Difficulty: Intermediate
Estimated Time: 10-15 minutes

In this scenario, we'll cover how to launch a private Docker Registry with TLS via SSL.

A private Registry enables you to distribute Docker Images without being dependent on external providers or the public cloud. This allows you to increase security and confidence of your image sources and versioning.

You've successfully deployed our Registry. In this example our registry had the domain registry.test.training.katacoda.com:5000.

Steps for production

  • Define a domain for your registry. You need to own the domain and point the DNS to the host running your registry container.

  • Obtain SSL certificate . Letsencrypt.org offers free HTTPS SSL certificates which are ideal for use with Docker Registry and benhall/nginx-registry-proxy

More details at https://docs.docker.com/registry/deploying/

Launch Private Registry with SSL

Step 1 of 5

Step 1 - Starting Registry

The Registry is deployed as a container and accessible via port 5000. Docker clients will use this domain to access the registry and push/pull images. By specifying a domain, a client can access multiple registries.

In this example our Docker registry is located at registry.test.training.katacoda.com.

docker run -d -p 5000:5000 \
    -v /root/certs:/certs \
    -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.test.training.katacoda.com.crt \
    -e REGISTRY_HTTP_TLS_KEY=/certs/registry.test.training.katacoda.com.key \
    -v /opt/registry/data:/var/lib/registry \
    --name registry registry:2

Mounting the volume /var/lib/registry is important. This is where the Registry will store all of the pushed images. Mounting the directory will allow you to restart and upgrade the container in future.