Docker Private Registry

Host your a bare bones Docker Repository on Ubuntu (16.04) with SSL and user authentication.

Install docker

Follow instructions on https://docs.docker.com/install/linux/docker-ce/ubuntu/

Make sure to add current user to the docker group. 

Assuming this you are using this server just to host the docker private registry, create everything under the user’s home folder.

~/docker-compose.yml:

registry:
  restart: always
  image: registry:2
  ports:
    - 443:5000
  environment:
    REGISTRY_HTTP_TLS_CERTIFICATE: /letsencrypt/live/your_domain/fullchain.pem
    REGISTRY_HTTP_TLS_KEY: /letsencrypt/live/your_domain/privkey.pem
    REGISTRY_AUTH: htpasswd
    REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    REGISTRY_AUTH_HTPASSWD_REALM: Docker Registry
  volumes:
    - ~/registry/data:/var/lib/registry
    - ~/letsencrypt:/letsencrypt
    - ~/registry/auth:/auth

Let’s Encrypt

You can install certbot on the host or, since you have docker already installed, you can use a docker container and use the DNS challenge.

$ docker run -v ${pwd}/letsencrypt:/etc/letsencrypt -it \
    certbot/certbot certonly \
    --manual --preferred-challenges dns

Note: On Mac, use ${PWD} (instead of ${pwd})

Follow the on-screen instructions. You will need access to configure the DNS in order to create the TXT record.

Add User Script (~/adduser.sh):

docker run \
  --entrypoint htpasswd \
  registry:2 -Bbn $1 $2 >> registry/auth/htpasswd

Note: the script assumes it will be in the user’s home folder.

Run the script to add user(s)

$ ./adduser.sh user_name secret_user_password

Start 

$ docker-compose up -d

Make into a service?

To be continued….