In this post we will see Create Private Docker Registry with SSL (TLS support)So you will able to push to your own image to secured registry and can pull from it.
Here is the process:
Create Directory
mkdir -p /opt/docker/containers/docker-registry/certs
Create certification
openssl req -newkey rsa:2048 -nodes -sha256 -x509 -days 365 -keyout /opt/docker/containers/docker-registry/certs/docker-registry.key -out /opt/docker/containers/docker-registry/certs/docker-registry.crt
Create Auth Directory
mkdir -p /opt/docker/containers/docker-registry/auth
Create Entrypoint for authentication for registry
docker run --entrypoint htpasswd registry -Bbn docker d0ck3rrU73z > /opt/docker/containers/docker-registry/auth/htpasswd
Create directory for registry
mkdir /opt/docker/containers/docker-registry/registry
Pull Registry image from docker hub
docker pull registry
Check if certs is created with in directory
ls /opt/docker/containers/docker-registry/certs/
o/p: [shrii@worker-node1 ~]$ ls /opt/docker/containers/docker-registry/certs/
docker-registry.crt docker-registry.key
Create registry container with required options
docker run -d --name docker-registry --restart=always -p 443:443 -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -v /opt/docker/containers/docker-registry/registry:/var/lib/registry -v /opt/docker/containers/docker-registry/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/docker/containers/docker-registry/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker-registry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/docker-registry.key registry:2
Make temp. domain name in hosts file; for this we need to create cert
vi /etc/hosts
o/p:
192.168.56.109 docker-registry.example.com docker-registry
Check docker process and see if container is running successfully
docker ps
o/p:
[root@worker-node1 shrii]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63bf7013ae03 registry:2 "/entrypoint.sh /e..." 41 minutes ago Up 41 minutes 0.0.0.0:443->443/tcp, 5000/tcp docker-registry
[root@worker-node1 shrii]#
Create directory for where ca cert need to place
mkdir -p /etc/docker/certs.d/docker-registry.example.com:443
Copy CA.cert in the created directory
cp /opt/docker/containers/docker-registry/certs/docker-registry.crt /etc/docker/certs.d/docker-registry.example.com:443/ca.crt
[root@worker-node1 shrii]# ls /etc/docker/certs.d/docker-registry.example.com\:443/
ca.crt
****Steps After creation private registry******
Pull budybox image from docker hub Public
docker pull busybox
Tag the budyboxy image with name
docker tag busybox:latest docker-registry.example.com:443/busybox
Login to Newly created private Docker registry
docker login docker-registry.example.com:443
Push to Newly created private Docker registry
docker push docker-registry.example.com:443/busybox
Check the images
docker images | grep busybox