Running a private registry for docker images

One adition I wanted on my setup was to be able to push the images I build on a private registry. This is useful now with my docker compose setup but I expect it will stay useful with Kubernetes.

Thankfully it’s quite easy to do, with a few caveats. There’s a registry image on docker hub, so that’s what I used in:

# docker-compose.yaml
services:
  registry:
    image: registry:3.0
    restart: unless-stopped
    ports:
      - "5000:5000"

As I said, there’s one caveat: docker will reject insecure (http) registries by default. So it’s required to update the docker daemon config (~/.docker/daemon.json or /etc/docker/daemon.json depending on your setup) to add our new registry in the list of allowed insecure registries:

{ "insecure-registries": ["<registry_ip>:5000"] }

After restarting the daemon, reading the docker info output should show it in the Insecure Registries section.

This needs to be done for each machine that will need to use that registry.

Using the registry

This is pretty straightforward. First you need to tag then push the images

docker tag myapp:v1 <registry_ip>:5000/myapp:v1
docker push <registry_ip>:5000/myapp:v1

to use them in a docker compose, you do it the same way

services:
    my-app:
        image: <registry_ip>:5000/myapp:v1
    <...>
    

Summary

Ideally, it would be great to also setup a domain name and ssl certificate to avoid dealing with the insecure aspect and the verbosity. In the meantime, it’s a quick way to have a private place to store images.