A Docker registry is a storage and content delivery system that holds named Docker images, available in different tagged versions. Users using Docker interact with a registry by using docker push and docker pull commands.
Sometimes it makes sense to store Docker images on a local registry rather than pushing them to Docker hub.
You’ll save a lot of bandwidth for a big team and keep the images that you don’t want to be exposed to the public safe. Creating a local docker registry on CentOS 7 is a matter of following few steps.
For installation of Docker on different distributions refer to How to install Docker CE on Ubuntu / Debian / Fedora / Arch / CentOS 7
Install and Configure Docker Registry on CentOS 7
Follow these steps to have docker registry installed and configured on your CentOS 7 server.
Step 1: Install docker registry package (docker-distribution)
The docker-distribution package on CentOS 7.4 is available on extras repository. You may need to enable it if it’s disabled on your CentOS 7 system.
$ sudo yum -y update $ sudo yum -y install docker-distribution
Step 2: Configure Docker registry
Docker registry configuration file is found on /etc/docker-distribution/registry/config.yml. Its format in YAML. If you need to make any modifications, do it here. Sample configuration file is shown below:
[pastacode lang=”haml” manual=”version%3A%200.1%0Alog%3A%0A%20%20fields%3A%0A%20%20%20%20service%3A%20registry%0Astorage%3A%0A%20%20%20%20cache%3A%0A%20%20%20%20%20%20%20%20layerinfo%3A%20inmemory%0A%20%20%20%20filesystem%3A%0A%20%20%20%20%20%20%20%20rootdirectory%3A%20%2Fvar%2Flib%2Fregistry%0Ahttp%3A%0A%20%20%20%20addr%3A%20%3A5000″ message=”” highlight=”” provider=”manual”/]
From the default configuration file:
- /var/lib/registry is the directory where docker images will be stored
- The service will bind to port 5000 on all network interfaces
If you have SELinux enabled, you may encounter a problem using port 5000, consider disabling SELinux or putting it on permissive mode if you get issues.
If firewalld is enabled and running, allow the port on the firewall.
# firewall-cmd --add-port=5000/tcp --permanent # firewall-cmd --reload
Step 3: Start docker registry service
You can now start the service and set it to start on boot.
# systemctl start docker-distribution # systemctl enable docker-distribution
Confirm docker-distribution service is running:
[pastacode lang=”bash” manual=”%23%20systemctl%20status%20docker-distribution%0A%E2%97%8F%20docker-distribution.service%20-%20v2%20Registry%20server%20for%20Docker%0A%20%20%20Loaded%3A%20loaded%20(%2Fusr%2Flib%2Fsystemd%2Fsystem%2Fdocker-distribution.service%3B%20disabled%3B%20vendor%20preset%3A%20disabled)%0A%20%20%20Active%3A%20active%20(running)%20since%20Sat%202018-03-31%2014%3A31%3A16%20EDT%3B%202min%2020s%20ago%0A%20Main%20PID%3A%2016262%20(registry)%0A%20%20%20CGroup%3A%20%2Fsystem.slice%2Fdocker-distribution.service%0A%20%20%20%20%20%20%20%20%20%20%20%E2%94%94%E2%94%8016262%20%2Fusr%2Fbin%2Fregistry%20serve%20%2Fetc%2Fdocker-distribution%2Fregistry%2F…” message=”” highlight=”” provider=”manual”/]
Confirm that you can access port 5000
# telnet 127.0.0.1 5000 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.
Step 4: Add Insecure Registry to Docker Engine
By default, docker uses https to connect to docker registry. But there can be use cases to use an insecure registry, especially if you’re on a trusted network. This eliminates the need for a CA-signed certificate for internal use or to trust self-signed certificate in all docker nodes. Here are the steps to add Insecure Registry to Docker Engine.
For Ubuntu Xenial, edit /etc/docker/daemon.json and update the key “insecure-registries”. e.g.
{
"insecure-registries" : ["myregistry.local:5000"]
}
For CentOS 7, edit the file /etc/docker/daemon.json, e.g.
{
"insecure-registries" : ["myregistry.local:5000"]
}
For Ubuntu trusty, edit the file /etc/default/docker and update DOCKER_OPTS, e.g
DOCKER_OPTS='--insecure-registry myregistry.local:5000'
Then restart Docker engine
# systemctl restart docker
Step 5: Pushing Docker images to the local registry
Now that the registry is ready, you can start pushing docker images to it. If you don’t have an active DNS server, use /etc/hosts file to map the hostname to IP Address.
# cat /etc/hosts 192.168.1.23 myregistry.local
I’ll download ubuntu:16.04 docker image from Docker hub and push it to my local Docker registry.
# docker pull ubuntu:16.04
Tag the image as myregistry.local:5000/ubuntu:16.04. This creates an additional tag for the existing image. When the first part of the tag is a hostname and port, Docker interprets this as the location of a registry, when pushing.
# docker tag ubuntu:16.04 myregistry.local:5000/ubuntu:16.04
Push the image to the local registry running at myregistry.local:5000/ubuntu:16
# docker push myregistry.local:5000/ubuntu:16.04 The push refers to repository [myregistry.local:5000/ubuntu] db584c622b50: Pushed 52a7ea2bb533: Pushed 52f389ea437e: Pushed 88888b9b1b5b: Pushed a94e0d5a7c40: Pushed 16.04: digest: sha256:52286464db54577a128fa1b1aa3c115bd86721b490ff4cbd0cd14d190b66c570 size: 1357
If the image upload was successful, you should get sha256 hash at the end. Pushed images are stored under /var/lib/registry/docker/registry/v2/repositories directory.
# ls /var/lib/registry/docker/registry/v2/repositories ubuntu
This is the same method you’ll use to push custom docker images. To download docker images on the local registry, use the command:
# docker pull registry-hostname:500/image:tag E.g # docker pull myregistry.local:5000/ubuntu:16.04
On my next guide, I’ll cover configuring nginx proxy for accessing the repository over https.
You can also take a look at Install Docker UI manager – Portainer
