Selfhost docker registry

docker dockerfile registry selfhosted build

When building with docker image and testing it out to multiple system, we want to pull it from registry instead building docker image on every machine. We can use DockerHub, Quay, or other registry support. But how if we can just host the registry ourself? Instead pulling again and again from internet we can just pull from docker image from LAN.

First we run the registry:

docker run -d -p 5050:5000 --restart=always --name registry registry:2

This is the most simple command, but we need more than it, so let use compose to prevent confusion.

Compose style:

version: "3.8"
services:
  registry:
    image: registry:2
    ports:
      - 5050:5000
    volumes:
      - /path/in/our/host:/var/lib/registry

And do docker compose up -d, you can check the containers logs, it will show:

2022-10-25-132028_1892x213_scrot

Then do we build the image? Lets take this Dockerfile sample

FROM debian:sid-slim
RUN apt update && \
    apt install -y python3-minimal && \
    apt clean && \
    rm -rf /var/lib/apt/lists/* && \
    mkdir /data
WORKDIR /data
CMD ["python3","-m","http.server"]

When usually we can just use any tag we want such as some-local-name:some-tag-name when using registry, the URL must be included, some of you may familiar with this ghcr.io/some-username/docker-image-name:docker-image-tag or registry.gitlab.como/some-username/docker-image-name:docker-image-tag. The same concept also applied here, so instead

docker build -t docker-image-name:docker-image-tag . -f Dockerfile

We use this

docker build -t 192.168.0.2:5050docker-image-name:docker-image-tag . -f Dockerfile

In the sample my host ip is at 192.168.0.2 and port 5050, then if for some reason we dont deploy at port 5000, such as 5050:5000 like sample, we need to change the tag accordingly to 192.168.0.2:5050/docker-image-name:docker-image-tag. Build and tagged, successfully

2022-10-25-133126_496x250_scrot

As using docker build doesn't automatically pushing image to registry, then we continue to push it.

docker push 192.168.0.2:5050/docker-image-name:docker-image-tag

And i will ensure, that step will fail, why? because by default docker push looking for secure registry.

2022-10-25-133418_843x61_scrot

Then how do we make docker accept it? we will override docker configuration to enable this. Create /etc/docker/daemon.json or edit if you already had it. Add this line to docker configuration and restart the daemon sudo systemctl restart docker.service

{
  "insecure-registries": ["the-registry-ip:the-registry-port"]
}

This config must be applied to every machine that want to push or pull from insecure registry

Lets try another push:

2022-10-25-134243_921x122_scrot

Yay, success

If you already had docker image locally you can just retag the local image to registry format.

docker tag local-image-name:local-image-tag registry-format-docker-image-name:docker-image-tag

Ex: docker tag python-http-server:latest 192.168.0.2:5000/python-http-server:latest

sources:

Previous Post Next Post

Add a comment