How to setup secure Docker private registry along with GUI

Introduction

Docker Registry is a server-side application and part of Docker’s platform-as-a-service product. It allows you to locally store all your Docker images in one centralized location. When you set up a private registry, you assign a server to communicate with Docker Hub over the internet. The role of the server is to pull and push images, store them locally, and share them among other Docker hosts.

In today’s world where security is a primary concern for any business. Docker private registry lets you save valuable resources and speed up processes. The software lets you pull images without having to connect to the Docker Hub, saving up bandwidth and securing the system from potential online threats.

Docker hosts can access the local repository over a secure connection and copy images from the local registry to build their own containers. Before you can deploy a registry, you need to install Docker on the host. A registry is an instance of the registry image, and runs within Docker. You can follow my previous article for steps to install docker.

The official docker image doesn’t have the GUI option, but I personally prefer having a UI for any application that I am using. It allows me to have a holistic view of the configuration, which is why I will be using docker-compose to setup docker-registry along with the docker-registry-ui.

Steps :

1.) Install docker and docker-compose using this link, if you haven’t installed them already.

2.) Create a docker-compose YAML file with the below contents. Things to note here are :

• We are using htpasswd auth mechanism. Read this blog to know more about htpasswd.
• We use htpasswd file to store credentials while setting up docker-registry. Use this link to create htpasswd file.
• “ENV_DOCKER_REGISTRY_HOST” environment variable binds this UI container with our private registry.
• “REGISTRY_AUTH_HTPASSWD_PATH” environment variable tells the htpasswd file location.

version: '3'
services:
    docker-registry:
        container_name: docker-registry
        image: registry:2
        ports:
            - 5000:5000
        restart: always
        volumes:
            - /blog/docker/registry:/var/lib/registry
            - /blog/docker/auth:/auth
        environment:
            REGISTRY_AUTH: htpasswd
            REGISTRY_AUTH_HTPASSWD_REALM: 'Registry Realm'
            REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    docker-registry-ui:
        container_name: docker-registry-ui
        image: konradkleine/docker-registry-frontend:v2
        ports:
            - 8080:80
        restart: always
        environment:
            ENV_DOCKER_REGISTRY_HOST: docker-registry
            ENV_DOCKER_REGISTRY_PORT: 5000

3.) Use docker-compose up -d command to run these containers in detached mode. And check the status of these containers using docker ps command.

4.) Now you can also enable SSL for these applications following steps explained in this link.

5.) Increase Nginx maximum upload file size by adding “client_max_body_size” section. I change the maximum size to 3 GB to ensure I don’t face any issues in the future even if my docker image is big in size. I am doing this since I am using Nginx as my reverse proxy to secure my registry. You can skip this if you don’t use Nginx in your setup.

http {
    ...
    client_max_body_size 3000M;
}

6.) Test docker push and verify if you can see these images.