When building with docker image and testing it out to multiple system, we want to pull it from registry instead building docker image on every machine. We can use DockerHub, Quay, or other registry support. But how if we can just host the registry ourself? Instead pulling again and again from internet we can just pull from docker image from LAN.
First we run the registry:
docker run -d -p 5050:5000 --restart=always --name registry registry:2
This is the most simple command, but we need more than it, so let use compose to prevent confusion.
Compose style:
version: "3.8"
services:
registry:
image: registry:2
ports:
- 5050:5000
volumes:
- /path/in/our/host:/var/lib/registry
And do docker compose up -d
, you can check the containers logs, it will show:
Then do we build the image?
Lets take this Dockerfile
sample
FROM debian:sid-slim
RUN apt update && \
apt install -y python3-minimal && \
apt clean && \
rm -rf /var/lib/apt/lists/* && \
mkdir /data
WORKDIR /data
CMD ["python3","-m","http.server"]
When usually we can just use any tag we want such as some-local-name:some-tag-name
when using registry, the URL must be included, some of you may familiar with this ghcr.io/some-username/docker-image-name:docker-image-tag
or registry.gitlab.como/some-username/docker-image-name:docker-image-tag
.
The same concept also applied here, so instead
docker build -t docker-image-name:docker-image-tag . -f Dockerfile
We use this
docker build -t 192.168.0.2:5050docker-image-name:docker-image-tag . -f Dockerfile
In the sample my host ip is at 192.168.0.2
and port 5050
, then if for some reason we dont deploy at port 5000
, such as 5050:5000
like sample, we need to change the tag accordingly to 192.168.0.2:5050/docker-image-name:docker-image-tag
.
Build and tagged, successfully
As using docker build
doesn't automatically pushing image to registry, then we continue to push it.
docker push 192.168.0.2:5050/docker-image-name:docker-image-tag
And i will ensure, that step will fail, why? because by default docker push looking for secure registry.
Then how do we make docker accept it? we will override docker configuration to enable this.
Create /etc/docker/daemon.json
or edit if you already had it.
Add this line to docker configuration and restart the daemon sudo systemctl restart docker.service
{
"insecure-registries": ["the-registry-ip:the-registry-port"]
}
This config must be applied to every machine that want to push or pull from insecure registry
Lets try another push:
Yay, success
If you already had docker image locally you can just retag the local image to registry format.
docker tag local-image-name:local-image-tag registry-format-docker-image-name:docker-image-tag
Ex:
docker tag python-http-server:latest 192.168.0.2:5000/python-http-server:latest
sources: