This is an example docker-compose.yaml file that shows how you can run your own internal registry
to create your own private, secure registry with automatic SSL certificates courtesy of Let's Encrypt
with TLS termination on Nginx level.
As a previous note, you should know that the Docker registry has a non-persistent storage for the
images pushed to it, which means that on the next docker-compose up -d where your configuration changed,
you'll loose the images you pushed before. It's possible to make it persistent by adding a volume mounted
to the filesystem by editing the volumes section under the registry:2 definition and adding a line like:
- ./registry/images:/var/lib/registry
Which will store the images inside the registry folder under images. Other alternatives more performant
are available in the Docker documentation.
There are a couple of steps you need to follow through. First, create a htpasswd file with the user
and password you want to use for your registry. You can use the htpasswd command by itself if you
know how, or you can use the Docker provided alternative:
docker run --entrypoint htpasswd registry:2 -Bbn myuser mypassword > registry/auth/htpasswd
Change myuser for the username you want to set on your registry, and mypassword to the expected
password. The resulting file will be in your current directory, called htpasswd. Make sure the file
is at registry/auth/htpasswd (which means you should already have a clone of this repo, since that
folder exists here).
The second thing is, you will have to decide on a domain name you want to use with your registry and
all your other apps from the Docker Compose file. You can create registry.example.com by simply creating
an A or AAAA DNS record pointing to the IP of the machine that hosts your docker-compose stack.
Wildcard A / AAAA records can also be used so you can point *.apps.example.com besides the registry
domain to get a way to route additional services using the same Docker Compose stack.
By default, the Nginx proxy in this Docker Compose doesn't support the Registry out of the box. Initially
you might want to increase the body size and allow chunks via HTTP requests, to do so, create a file
named registry.example.com_location under domains/vhost.d changing, of course, the hostname in the
file name mentioned before, but leaving the _location part intact. The file should contain the following
instructions:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
client_max_body_size 0;
chunked_transfer_encoding on;
And lastly, edit the docker-compose.yml file to match the hostname of your registry and / or add new
containers to the stack.
Have fun!