Deploy and Run Secure Docker Registry

Max Kotliar
formapro
Published in
2 min readNov 12, 2018

--

This tutorial will guide you through the basic steps of deploying and running a secure Docker registry on Digitalocean.

Inherently, the registry uses insecure HTTP connections. Because of that, any docker daemon refuses to fetch images from such a registry unless you force it. Of course, a registry supports secure TLS connection but you have to cook certificates manually and don't forget to update them once they expire. This is far from to be desired, so let’s automate that with Traefik and Let’s Encrypt.

  1. Create a droplet on DigitalOcean (referral). The easiest way is to use “One click apps” called “Docker 18.06.1~ce~3 on 18.04”. Make sure you selected a droplet with enough space. CPU and Memory are less important. Also, make sure you added your SSH key, we will need it in a moment. I assume you named a droplet docker-registry .
  2. Don’t forget to set up a firewall to restrict access.
  3. Configure DSN server to map requests to your domain to a newly created droplet IP address. I assume your registry domain name is registry.foobar.com.
  4. Init Swarm cluster. Once the droplet is up and running, open terminal and ssh to it. Then run swarm init command:
$ ssh root@registry.foobar.com # or ssh root@your_droplet_ip
$ docker swarm init --advertise-addr=your_droplet_ip

5. Create a docker-compose file on a local computer:

6. Now, createtraefik.toml file in the same directory:

7. Create a deploy.sh script:

#!/usr/bin/env bash scp "docker-compose.yml" "root@registry.foobar.com:/docker-compose.yml"scp "traefik.toml" "root@registry.foobar.com:/traefik.toml"ssh "root@registry.foobar.com" "docker stack deploy --compose-file /docker-compose.yml foobar_registry"

Make the script executable:

chmod u+x deploy.sh

8. Deploy registry by running ./deploy.sh

9. Test it. Open link https://registry.foobar.com/v2/_catalog in a browser.

Now you could build and push your images to the registry:

docker build --tag "registry.foobar.com/foobar/app:latest" .
docker push "registry.foobar.com/foobar/app:latest"

The code could be found here.

--

--