enter fullscreen mode Exit fullscreen mode

Should return some information about your docker installation (including the customized root path).

You have now setup a local Docker repository which will work just like the docker container based one.

Top comments (0)