Docker private Registry use self-signed certificates

Private registry adalah tempat penyimpanan image docker secara internal sehingga image tidak harus ditambahkan ke hub.docker.com

Disini saya punya 2 buah node

  • Node Docker Private Registry (10.150.150.50)
  • Node Docker biasa (10.150.150.10)

Node Private Registry

  • Install Docker
sudo apt update; sudo apt upgrade -y; sudo apt autoremove -y
sudo apt install -y docker.io; sudo docker version
sudo apt-get install apache2-utils
  • Buat Local Certficitae
cd /
mkdir certs
openssl req \
  -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
  -x509 -days 365 -out certs/domain.crt
Common Name (e.g. server FQDN or YOUR name) []:zu-registry

contoh disini nama domainnya adalah zu-registry.

  • Copy domain.crt ke semua node docker lain, termasuk node private registrynya juga.
scp certs/domain.crt btech@10.150.150.10:/home/btech/
scp certs/domain.crt btech@10.150.150.50:/home/btech/
  • Masukan domain tersebut ke docker certs pada semua node
sudo su
mkdir -p /etc/docker/certs.d/zu-registry:5000/
cp /home/btech/domain.crt /etc/docker/certs.d/zu-registry:5000/ca.crt
cp /home/btech/domain.crt /usr/local/share/ca-certificates/zu-registry.crt
update-ca-certificates
sudo systemctl restart docker
  • buat local registry folder
cd /
mkdir -p /data/registry
mkdir /auth
  • buat username dan password
docker run \
  --entrypoint htpasswd \
  registry:2 -Bbn zufar zufar > auth/htpasswd
  • jalankan registry
docker run -d \
  --restart=always \
  --name registry \
  -v /certs:/certs \
  --mount type=bind,src=/data/registry,dst=/var/lib/registry \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  -v `pwd`/auth:/auth \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
  -p 443:443 \
  registry:2
  • login ke docker private registry pada semua node
docker login --username zufar zu-registry:443
  • testing pull and push into local registry
docker pull httpd
docker tag httpd zu-registry:443/httpd:latest
docker push zu-registry:443/httpd:latest
docker rmi httpd zu-registry:443/httpd:latest
docker images
docker pull zu-registry:443/httpd:latest

Comments are closed.