By Hitesh Jethva, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.
Docker private registry is a highly scalable server-side application that can be used to store and distribute the Docker images internally within your organization. Docker also has its own public registry (Docker Hub) that allows you to store Docker images. But, the images you upload on Docker Hub becomes public. Anyone can access and use your images from Docker Hub. So it is not the best option for your organization. Docker private registry allows you to set up a Docker registry for your project privately so that only your organization can store and use Docker images on it. Using Docker private registry, you can easily control your images, fully own your images distribution pipeline, and integrate image storage and distribution tightly into your in-house development workflow. If you want to quickly deploy a new image over a large cluster of machines, then Docker private registry is the best solution for you.
In this tutorial, we will explain how to set up our own Docker private registry server on two Alibaba Cloud Elastic Compute Service (ECS) instances with Ubuntu 16.04.
First, log in to your Alibaba Cloud ECS Console. Create a new ECS instance, choosing Ubuntu 16.04 as the operating system with at least 2GB RAM. Connect to your ECS instance and log in as the root user.
Once you are logged into your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.
apt-get update -y
First, you will need to setup /etc/hosts file in each instance, so each instance can communicate with each other using hostname.
You can setup /etc/hosts file on each instance with the following command:
nano /etc/hosts
Add the following lines:
192.168.0.101 registry-server
192.168.0.102 registry-client
Save and close the file, when you are finished.
Next, you can verify name resolution by running the following command on registry-server instance:
ping registry-client
ping registry-server
Before starting, you will need to install Docker on both instance. By default, the latest version of Docker CE is not available in the Ubuntu 16.04 default repository. So you will need to add Docker CE repository to your system.
First, install the following packages to your system.
apt-get install -y apt-transport-https software-properties-common ca-certificates curl -y
Next, download and add Docker CE GPG key with the following command:
wget https://download.docker.com/linux/ubuntu/gpg
apt-key add gpg
Next, add the /var/lib/dpkg/lockDocker CE repository to APT:
echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable" | tee /etc/apt/sources.list.d/docker.list
Finally, update the repository and install Docker CE by running the following command:
apt-get update -y
apt-get install docker-ce -y
Once the installation is completed. Check the status of Docker with the following command:
systemctl status docker
Output:
docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2018-08-06 19:49:28 IST; 41s ago
Docs: https://docs.docker.com
Main PID: 13024 (dockerd)
CGroup: /system.slice/docker.service
├─13024 /usr/bin/dockerd -H fd://
└─13054 docker-containerd --config /var/run/docker/containerd/containerd.toml
Aug 06 19:49:27 Node1 dockerd[13024]: time="2018-08-06T19:49:27.240011773+05:30" level=info msg="ClientConn switching balancer to \"pick_first\
Aug 06 19:49:27 Node1 dockerd[13024]: time="2018-08-06T19:49:27.241034794+05:30" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0
Aug 06 19:49:27 Node1 dockerd[13024]: time="2018-08-06T19:49:27.243219799+05:30" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0
Aug 06 19:49:27 Node1 dockerd[13024]: time="2018-08-06T19:49:27.244280675+05:30" level=info msg="Loading containers: start."
Aug 06 19:49:27 Node1 dockerd[13024]: time="2018-08-06T19:49:27.970064077+05:30" level=info msg="Default bridge (docker0) is assigned with an I
Aug 06 19:49:28 Node1 dockerd[13024]: time="2018-08-06T19:49:28.161884804+05:30" level=info msg="Loading containers: done."
Aug 06 19:49:28 Node1 dockerd[13024]: time="2018-08-06T19:49:28.192309817+05:30" level=info msg="Docker daemon" commit=0ffa825 graphdriver(s)=o
Aug 06 19:49:28 Node1 dockerd[13024]: time="2018-08-06T19:49:28.193198210+05:30" level=info msg="Daemon has completed initialization"
Aug 06 19:49:28 Node1 systemd[1]: Started Docker Application Container Engine.
