×
Community Blog How to Setup Docker Private Registry on Ubuntu 16.04

How to Setup Docker Private Registry on Ubuntu 16.04

In this tutorial, we will set up our own Docker private registry server on Alibaba Cloud ECS with Ubuntu 16.04.

By Hitesh Jethva, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

Docker private registry is a highly scalable server-side application that can be used to store and distribute the Docker images internally within your organization. Docker also has its own public registry (Docker Hub) that allows you to store Docker images. But, the images you upload on Docker Hub becomes public. Anyone can access and use your images from Docker Hub. So it is not the best option for your organization. Docker private registry allows you to set up a Docker registry for your project privately so that only your organization can store and use Docker images on it. Using Docker private registry, you can easily control your images, fully own your images distribution pipeline, and integrate image storage and distribution tightly into your in-house development workflow. If you want to quickly deploy a new image over a large cluster of machines, then Docker private registry is the best solution for you.

In this tutorial, we will explain how to set up our own Docker private registry server on two Alibaba Cloud Elastic Compute Service (ECS) instances with Ubuntu 16.04.

Requirements

  1. A new Alibaba Cloud instance for registry server with Ubuntu installed.
  2. A new Alibaba Cloud instance for registry client with Ubuntu installed.
  3. A static IP address 192.168.0.101 is set up on the registry server instance and 192.168.0.102 is set up on the registry client instance.
  4. A Root password is setup on the server.

Launch Alibaba Cloud ECS Instance

First, log in to your Alibaba Cloud ECS Console. Create a new ECS instance, choosing Ubuntu 16.04 as the operating system with at least 2GB RAM. Connect to your ECS instance and log in as the root user.

Once you are logged into your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.

apt-get update -y

Configure Host

First, you will need to setup /etc/hosts file in each instance, so each instance can communicate with each other using hostname.

You can setup /etc/hosts file on each instance with the following command:

nano /etc/hosts

Add the following lines:

192.168.0.101 registry-server
192.168.0.102 registry-client

Save and close the file, when you are finished.

Next, you can verify name resolution by running the following command on registry-server instance:

ping registry-client
ping registry-server

Install Docker

Before starting, you will need to install Docker on both instance. By default, the latest version of Docker CE is not available in the Ubuntu 16.04 default repository. So you will need to add Docker CE repository to your system.

First, install the following packages to your system.

apt-get install -y apt-transport-https software-properties-common ca-certificates curl -y

Next, download and add Docker CE GPG key with the following command:

wget https://download.docker.com/linux/ubuntu/gpg 
apt-key add gpg

Next, add the /var/lib/dpkg/lockDocker CE repository to APT:

echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable" | tee /etc/apt/sources.list.d/docker.list

Finally, update the repository and install Docker CE by running the following command:

apt-get update -y
apt-get install docker-ce -y

Once the installation is completed. Check the status of Docker with the following command:

systemctl status docker

Output:

docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2018-08-06 19:49:28 IST; 41s ago
     Docs: https://docs.docker.com
 Main PID: 13024 (dockerd)
   CGroup: /system.slice/docker.service
           ├─13024 /usr/bin/dockerd -H fd://
           └─13054 docker-containerd --config /var/run/docker/containerd/containerd.toml

Aug 06 19:49:27 Node1 dockerd[13024]: time="2018-08-06T19:49:27.240011773+05:30" level=info msg="ClientConn switching balancer to \"pick_first\
Aug 06 19:49:27 Node1 dockerd[13024]: time="2018-08-06T19:49:27.241034794+05:30" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0
Aug 06 19:49:27 Node1 dockerd[13024]: time="2018-08-06T19:49:27.243219799+05:30" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0
Aug 06 19:49:27 Node1 dockerd[13024]: time="2018-08-06T19:49:27.244280675+05:30" level=info msg="Loading containers: start."
Aug 06 19:49:27 Node1 dockerd[13024]: time="2018-08-06T19:49:27.970064077+05:30" level=info msg="Default bridge (docker0) is assigned with an I
Aug 06 19:49:28 Node1 dockerd[13024]: time="2018-08-06T19:49:28.161884804+05:30" level=info msg="Loading containers: done."
Aug 06 19:49:28 Node1 dockerd[13024]: time="2018-08-06T19:49:28.192309817+05:30" level=info msg="Docker daemon" commit=0ffa825 graphdriver(s)=o
Aug 06 19:49:28 Node1 dockerd[13024]: time="2018-08-06T19:49:28.193198210+05:30" level=info msg="Daemon has completed initialization"
Aug 06 19:49:28 Node1 systemd[1]: Started Docker Application Container Engine.

