Docker Private Registery

-

 Docker private registry

Why we need pvt registry

"Security, minimize internet load, speed, control

We need to setup registry in three stage , stage one  simple stage two  secure (with ssl)

 stage three with authentication

Stage one:

Step: create directories, need to create below directories

a. Create a directory to store docker image

b. create a certificate directory

c. Auth directory

Step :Run a docker registry container

Create a container without volume with below command

sudo  docker run -d -p 5000:5000 --name local-registry registry:2

below is screen shot

check in browser:




 tag the image, command to tag image

sudo docker tag centos:7 127.0.0.1:5000/centos:7

Step Push image and check the browser again

In ss centos is available, also in container it show as below 


Stage two

Step:  create a directory with the name of "docker-registry" then create two direcotries inside it 

certs  data

Step: then generate certificate inside certs directory

first generate CSR and KEY:

sudo openssl req -new -newkey rsa:4096 -nodes -keyout ab.example.com.key -out ab.example.com.csr

then generate PEM and self-sign with KEY:

sudo openssl x509 -req -sha256 -days 365 -in ab.example.com.csr -signkey ab.example.com.key -out ab.example.com.pem

After installing certificate  we have three file in cert directory

ab.example.com.csr  ab.example.com.key  ab.example.com.pem

Step: Then create a directory inside the /etc/docker/cert.d/

inside this directory create a directory with the name of "ab.example.com:443" I choose this name as my hostname you can choose as per required registry name

Step: Copy certificate inside this with ca.cert extension

Step: add entry in /etc/hosts file

Step: then stop the old running registry container and restart docker service

Step: create new one with secure registry, I have created with below script:

--------------


docker run -d \

  --restart=always \

  --name registry \

  -v ./data:/var/lib/registry \

  -v ./certs:/certs \

  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \

  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/ab.example.com.pem\

  -e REGISTRY_HTTP_TLS_KEY=/certs/ab.example.com.key \

  -p 443:443 \

  registry:2

-------------------------------

Step: then tag image with below command:

ab@ab:~/Desktop/ab_lvm/docker-registry$ sudo docker tag nginx:latest ab.example.com:443/nginx:latest

Step: then push the image

ab@ab:~/Desktop/ab_lvm/docker-registry$ sudo docker push ab.example.com:443/nginx:latest


image pushed successfully

I can check inside the container , as below 




Stage three

Comments

Post a Comment

Popular posts from this blog

-
Image
ELK Step by Step Guide  Following is detail of elk ,how we install,start  and run. and prepare report I install elk on Docker with following step: Step1 Check the status of docker:   Step2    I have created "docker" folder on my machine. Step3   I have created three folder in docker folder:   config    data  docker-compose.yml Step4 Then configure these folder with following is the step and data: we can change these configration with our requirement,  First Configure docker-compose.yml  version: "2.0" services:  elk:   image: sebp/elk:latest   ports:     - "5601:5601"     - "9200:9200"     - "5044:5044"     - "9300:9300"   volumes:         - "/home/keenable/docker/data:/tmp/in_data"         - "/home/keenable/...
Read more
-
Image
Postfix installation Step by step I have already posted on Zimbra mail service, now i am going to share  how to install and configure postfix mail server using devocot and squrell mail service, suggest you go into detail study of post fix and other mail server before going to install and use, and different mail protocol i will publish all these on my later edition.Here i  am  going to tell you some future of post fix mail server,and why we choose postfix. What is post fix? Postfix is an open-source Mail Transport Agent ( MTA ), which supports protocols like LDAP, SMTP AUTH (SASL), and TLS. Operating systems: Postfix runs on every Unix and Linux Operating syst em,It is the default MTA of Linux and Ubuntu  operating systems.To install Post fix first we need to uninstall default post fix. Architecture: Postfix consists of a combination of server programs that run in the background, and client pr...
Read more