How to Setup Docker Private Registry on Ubuntu 18.04

Using Docker private registry, you can manage your Docker images from the central server within your organization. You don’t need to download docker images from the Docker Hub using the internet. When there are a large number of Docker hosts in your environment, no company would prefer to give internet access to all the servers to download and upload Docker images every time. To resolve this, allow internet access to one server and make that server as a internal Docker registry that helps you to manage all the Docker images from the private Docker registry.

In this tutorial, we will learn how to setup your own private Docker registry on Ubuntu 18.04 server. We will setup one server as a Docker registry server and other server as a registry client to push and pull image from the registry server.

Requirements

Two servers with Ubuntu 18.04 server installed on both.
A static IP address 192.168.0.102 is set up on registry server and 192.168.0.103 is set up on the registry client.
A root password is set up on both servers.

Getting Started

First, you will need to update both servers with the latest version. You can update them by running the following command:

apt-get update -y
apt-get upgrade -y

Once both servers are updated, restart them to update all the changes.

Next, you will need to configure hostname resolution on both servers. So, both server can communicate with each other using hostname.

You can do it by editing /etc/hosts file.

Open /etc/hosts file on both server with the following command:

nano /etc/hosts

Add the following lines:

192.168.0.102 docker-server
192.168.0.103 docker-client

Save and close the file, when you are finished.

Next, you will also need to install some required packages to your server. You can install all of them with the following command:

apt-get install -y apt-transport-https software-properties-common
ca-certificates curl openssl wget

Install Docker

Next, you will need to install Docker on both servers. By default, the latest version of Docker is not available in the Ubuntu 18.04 server default repository. So, you will need to add the repository for that.

First, download and add Docker CE GPG key with the following command:

wget https://download.docker.com/linux/ubuntu/gpg
apt-key add gpg

Next, add the Docker CE repository to APT with the following command:

nano /etc/apt/sources.list.d/docker.list

Add the following line:

deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable

Save and close the file, when you are finished. Then, update the repository with the following command:

apt-get update -y

Once the repository is updated, install Docker CE with the following command:

apt-get install docker-ce -y

After installing Docker CE, check the Docker service with the following command:

systemctl status docker

You should see the following output:

docker.service – Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-05-30 06:54:25 UTC; 1min 2s ago
Docs: https://docs.docker.com
Main PID: 3477 (dockerd)
Tasks: 8
CGroup: /system.slice/docker.service
└─3477 /usr/bin/dockerd -H fd:// –containerd=/run/containerd/containerd.sock

May 30 06:54:24 ubuntu1804 dockerd[3477]: time="2019-05-30T06:54:24.075302742Z"
level=warning msg="Your kernel does not support swap memory lim

May 30 06:54:24 ubuntu1804 dockerd[3477]: time="2019-05-30T06:54:24.075970607Z"
level=warning msg="Your kernel does not support cgroup rt perio

May 30 06:54:24 ubuntu1804 dockerd[3477]: time="2019-05-30T06:54:24.076338523Z"
level=warning msg="Your kernel does not support cgroup rt runti

May 30 06:54:24 ubuntu1804 dockerd[3477]: time="2019-05-30T06:54:24.085407732Z"
level=info msg="Loading containers: start."

May 30 06:54:24 ubuntu1804 dockerd[3477]: time="2019-05-30T06:54:24.882504663Z"
level=info msg="Default bridge (docker0) is assigned with an IP

May 30 06:54:25 ubuntu1804 dockerd[3477]: time="2019-05-30T06:54:25.195655181Z"
level=info msg="Loading containers: done."

May 30 06:54:25 ubuntu1804 dockerd[3477]: time="2019-05-30T06:54:25.625414313Z"
level=info msg="Docker daemon" commit=481bc77 graphdriver(s)=ov

May 30 06:54:25 ubuntu1804 dockerd[3477]: time="2019-05-30T06:54:25.628379636Z"
level=info msg="Daemon has completed initialization"

May 30 06:54:25 ubuntu1804 systemd[1]: Started Docker Application Container Engine.

May 30 06:54:25 ubuntu1804 dockerd[3477]: time="2019-05-30T06:54:25.770575369Z"
level=info msg="API listen on /var/run/docker.sock"

Install Registry Server

Docker is now installed and running on both servers. It’s time to download and install registry server on Docker server. You can download the registry image from Docker Hub by running the following command:

docker pull registry

You should see the following output:

Using default tag: latest
latest: Pulling from library/registry
c87736221ed0: Pull complete
1cc8e0bb44df: Pull complete
54d33bcb37f5: Pull complete
e8afc091c171: Pull complete
b4541f6d3db6: Pull complete
Digest: sha256:f87f2b82b4873e0651f928dcde9556008314543bd863b3f7e5e8d03b04e117f7
Status: Downloaded newer image for registry:latest

Docker uses a secure connection over TLS to push and pull images from the registry server. So, you will need to generate a self signed certificate secure Docker registry.

First, create a directory to store certificates with the following command:

mkdir /opt/certs

Next, generate a self signed certificates with the following command:

cd/opt/certs/
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

Answer all the questions as shown below:

Generating a 4096 bit RSA private key
………….++
………………..++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:GUJ
Locality Name (eg, city) []:AHMEDABAD
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IT
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:docker-server
Email Address []:hitjethva@gmail.com

Next, start the Docker registry container with generated certificate information as shown below:

docker run -d -p 5000:5000 –restart=always –name registry -v /opt/certs:/opt/certs -e
REGISTRY_HTTP_TLS_CERTIFICATE=/opt/certs/ca.crt -e
REGISTRY_HTTP_TLS_KEY=/opt/certs/ca.key registry

You can now verify the running registry container with the following command:

docker ps

You should see the following output:

CONTAINER ID IMAGE    COMMAND      CREATED     STATUS   PORTS   NAMES
5173ee69fb59     registry            "/entrypoint.sh /etc…"   7 seconds ago
Up 4 seconds     0.0.0.0:5000–>5000/tcp   registry

Setup Docker Registry Client

Next, you will need to create a Docker image on Docker client server. We will upload this image on Registry server later.

First, create a docker directory with the following command:

mkdir docker

Next, create a dockerfile to build an Apache image:

nano docker/dockerfile

Add the following lines:

FROM ubuntu:18.04
LABEL project="Apache Web Server Image"
LABEL maintainer "[email protected]"
RUN apt-get update
RUN apt-get install -y apache2
VOLUME /var/www/html
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
ENV APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
ENV APACHE_LOCK_DIR=/var/lock/apache2

RUN mkdir -p $APACHE_RUN_DIR $APACHE_LOCK_DIR $APACHE_LOG_DIR

EXPOSE 80

CMD ["apache2","-DFOREGROUND"]

Now, run the following command to build an Apache docker image using dockerfile:

docker build -t ubuntu:apache .

You should see the following output:

Sending build context to Docker daemon 2.048kB
Step 1/14 : FROM ubuntu:18.04
18.04: Pulling from library/ubuntu
6abc03819f3e: Pull complete
05731e63f211: Pull complete
0bd67c50d6be: Pull complete
Digest: sha256:f08638ec7ddc90065187e7eabdfac3c96e5ff0f6b2f1762cf31a4f49b53000a5
Status: Downloaded newer image for ubuntu:18.04
—> 7698f282e524
Step 2/14 : LABEL project="Apache Web Server Image"
—> Running in f4506d0ec8fd
Removing intermediate container f4506d0ec8fd
—> 141870de484b
Step 3/14 : LABEL maintainer "[email protected]"
—> Running in db45c8dfbc8d
Removing intermediate container db45c8dfbc8d
—> 2eb87fe8c9d5
Step 4/14 : RUN apt-get update
—> Running in af0fc28de937