Before starting, you will need to Docker private Registry on registry-server instance. First, download the registry image from the Docker Hub using the following command:
docker pull registry
Output:
Using default tag: latest
latest: Pulling from library/registry
4064ffdc82fe: Pull complete
c12c92d1c5a2: Pull complete
4fbc9b6835cc: Pull complete
765973b0f65f: Pull complete
3968771a7c3a: Pull complete
Digest: sha256:51bb55f23ef7e25ac9b8313b139a8dd45baa832943c8ad8f7da2ddad6355b3c8
Status: Downloaded newer image for registry:latest
Once the registry image downloaded, you will need to generate a self-signed certificate for securing Docker Registry. Because, Docker node uses a secure connection over TLS to upload or download images to or from the private registry.
Go to the registry-server and run the following command to generate certificate:
mkdir /etc/certs
cd /etc/certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Output:
Generating a 4096 bit RSA private key
.........................++
.........................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Gujarat
Locality Name (eg, city) []:Junagadh
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Alibaba
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:registry-server
Email Address []:hitjethva@gmail.com
You will need to copy generated ca.crt certificate to all registry client system for trusting this certificate.
Now, start Docker registry container with certificate information by running the following command:
docker run -d -p 5000:5000 --restart=always --name registry -v /etc/certs:/etc/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/certs/ca.crt -e REGISTRY_HTTP_TLS_KEY=/etc/certs/ca.key registry
You can now verify the running registry container using the following command:
docker ps
Output:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
304fa6da95d4 registry "/entrypoint.sh /etc…" 12 seconds ago Restarting (1) 3 seconds ago 0.0.0.0:5000->5000/tcp registry
Next, you will need to create and build a Docker container image on registry client for uploading it on the private registry server.
Here, we will build an Apache web server image based on Ubuntu 16.04 using Dockerfile.
First, create a Dockerfile using the following command:
mkdir Dockerimage
cd Dockerimage
nano Dockerfile
Add the following lines:
FROM ubuntu:16.04
LABEL project="Apache Web Server Image"
LABEL maintainer "hitjethva@gmail.com"
RUN apt-get update
RUN apt-get install -y apache2
VOLUME /var/www/html
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
ENV APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
ENV APACHE_LOCK_DIR=/var/lock/apache2
RUN mkdir -p $APACHE_RUN_DIR $APACHE_LOCK_DIR $APACHE_LOG_DIR
EXPOSE 80
CMD ["apache2","-DFOREGROUND"]
Now, run the following command to build an Apache web server image using Dockerfile:
docker build -t ubuntu:apachev1.0 .
Output:
Sending build context to Docker daemon 2.048kB
Step 1/14 : FROM ubuntu:16.04
16.04: Pulling from library/ubuntu
8ee29e426c26: Pull complete
6e83b260b73b: Pull complete
e26b65fd1143: Pull complete
40dca07f8222: Pull complete
b420ae9e10b3: Pull complete
Digest: sha256:3097ac92b852f878f802c22a38f97b097b4084dbef82893ba453ba0297d76a6a
Status: Downloaded newer image for ubuntu:16.04
---> 7aa3602ab41e
Step 2/14 : LABEL project="Apache Web Server Image"
---> Running in 2c0995179821
Removing intermediate container 2c0995179821
---> cd5b35df03c2
Step 3/14 : LABEL maintainer "hitjethva@gmail.com"
---> Running in 3a28f13e1418
Removing intermediate container 3a28f13e1418
---> b4f0713f0fcf
Step 4/14 : RUN apt-get update
---> Running in 7c1f0d548b90
Removing intermediate container 7c1f0d548b90
---> adb9a635b7f1
Step 5/14 : RUN apt-get install -y apache2
---> Running in 0235c7866eb6
Removing intermediate container 0235c7866eb6
---> 2b5f2c282c79
Step 6/14 : VOLUME /var/www/html
---> Running in e9b58c5f7ddd
Removing intermediate container e9b58c5f7ddd
---> 4a2f62e669b7
Step 7/14 : ENV APACHE_RUN_USER www-data
---> Running in 9ec982161d2d
Removing intermediate container 9ec982161d2d
---> 548e324848d6
Step 8/14 : ENV APACHE_RUN_GROUP www-data
---> Running in 1cf084f71b1b
Removing intermediate container 1cf084f71b1b
---> db0461896c00
Step 9/14 : ENV APACHE_LOG_DIR /var/log/apache2
---> Running in e2bdf40d1f4b
Removing intermediate container e2bdf40d1f4b
---> bbbde0ba0289
Step 10/14 : ENV APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
---> Running in 2277820a5e13
Removing intermediate container 2277820a5e13
---> af92b486cafb
Step 11/14 : ENV APACHE_LOCK_DIR=/var/lock/apache2
---> Running in 6e667a32abdb
Removing intermediate container 6e667a32abdb
---> b85b2b568744
Step 12/14 : RUN mkdir -p $APACHE_RUN_DIR $APACHE_LOCK_DIR $APACHE_LOG_DIR
---> Running in 8c0031a631cb
Removing intermediate container 8c0031a631cb
---> 106b4813eef0
Step 13/14 : EXPOSE 80
---> Running in 09712f52ce38
Removing intermediate container 09712f52ce38
---> 4364dd9cefa9
Step 14/14 : CMD ["apache2","-DFOREGROUND"]
---> Running in ffb9e1dda041
Removing intermediate container ffb9e1dda041
---> 4464cfdff2c6
Successfully built 4464cfdff2c6
Successfully tagged ubuntu:apachev1.0
The above command builds a Docker image with name ubuntu:apachev1.0.
