Setup a Private Docker Registry in Rocky Linux 8

Learn how to set up a private Docker registry on Rocky Linux 8. This comprehensive guide covers installation, configuration, and security best practices to help you manage your Docker images efficiently. #centlinux #linux #docker

What is a Docker Registry?

A Docker registry is a centralized repository where Docker images are stored, managed, and distributed. It acts as a version control system for Docker images, allowing developers to push (upload) and pull (download) images to and from the registry. Here are the key components and functionalities of a Docker registry:

1. Storage of Images: A registry stores different versions of Docker images, which are essentially packaged applications or services that include everything needed to run them (code, runtime, libraries, environment variables, etc.).
2. Image Distribution: It enables the distribution of Docker images across different environments, such as development, testing, and production. Developers can pull images from the registry to run them on their local machines or other servers.
3. Version Control: The registry maintains different versions of images, allowing teams to track changes and roll back to previous versions if necessary.
4. Namespace and Tagging: Images in a registry are organized by namespaces (usually the username or organization name) and tags (specific versions or variants of an image), making it easy to manage and identify them.
5. Access Control and Security: A registry can be configured with access controls to ensure that only authorized users can push or pull images. It can also be secured with TLS/SSL to encrypt communications.
6. Automation and CI/CD Integration: Registries integrate with Continuous Integration and Continuous Deployment (CI/CD) pipelines, facilitating automated testing and deployment of Docker images.

The most commonly used public Docker registry is Docker Hub, which provides a large collection of publicly available images. However, organizations often set up private Docker registries to have more control over their images, improve security, and reduce dependency on external services.

What is Private Docker Registry?

Docker creates containers from Docker images. These images are provided by Docker Hub, a centralized public registry that contains various official and unofficial images of almost every software in the world. However, there are situations, when you require an on-premises Docker Private Registry to create and share custom docker images amongst your organizational units.

Docker Private Registry has a few advantages over Docker Hub, some of them are:

• Since, the Docker Registry is located on premises, therefore it increases availability and speed.
• Organization’s private images are kept within the Organization.
• Provides user authentication to restrict unauthorized access.
• Provides SSL based encryption for better security.

Recommended Training: Docker Mastery: with Kubernetes +Swarm from a Docker Captain

Environment Specification

We are using a minimal Rocky Linux 8 virtual machine with following specifications.

• CPU – 3.4 Ghz (2 cores)
• Memory – 2 GB
• Storage – 20 GB
• Operating System – Rocky Linux 8.6 (Green Obsidian)
• Hostname – docker-01.centlinux.com
• IP Address – 192.168.116.128 /24

Updating Linux Software Packages

For this setup, we will be using the same Linux-based Docker server that was configured in our previous installation guide. This server is already set up with the necessary Docker runtime environment and dependencies, making it the ideal foundation for configuring a private Docker registry.

To begin, establish a connection to your server. Using an SSH client, connect to your Docker server, docker-01.centlinux.com, as the root user. Ensure you have the appropriate credentials and permissions for administrative access.

Once connected, it’s crucial to refresh the YUM cache on your Linux server to ensure access to the latest package metadata. This step guarantees that any updates or changes to the repository are reflected, allowing for smooth package installation during the setup process. By keeping your cache updated, you reduce the chances of encountering issues with outdated repository data during installation.

# dnf makecache
Rocky Linux 8 - AppStream                       1.9 kB/s | 4.8 kB     00:02
Rocky Linux 8 - BaseOS                          1.0 kB/s | 4.3 kB     00:04
Rocky Linux 8 - Extras                          974  B/s | 3.5 kB     00:03
Rocky Linux 8 - Extras                          2.7 kB/s |  11 kB     00:03
Docker CE Stable - x86_64                       5.0 kB/s | 3.5 kB     00:00
Metadata cache created.

Execute following command to update Linux software packages.

# dnf update -y

To ensure compatibility and proper functionality of the private Docker registry setup, it is essential to verify the Linux kernel version and operating system details of your server. These details provide crucial insights into your system’s capabilities, installed features, and compatibility with the required software components.

By checking the kernel version, you can determine if your system is running a modern and supported version of the Linux kernel, which is critical for the stability and performance of Docker and related services. Similarly, knowing the exact operating system version helps identify whether your server has the necessary dependencies and supports the packages required for this configuration.

It’s a good practice to document these details for future reference, especially when troubleshooting issues or performing upgrades. This step ensures that your setup aligns with the system requirements of Docker and the private registry tools. Always ensure you are running an up-to-date and stable version of your operating system to maintain optimal security and performance.

# uname -r
4.18.0-372.13.1.el8_6.x86_64

# cat /etc/system-release
Rocky Linux release 8.6 (Green Obsidian)

Check the version of Docker that is being used in this article.

# docker version
Client: Docker Engine - Community
 Version:           20.10.17
 API version:       1.41
 Go version:        go1.17.11
 Git commit:        100c701
 Built:             Mon Jun  6 23:03:11 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.17
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.11
  Git commit:       a89b842
  Built:            Mon Jun  6 23:01:29 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.6
  GitCommit:        10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
 runc:
  Version:          1.1.2
  GitCommit:        v1.1.2-0-ga916309
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Read Also: 14 Basic Podman Commands for Beginners

Setup Private Docker Registry on Rocky Linux 8

List the locally available Docker images in your server.