Install Docker Registry

Before starting, you will need to Docker private Registry on registry-server instance. First, download the registry image from the Docker Hub using the following command:

docker pull registry

Output:

Using default tag: latest
latest: Pulling from library/registry
4064ffdc82fe: Pull complete 
c12c92d1c5a2: Pull complete 
4fbc9b6835cc: Pull complete 
765973b0f65f: Pull complete 
3968771a7c3a: Pull complete 
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for registry:latest

Once the registry image downloaded, you will need to generate a self-signed certificate for securing Docker Registry. Because, Docker node uses a secure connection over TLS to upload or download images to or from the private registry.

Go to the registry-server and run the following command to generate certificate:

mkdir /etc/certs
cd /etc/certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

Output:

Generating a 4096 bit RSA private key
.........................++
.........................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Gujarat
Locality Name (eg, city) []:Junagadh
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Alibaba
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:registry-server
Email Address []:hitjethva@gmail.com

You will need to copy generated ca.crt certificate to all registry client system for trusting this certificate.

Now, start Docker registry container with certificate information by running the following command:

docker run -d -p 5000:5000 --restart=always --name registry -v /etc/certs:/etc/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/certs/ca.crt -e REGISTRY_HTTP_TLS_KEY=/etc/certs/ca.key registry

You can now verify the running registry container using the following command:

docker ps

Output:

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                         PORTS                    NAMES
304fa6da95d4        registry            "/entrypoint.sh /etc…"   12 seconds ago      Restarting (1) 3 seconds ago   0.0.0.0:5000->5000/tcp   registry

Create a Docker Image on Regisry Client

Next, you will need to create and build a Docker container image on registry client for uploading it on the private registry server.

Here, we will build an Apache web server image based on Ubuntu 16.04 using Dockerfile.

First, create a Dockerfile using the following command:

mkdir Dockerimage
cd Dockerimage
nano Dockerfile

Add the following lines:

FROM ubuntu:16.04

LABEL project="Apache Web Server Image"
LABEL maintainer "hitjethva@gmail.com"

RUN apt-get update
RUN apt-get install -y apache2

VOLUME /var/www/html

ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
ENV APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
ENV APACHE_LOCK_DIR=/var/lock/apache2

RUN mkdir -p $APACHE_RUN_DIR $APACHE_LOCK_DIR $APACHE_LOG_DIR

EXPOSE 80

CMD ["apache2","-DFOREGROUND"]

Now, run the following command to build an Apache web server image using Dockerfile:

docker build -t ubuntu:apachev1.0 .

Output:

Sending build context to Docker daemon  2.048kB
Step 1/14 : FROM ubuntu:16.04
16.04: Pulling from library/ubuntu
8ee29e426c26: Pull complete 
6e83b260b73b: Pull complete 
e26b65fd1143: Pull complete 
40dca07f8222: Pull complete 
b420ae9e10b3: Pull complete 
Digest: sha256:3097ac92b852f878f802c22a38f97b097b4084dbef82893ba453ba0297d76a6a
Status: Downloaded newer image for ubuntu:16.04
 ---> 7aa3602ab41e
Step 2/14 : LABEL project="Apache Web Server Image"
 ---> Running in 2c0995179821
Removing intermediate container 2c0995179821
 ---> cd5b35df03c2
Step 3/14 : LABEL maintainer "hitjethva@gmail.com"
 ---> Running in 3a28f13e1418
Removing intermediate container 3a28f13e1418
 ---> b4f0713f0fcf
Step 4/14 : RUN apt-get update
 ---> Running in 7c1f0d548b90
Removing intermediate container 7c1f0d548b90
 ---> adb9a635b7f1
Step 5/14 : RUN apt-get install -y apache2
 ---> Running in 0235c7866eb6
Removing intermediate container 0235c7866eb6
 ---> 2b5f2c282c79
Step 6/14 : VOLUME /var/www/html
 ---> Running in e9b58c5f7ddd
Removing intermediate container e9b58c5f7ddd
 ---> 4a2f62e669b7
Step 7/14 : ENV APACHE_RUN_USER www-data
 ---> Running in 9ec982161d2d
Removing intermediate container 9ec982161d2d
 ---> 548e324848d6
Step 8/14 : ENV APACHE_RUN_GROUP www-data
 ---> Running in 1cf084f71b1b
Removing intermediate container 1cf084f71b1b
 ---> db0461896c00
Step 9/14 : ENV APACHE_LOG_DIR /var/log/apache2
 ---> Running in e2bdf40d1f4b
Removing intermediate container e2bdf40d1f4b
 ---> bbbde0ba0289
Step 10/14 : ENV APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
 ---> Running in 2277820a5e13
Removing intermediate container 2277820a5e13
 ---> af92b486cafb
Step 11/14 : ENV APACHE_LOCK_DIR=/var/lock/apache2
 ---> Running in 6e667a32abdb
Removing intermediate container 6e667a32abdb
 ---> b85b2b568744
Step 12/14 : RUN mkdir -p $APACHE_RUN_DIR $APACHE_LOCK_DIR $APACHE_LOG_DIR
 ---> Running in 8c0031a631cb
Removing intermediate container 8c0031a631cb
 ---> 106b4813eef0
Step 13/14 : EXPOSE 80
 ---> Running in 09712f52ce38
Removing intermediate container 09712f52ce38
 ---> 4364dd9cefa9
Step 14/14 : CMD ["apache2","-DFOREGROUND"]
 ---> Running in ffb9e1dda041
Removing intermediate container ffb9e1dda041
 ---> 4464cfdff2c6
Successfully built 4464cfdff2c6
Successfully tagged ubuntu:apachev1.0