You can list out it with the following command:
docker images
Output:
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu apachev1.0 4464cfdff2c6 36 seconds ago 254MB
ubuntu 16.04 7aa3602ab41e 10 days ago 115MB
httpd <none> 74ad7f48867f 9 months ago 177MB
Next, you will need to rename the docker image in "registryserver:portnumber/image name:tag" format.
You can rename the generated image using the following command:
docker tag ubuntu:apachev1.0 registry-server:5000/ubuntu:apachev1.0
Now, verify again with the following command:
docker images
Output:
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu apachev1.0 4464cfdff2c6 About a minute ago 254MB
registry-server:5000/ubuntu apachev1.0 4464cfdff2c6 About a minute ago 254MB
ubuntu 16.04 7aa3602ab41e 10 days ago 115MB
httpd <none> 74ad7f48867f 9 months ago 177MB
Now, the Docker image is ready on registry-client. Before starting, you will need to copy the ca.crt certificate from the registry-server to registry-client.
Go to the registry-client instance and run the following command:
mkdir -p /etc/docker/certs.d/registry-server:5000
scp root@registry-server:/etc/certs/ca.crt /etc/docker/certs.d/registry-server/
Now, restart docker service with the following command:
systemctl restart docker
Next, upload the docker image to private registry server using the following command:
docker push registry-server:5000/ubuntu:apachev1.0
Output:
The push refers to repository [registry-server:5000/ubuntu]
1e2d2004eac5: Pushed
90c9e108cca6: Pushed
6ad516d3083c: Pushed
bcff331e13e3: Pushed
2166dba7c95b: Pushed
5e95929b2798: Pushed
c2af38e6b250: Pushed
0a42ee6ceccb: Pushed
apachev1.0: digest: sha256:a644ec3477b8616d2956b3254cd67bebb08ded68dce25a9f4a773de1dfae122b size: 1988
You can also download the uploaded image from the registry server using the following command:
docker pull registry-server:5000/ubuntu:apachev1.0
Output:
apachev1.0: Pulling from ubuntu
8ee29e426c26: Pull complete
6e83b260b73b: Pull complete
e26b65fd1143: Pull complete
40dca07f8222: Pull complete
b420ae9e10b3: Pull complete
17cc14b524da: Pull complete
a672de99207d: Pull complete
28fef3b105af: Pull complete
Digest: sha256:a644ec3477b8616d2956b3254cd67bebb08ded68dce25a9f4a773de1dfae122b
Status: Downloaded newer image for registry-server:5000/ubuntu:apachev1.0
Congratulations! You have successfully setup Docker private registry server on Ubuntu 16.04. You can now easily upload and download Docker images to and from your registry server.
Alibaba Cloud Lays Out "Internet of Beings" Plan at The Computing Conference 2018
2,599 posts | 764 followers
FollowAlibaba Clouder - September 16, 2019
Alibaba Clouder - July 9, 2018
Alibaba Clouder - July 24, 2020
Alibaba Clouder - May 14, 2018
Alibaba Clouder - July 3, 2019
Alibaba Clouder - October 3, 2018
2,599 posts | 764 followers
FollowElastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn MoreAn encrypted and secure cloud storage service which stores, processes and accesses massive amounts of data from anywhere in the world
Learn MoreLearn More
More Posts by Alibaba Clouder