Why a Private Registry?
A private Docker registry lets you store and distribute container images within your infrastructure without relying on Docker Hub. This provides faster pulls, privacy, and no rate limits.
Deploy with Docker
docker run -d \
--name registry \
--restart=unless-stopped \
-p 5000:5000 \
-v registry-data:/var/lib/registry \
registry:2Push an Image
# Tag your image for the private registry
docker tag myapp:latest localhost:5000/myapp:latest
# Push
docker push localhost:5000/myapp:latest
# Pull
docker pull localhost:5000/myapp:latestAdd SSL with Nginx
server {
listen 443 ssl;
server_name registry.example.com;
ssl_certificate /etc/letsencrypt/live/registry.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/registry.example.com/privkey.pem;
client_max_body_size 2G;
location / {
proxy_pass http://localhost:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}Add Authentication
# Create htpasswd file
sudo apt install -y apache2-utils
mkdir -p /etc/docker/registry
htpasswd -Bc /etc/docker/registry/htpasswd admindocker run -d \
--name registry \
-p 5000:5000 \
-v registry-data:/var/lib/registry \
-v /etc/docker/registry:/auth \
-e REGISTRY_AUTH=htpasswd \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
registry:2# Login before push/pull
docker login registry.example.comGarbage Collection
# Clean up unreferenced layers
docker exec registry bin/registry garbage-collect /etc/docker/registry/config.yml