Published on

Docker Registry

Authors
  • avatar
    Name
    PatharaNor
    Twitter

thumbnail

Setup

Connecting to private local Docker registry without authentication

avatar
PatharaNor
Tech Writer

This service using local registry on 172.21.18.69:5000. From start, you cannot connect to it via http. You need to config Docker daemon to allow it:

# Go to config daemon file
vi ~/.docker/daemon.json

then modify this file by adding key/value of insecure-registries to it, it should looks like this:

{
  ...,
  "insecure-registries": ["172.21.18.69:5000"]
}

Now you can access to the local registry.

Customize the registry

Base Container Image

Please refer to this repo.

Mount data to local storage

To ensure that we save blob to disk not only in-memory or container image. You can bind Docker volume to /var/lib/registry , example :

-v $(pwd)/registry:/var/lib/registry

Customize registry configuration

The config file based on YAML file, you can bind that file to /etc/docker/registry/config.yml :

-v $(pwd)/config/credentials.yml:/etc/docker/registry/config.yml

example config file $(pwd)/config/credentials.yml :

version: 0.1
log:
  fields:
    service: registry
storage:
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['http://localhost']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization', 'Accept']
    Access-Control-Max-Age: [1728000]
    Access-Control-Allow-Credentials: [true]
    Access-Control-Expose-Headers: ['Docker-Content-Digest']

Run Docker registry service

Now we provide to the service 172.21.18.69 on port number 5000.

(docker stop docker-registry || :) && (docker rm docker-registry || :)
docker run -p 5000:5000 -d \
           -v $(pwd)/registry:/var/lib/registry \
           -v $(pwd)/config/credentials.yml:/etc/docker/registry/config.yml \
           --restart=always \
           --name docker-registry \
           registry:2.7

User Interface

Docker Registry UI

Docker Registry UI

Wrapping with UI

The UI doesn't standalone service, it still required Docker Registry service. So you need to install/deploy Docker Registry service first.

# Stop the old one
(docker stop docker-registry-ui || :) && (docker rm docker-registry-ui || :)
# And then start the new one
docker run -d \
-p 5001:80 \
-e REGISTRY_TITLE="HMS Private Docker Registry" \
-e REGISTRY_URL=http://172.21.18.69:5000 \
-e DELETE_IMAGES=true \
--name=docker-registry-ui \
--restart=always \
joxit/docker-registry-ui:static

Running service‌

Now it available on 172.21.18.69 in directory /app/docker-registry-ui via port number 5001.‌

Customize

You can see here for more detail.

Additional

Container Time Zone Setting

Debian

The secret here is that dpkg-reconfigure tzdata simply creates /etc/localtime as a copy, hardlink or symlink (a symlink is preferred) to a file in /usr/share/zoneinfo. So it is possible to do this entirely from your Dockerfile. Consider:

...

ENV TZ=Asia/Bangkok
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

...

And as a bonus, TZ will be set correctly in the container as well. This is also distribution-agnostic, so it works with pretty much any Linux.

Alpine

...

RUN apk add --no-cache tzdata
ENV TZ Asia/Bangkok

...
Discuss on TwitterView on GitHub