The above command builds a Docker image with name ubuntu:apachev1.0.

You can list out it with the following command:

docker images

Output:

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ubuntu              apachev1.0          4464cfdff2c6        36 seconds ago      254MB
ubuntu              16.04               7aa3602ab41e        10 days ago         115MB
httpd               <none>              74ad7f48867f        9 months ago        177MB

Next, you will need to rename the docker image in "registryserver:portnumber/image name:tag" format.

You can rename the generated image using the following command:

docker tag ubuntu:apachev1.0 registry-server:5000/ubuntu:apachev1.0

Now, verify again with the following command:

docker images

Output:

REPOSITORY                    TAG                 IMAGE ID            CREATED              SIZE
ubuntu                        apachev1.0          4464cfdff2c6        About a minute ago   254MB
registry-server:5000/ubuntu   apachev1.0          4464cfdff2c6        About a minute ago   254MB
ubuntu                        16.04               7aa3602ab41e        10 days ago          115MB
httpd                         <none>              74ad7f48867f        9 months ago         177MB

Upload Docker Image on Registry Server

Now, the Docker image is ready on registry-client. Before starting, you will need to copy the ca.crt certificate from the registry-server to registry-client.

Go to the registry-client instance and run the following command:

mkdir -p /etc/docker/certs.d/registry-server:5000
scp root@registry-server:/etc/certs/ca.crt /etc/docker/certs.d/registry-server/

Now, restart docker service with the following command:

systemctl restart docker

Next, upload the docker image to private registry server using the following command:

docker push registry-server:5000/ubuntu:apachev1.0

Output:

The push refers to repository [registry-server:5000/ubuntu]
1e2d2004eac5: Pushed 
90c9e108cca6: Pushed 
6ad516d3083c: Pushed 
bcff331e13e3: Pushed 
2166dba7c95b: Pushed 
5e95929b2798: Pushed 
c2af38e6b250: Pushed 
0a42ee6ceccb: Pushed 
apachev1.0: digest: sha256:a644ec3477b8616d2956b3254cd67bebb08ded68dce25a9f4a773de1dfae122b size: 1988

You can also download the uploaded image from the registry server using the following command:

docker pull registry-server:5000/ubuntu:apachev1.0

Output:

apachev1.0: Pulling from ubuntu
8ee29e426c26: Pull complete 
6e83b260b73b: Pull complete 
e26b65fd1143: Pull complete 
40dca07f8222: Pull complete 
b420ae9e10b3: Pull complete 
17cc14b524da: Pull complete 
a672de99207d: Pull complete 
28fef3b105af: Pull complete 
Digest: sha256:a644ec3477b8616d2956b3254cd67bebb08ded68dce25a9f4a773de1dfae122b
Status: Downloaded newer image for registry-server:5000/ubuntu:apachev1.0

Congratulations! You have successfully setup Docker private registry server on Ubuntu 16.04. You can now easily upload and download Docker images to and from your registry server.

0 0 0
Share on

Alibaba Clouder

2,599 posts | 762 followers

You may also like

Comments