• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Create own trusted Docker registry server
#1
netPI pulls images from trusted Docker registry servers only. Trusted servers provide a trusted certificate from an official Certificate Authority (CA) to rely on its digital signature. The most popular trusted Docker registry is Docker hub. But you can run trusted Docker registry servers yourself on-premise as well. We show you how.

Here is how you set up your own trusted Docker registry server with help of an official Certificate Authority such as Let's Encypt.
  • First you need a domain name (hostname) of your server. Get one from noip for example. Let's suppose you got a name mydockerregistry.ddns.net.
  • As next configure DynDNS service on your Internet Router as described here so that your router is reachable through your domain name over the internet.
  • Then set up a physical server. Run Linux on it for quick results. Ubuntu will do it.
  • Configure your Internet Router to forward the TCP ports 80 and 443 to the server. Port 80 is needed to demonstrate control over the domain during one time certification process. Port 443 is needed to run the Docker registry across.
  • For an automated certificate issuance you need a web server installed on your server. For quick results we recommend Nginx. To install it simply call sudo apt-get install nginx.
  • Additionally install CertBot, a software that is automatically requesting a certificate from Let's encrypt for your domain. On the web site select as software Nginx and as system Ubuntu and it will be providing you an installation instruction. Execute the proposed commands on your server.
  • During the procedure you will be asked for the domain name you want the certificate for. Enter your domain name mydockerregistry.ddns.net(our example) at this stage.
  • The certificates and keys will be genrated and stored on your server in the folder /etc/letsencrypt/live/mydockerregistry.ddns.net/. Port 80 forwarding on your Internet Router is no longer needed.
  • Now install Docker on your server as described here
  • The certificates and keys need a renaming and a merge so that the Docker registry can use them. Call
    cd /etc/letsencrypt/live/mydockerregistry.ddns.net/cp privkey.pem domain.keycat cert.pem chain.pem > domain.crtchmod 777 domain.crtchmod 777 domain.key
  • Finally run the Docker registry with the following docker command
    $ docker run -d \  --restart=always --name registry \  -v /etc/letsencrypt/live/mydockerregistry.ddns.net:/certs \  -v /opt/docker-registry:/var/lib/registry \  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \  -p 443:443 \  registry:2
  • Now you are able to acess your Docker registry over mydockerregistry.ddns.net. e.g. call the command docker pull mydockerregistry.ddns.net/myimage for example to pull an image named myimage across the internet.
If you want to turn your Docker registry server into a local server you should close all forwarded ports in your Internet Router first and then add the hostname to your server's files /etc/hosts and /etc/hostnames e.g. 127.0.0.1 mydockerregistry.ddns.net(our example). Then run a local DNS server in your network translating the hostname to the local IP address of your server and that's it. All access to mydockerregistry.ddns.net are running now locally.
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  https certificate issues in new nodered docker image Dipro 1 1,963 May-4th-2022, 05:46 AM
Last Post: Armin@netPI
  Portainer Stack fails to pull from private Registry Andi 5 6,362 February-16th-2022, 09:03 AM
Last Post: Armin@netPI
  netPI opc ua server pull image error wswitula 3 3,464 August-27th-2021, 10:47 AM
Last Post: wswitula
  OPC UA server with NetPi RTE DSongra 9 4,967 July-27th-2021, 12:01 PM
Last Post: Armin@netPI
  REST API server data communication MGharat 2 2,751 July-21st-2021, 07:01 AM
Last Post: MGharat
  Docker exposed port don't send data on eth0 COswald 3 3,504 July-15th-2021, 02:10 PM
Last Post: Armin@netPI
  Docker not enabled tad 10 5,546 July-14th-2021, 08:54 AM
Last Post: Armin@netPI
  [SOLVED]DHCP server not working m-yoshikawa 24 15,556 June-11th-2021, 07:04 AM
Last Post: tad
  Docker amd64 instead of arm biancode 3 3,388 January-17th-2021, 09:40 PM
Last Post: Armin@netPI
  docker.service start failed EUROKEY 13 10,248 January-17th-2021, 07:52 PM
Last Post: Armin@netPI

Forum Jump:


Users browsing this thread: 1 Guest(s)