In this scenario, we'll cover how to launch a private Docker Registry with TLS via SSL.
A private Registry enables you to distribute Docker Images without being dependent on external providers or the public cloud. This allows you to increase security and confidence of your image sources and versioning.
You've successfully deployed our Registry. In this example our registry had the domain registry.test.training.katacoda.com:5000.
Steps for production
Define a domain for your registry. You need to own the domain and point the DNS to the host running your registry container.
Obtain SSL certificate . Letsencrypt.org offers free HTTPS SSL certificates which are ideal for use with Docker Registry and benhall/nginx-registry-proxy
More details at https://docs.docker.com/registry/deploying/
Launch Private Registry with SSL
Step 1 - Starting Registry
The Registry is deployed as a container and accessible via port 5000. Docker clients will use this domain to access the registry and push/pull images. By specifying a domain, a client can access multiple registries.
In this example our Docker registry is located at registry.test.training.katacoda.com.
docker run -d -p 5000:5000 \ -v /root/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.test.training.katacoda.com.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/registry.test.training.katacoda.com.key \ -v /opt/registry/data:/var/lib/registry \ --name registry registry:2
Mounting the volume /var/lib/registry is important. This is where the Registry will store all of the pushed images. Mounting the directory will allow you to restart and upgrade the container in future.