Difficulty: Intermediate
Estimated Time: 10-15 minutes

In this scenario, we'll cover how to launch a private Docker Registry with TLS via SSL.

A private Registry enables you to distribute Docker Images without being dependent on external providers or the public cloud. This allows you to increase security and confidence of your image sources and versioning.

You've successfully deployed our Registry. In this example our registry had the domain registry.test.training.katacoda.com.

Steps for production

  • Define a domain for your registry. You need to own the domain and point the DNS to the host running your registry container.

  • Obtain SSL certificate . Letsencrypt.org offers free HTTPS SSL certificates which are ideal for use with Docker Registry and benhall/nginx-registry-proxy

More details at https://docs.docker.com/registry/deploying/

Don’t stop now! The next scenario will only take about 10 minutes to complete.

Launch Private Registry with SSL

Step 1 of 6

Step 1 - Starting Registry

The Registry is deployed as a container and accessible via port 5000. We define an environment variable called _VIRTUALHOST of the domain for our registry. Docker clients will use this domain to access the registry and push/pull images. By specifying a domain, a client can access multiple registries.

In this example our Docker registry is located at registry.test.training.katacoda.com. We'll use a proxy to map requests to our domain on port 80 to the Registry container running on port 5000.

docker run -d -e \ VIRTUAL_HOST=registry.test.training.katacoda.com \ -v /opt/registry/data:/var/lib/registry \ --name registry registry:2

Mounting the volume /var/lib/registry is important. This is where the Registry will store all of the pushed images. Mounting the directory will allow you to restart and upgrade the container in future.