Creating your own private Docker Registry

So I’ve been messing around with Docker containers a bit lately and rather than uploading my images to the docker public registry which makes my images public so i have to be careful about what i put in them. It is also slow depending upon your internet link. So instead i wanted to see what was involved in setting up a private docker registry on my local network.

And it turns out, theres an app for that! Or a Docker container atleast!

Funnily enough its called Registry and to get started all you have to do is install Docker on your machine that is going to be your private registry and then run this command

docker run --restart=on-failure:10 -d -p 5000:5000 -e standalone=True -e disable_token_auth=True -v /docker_repo:/tmp/registry --name rego registry

Let me explain those switches:


This will cause the Docker service on the host to attempt to restart this container up to 10 times should the container exit, this could exit because of a reboot, or an error that shuts down the container. This way your container will automatically start up at boot so you do not have to do a docker start container-name command after rebooting

-d -p 5000:5000

The -d means daemon mode, that is run it in the background not in interactive mode

The -p 5000:5000 means map port 5000 on the host to port 5000 in the docker container

-e standalone=True -e disable_token_auth=True

Here we are setting two environmental variables, standalone and disable_token_auth

For more info on these environment variables look at the project’s github here

-v /docker_repo:/tmp/registry

This should be pretty simple, we are mapping a volume from the host at /docker_repo into /tmp/registry on the docker container, so now all the docker images that we push to our private registry are stored into a folder at /docker_repo on the host rather than in the container so that they are not lost when the container is shutdown

--name rego registry

This one is also again pretty simple, we are going to name our container “rego” and the name of the docker image we want to pull down from the public docker registry is “registry”

The Docker image should start to download and then once it has started we should now be able to tag our images so that they know where they should go and then we can push them to our private registry

Lets say we have the busybox image installed:

~]# docker images
REPOSITORY                          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
busybox                             latest              e72ac664f4f0        7 weeks ago         2.433 MB

What we want to do is now tag this image with the location of our private registry and then push the image up to that registry

We can do that with the tag command

docker tag busybox:latest docker-registry.test.internal:5000/busybox

Now if we run docker images again

~]# docker images
REPOSITORY                                       TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
busybox                                          latest              e72ac664f4f0        7 weeks ago         2.433 MB
docker-registry.test.internal:5000/busybox       latest              e72ac664f4f0        7 weeks ago         2.433 MB

Note that the image ID is the same, this is because we have simply tagged the image, we haven’t duplicated it at all.

Now to push that new tagged image to our private repo we simply run

docker push docker-registry.test.internal:5000/busybox

And it should push it up to our private registry.

~]# docker push docker-registry.test.internal:5000/busybox
The push refers to a repository [docker-registry.test.internal:5000/busybox] (len: 1)
Sending image list
Pushing repository docker-registry.test.internal:5000/busybox (1 tags)
Image 511136ea3c5a already pushed, skipping
df7546f9f060: Image successfully pushed 
e433a6c5b276: Image successfully pushed 
e72ac664f4f0: Image successfully pushed 
5b7b41b194e6: Image successfully pushed 
180c0f5db6f7: Image successfully pushed 
334e58e83540: Image successfully pushed 
8502f08c9abd: Image successfully pushed 
d1feb6d21dc6: Image successfully pushed 
Pushing tag for rev [d1feb6d21dc6] on {http://docker-registry.test.internal:5000/v1/repositories/busybox/tags/latest}

Note that as of Docker 1.3, you must add an option to your Docker config file to enable insecure registries

On my host which is CentOS the docker config file lives in /etc/sysconfig/dockerfile

# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS=--insecure-registry docker-registry.test.internal:5000 -H fd://

#--selinux-enabled -H fd://

Here i have commented out the --selinux-enabled option as i have disabled selinux on my host anyway.
the --insecure-registry  option then just has my registry hostname and port number
once this has been added restart the docker service and you should be able to push your images to your private registry


Note: I have had trouble getting docker registry to work using the domain name when tagging images, i can’t find much evidence of others with this problem so its probably just my environment. However if you try to tag an image with the domain name and then try to push it and you simply can a quick response with the date and

then try tagging the image with the IP address of the host instead of the domain name.
Remembering what images are stored on this private docker registry is now starting to be an issue, but theres a container for that!

Will create a new post about that later..

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s