Docker Hub (hub.docker.com) provides a great and Free service for pushing, and pulling of course, Docker containers. Many of the major software providers use Docker Hub for their primary container distribution, and you yourself can create an account and push your own images.
They do, however, only allow one free private repository. This may not be an issue if you are only looking for hosting your images public. And that you also have taken the precaution not to include any secrets in the container image, accidental or otherwise…
Luckily, it’s a walk in the park to deploy an Ubuntu server and roll your own!
First, deploy your VM where you see fit. I can personally vouch for Linode.
Second, Install Docker Engine and Docker-Compose. Follow the Official Guide For Docker Engine and install Docker-Compose with:
~$ sudo apt install -y docker-composeThird, Create directory structure and paste the following Docker-Compose YAML:
~$ mkdir -p ~/docker-registry/{auth,data}
~$ cat <<EOF > ~/docker-registry/docker-compose.yaml
> version: '3'
services:
registry:
restart: always
image: registry:2
ports:
- "5000:5000"
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry
REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
volumes:
- ./auth:/auth
- ./data:/data
> EOFForth, Install htpasswd and create your first docker-registry user.
~$ sudo apt install apache2-utils -y
~$ htpasswd -Bc ~/docker-registry/auth/registry.password [USERNAME]
... <Password>Fifth, Its recommended to use NGinx as a, with HTTPS, reverse proxy. Here’s the configuration i use.
~$ sudo apt install nginx -y
~$ sudo cat <<EOF > /etc/nginx/sites-available/dockerreg
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dockerreg.tld;
error_log /var/log/nginx/dockerreg-tld-error.log;
access_log /var/log/nginx/dockerreg-tld-access.log;
ssl_certificate /etc/letsencrypt/live/dockerreg.tld/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dockerreg.tld/privkey.pem; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location / {
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
proxy_pass http://localhost:5000;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
} > EOF
~$ sudo ln -s /etc/nginx/sites-available/dockerreg /etc/nginx/site-enabled/dockerreg
~$ sudo systemctl restart nginx(Replace dockerreg with your own domain, and certificate of course)
Sixth, start the Docker Registry as daemon
~$ cd ~/docker-registry/ && docker-compose up -dSeventh, test login to registry
~$ curl -X GET -u <user>:<pass> https://dockerreg.tld/v2/_catalogYou should get an “{}” as response
Eighth, login to your new Docker Registry! 🙂
~$ docker login dockerreg.tld
Username: ...
Password: ...Ninth, push your first image!
# docker build.. docker tag..
~$ docker push dockerreg.tld/imagenameTenth, your are done!
You can now pull the image when authenticated to your hosts/servers.
Build away 👾