# docker images
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE

Docker Hub offers a prebuilt image for the Docker Registry, making it easy to set up and manage your self-hosted container registry. The Docker Registry is an open-source server-side application that enables you to store and distribute Docker images within your private network. This is especially beneficial for organizations or individuals looking to maintain control over their images, enhance security, or reduce reliance on public repositories.

To get started, you need to download the official Docker Registry image from Docker Hub. This image provides a reliable and efficient way to host your own registry without the need to build the software from scratch. Once you have the image, you can use it to create and configure a private Docker registry tailored to your specific needs.

Pulling the registry image from Docker Hub ensures you’re using a trusted, up-to-date version of the software. This approach streamlines the setup process, minimizes potential compatibility issues, and provides access to a robust set of features for managing container images.

# docker pull registry
Using default tag: latest
latest: Pulling from library/registry
2408cc74d12b: Pull complete
ea60b727a1ce: Pull complete
c87369050336: Pull complete
e69d20d3dd20: Pull complete
fc30d7061437: Pull complete
Digest: sha256:bedef0f1d248508fe0a16d2cacea1d2e68e899b2220e2258f1b604e1f327d475
Status: Downloaded newer image for registry:latest
docker.io/library/registry:latest

Create a directory to use as a consistent storage for Docker Containers.

# mkdir -p /opt/docker/containers/docker-registry/registry

Start the Docker Container with following command.

# docker run -d 
> --name docker-registry 
> --restart=always 
> -p 5000:5000 
> -v /opt/docker/containers/docker-registry/registry:/var/lib/registry 
> registry
826777fa276a49f117e0b6300b036bc3f84ae5aa0a27e124a5a4a20c0c13b3e0

The Docker Registry container operates on port 5000/tcp by default, and its service port is mapped to the same port (5000/tcp) on the Docker host machine. This setup allows external clients and machines on the network to access the private registry through the Docker host’s IP address.

To enable seamless communication with the Docker Registry from other machines in your network, you need to configure the Linux firewall to allow traffic on port 5000/tcp. Without this adjustment, any attempts to interact with the private registry will be blocked by the default firewall rules, preventing access to your hosted container images.

By allowing this service port in the Linux firewall, you ensure that developers, CI/CD pipelines, or other services can securely pull and push images to your private Docker Registry. This configuration is crucial for establishing an accessible and functional private registry, fostering collaboration and efficient image management across your infrastructure.

# firewall-cmd --permanent --add-port=5000/tcp
success
# firewall-cmd --reload
success

Now, pull an image from Docker Hub. 

We prefer to pull Alpine Linux image, because it is smaller in size.

# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
2408cc74d12b: Already exists
Digest: sha256:686d8c9dfa6f3ccfc8230bc3178d23f84eeaf7e457f36f271ab1acc53015037c
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest

Now, tag the alpine image as follows, and make it ready to add into your Docker Private Registry.

# docker tag alpine:latest localhost:5000/alpine

Push the Alpine Linux image into Docker Local Registry.

# docker push localhost:5000/alpine
The push refers to repository [localhost:5000/alpine]
2408cc74d12b: Pushed
latest: digest: sha256:686d8c9dfa6f3ccfc8230bc3178d23f84eeaf7e457f36f271ab1acc53015037c size: 527

Get the list the locally available images of Alpine Linux.

# docker images | grep alpine
alpine                  latest    e66264b98777   5 weeks ago   5.53MB
localhost:5000/alpine   latest    e66264b98777   5 weeks ago   5.53MB

Upon reviewing the available Docker images, you will notice that one image has been pulled directly from Docker Hub, the centralized and widely-used repository for container images. In contrast, the other image resides within your self-hosted Docker Private Registry.

This distinction highlights the flexibility and control offered by a private registry. While Docker Hub is ideal for accessing publicly shared images, a private registry ensures that your proprietary or sensitive container images remain secure and exclusively accessible within your organization or specific network. By maintaining both sources, you can seamlessly integrate public and private images into your workflow, optimizing efficiency and maintaining robust security practices. This setup also allows you to easily test, deploy, and manage your containerized applications with greater reliability and control.

Read Also: How to run Docker in Docker (DinD) Container

Final Thoughts

Setting up a private Docker registry on Rocky Linux 8 is an essential step toward managing your container images securely and efficiently. By following this guide, you’ve successfully installed and configured your private registry, added SSL encryption for secure communication, and set up authentication to control access. This ensures that your Docker environment is well-organized, secure, and tailored to your organization’s needs.

With a private registry, you can store and distribute container images internally, reducing dependency on public registries and increasing control over your deployments. Regularly update your registry, implement access control policies, and monitor usage to maintain optimal performance and security. Your private Docker registry is now ready to support streamlined container workflows and enhance your infrastructure’s reliability.

Need expert AWS and Linux system administration? From cloud architecture to server optimization, I provide reliable and efficient solutions tailored to your needs. Hire me on Fiverr today!