Step 6/14 : VOLUME /var/www/html
—> Running in a8a9c9ddaf97
Removing intermediate container a8a9c9ddaf97
—> 1e12c40811cc
Step 7/14 : ENV APACHE_RUN_USER www-data
—> Running in 9b47b2ab29f5
Removing intermediate container 9b47b2ab29f5
—> 434cc96e3752
Step 8/14 : ENV APACHE_RUN_GROUP www-data
—> Running in 60b9e6e791ad
Removing intermediate container 60b9e6e791ad
—> 074943caf1a6
Step 9/14 : ENV APACHE_LOG_DIR /var/log/apache2
—> Running in d3ea54693aeb
Removing intermediate container d3ea54693aeb
—> d9ee1e91fc83
Step 10/14 : ENV APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
—> Running in c5f03203059e
Removing intermediate container c5f03203059e
—> 581cae9b9ffb
Step 11/14 : ENV APACHE_LOCK_DIR=/var/lock/apache2
—> Running in 5baafe9d7ef4
Removing intermediate container 5baafe9d7ef4
—> 2ad3bb5267b1
Step 12/14 : RUN mkdir -p $APACHE_RUN_DIR $APACHE_LOCK_DIR $APACHE_LOG_DIR
—> Running in e272ae0076bd
Removing intermediate container e272ae0076bd
—> 759fcc9a9142
Step 13/14 : EXPOSE 80
—> Running in 42c70aec6a64
Removing intermediate container 42c70aec6a64
—> 2a8b3931a569
Step 14/14 : CMD ["apache2","-DFOREGROUND"]
—> Running in c6b0c593a821
Removing intermediate container c6b0c593a821
—> 1f8b24f67760
Successfully built 1f8b24f67760
Successfully tagged ubuntu:apache

Next, you will need to rename the generated image in “registryserver:portnumber/image name:tag” format. You can do this with the following command:

docker tag ubuntu:apache docker-server:5000/ubuntu:apache

You can now list all the images with the following command:

docker images

You should see the following output:

REPOSITORY                  TAG         IMAGE ID         CREATED           SIZE
docker-server:5000/ubuntu   apache      1f8b24f67760     4 minutes ago     191MB
ubuntu                      apache      1f8b24f67760     4 minutes ago     191MB
ubuntu                      18.04        7698f282e524    2 weeks ago       69.9MB

Push Docker Image on Registry Server

Docker registry server and client are now ready to use. It’s time to push image to Docker server.

First, you will need to copy the ca.crt certificate from the docker-server to the docker-client. First, create a directory to store certificate with the following command:

mkdir -p /etc/docker/certs.d/docker-server:5000

Next, copy ca.crt from docker-server with the following command:

cd /etc/docker/certs.d/docker-server:5000
scp root@docker-server:/opt/certs/ca.crt .

Next, restart Docker server to apply all the changes with the following command:

systemctl restart docker

Next, push the Apache docker image to the Docker registry server with the following command:

docker push registry-server:5000/ubuntu:apache

You should see the following output:

The push refers to repository [docker-server:5000/ubuntu]
c9d16a753f81: Pushed
7bd646aafb37: Pushed
d626b247b68f: Pushed
8d267010480f: Pushed
270f934787ed: Pushed
02571d034293: Pushed
apache: digest: sha256:e294b2694c7104dda98041a2f62cd7908ac2ea5ac668b46e6f0c2c7df82278a2
size: 1574

Now, log in to other system and pull the uploaded image from the registry server using the following command:

docker pull docker-server:5000/ubuntu:apache

You should see the following output:

apache: Pulling from ubuntu
6abc03819f3e: Pull complete
05731e63f211: Pull complete
0bd67c50d6be: Pull complete
bf1e4b1cebce: Pull complete
baaa0072d2cd: Pull complete
a558b52dacc7: Pull complete
Digest: sha256:e294b2694c7104dda98041a2f62cd7908ac2ea5ac668b46e6f0c2c7df82278a2
Status: Downloaded newer image for docker-server:5000/ubuntu:apache

Thats It. You can now build more images and upload them on registry server. You can pull those images on other clients any time from the registry server.