This guide shows how to create a private image registry.
In this example we will be setting it up on an Ec2 instance with ubuntu. And we will add a domain certificate, for TLS.
The public ip of your instance needs to be resolvable with a domain name.
So, for this demo we have used a free subdomain in https://www.noip.com/members/dns/
Configure the server.
Install apache2
sudo apt install apache2
Install docker
sudo apt install docker.io sudo groupadd docker sudo usermod -aG docker ${USER}
Relogin
Install certbot.
sudo snap install core sudo snap install --classic certbot
Before you continue, wait until the domain is resolvable. It usually takes a couple of minutes.
Generate domain certs with Certbot.
sudo certbot certonly --apache
you will be prompted for domain name and email.
rename the generated keys, create the domain cert and cp them over
sudo su cd /etc/letsencrypt/live/domain-you-used-in-prompt/ cp privkey.pem domain.key cat cert.pem chain.pem > domain.crt chmod 777 domain.crt chmod 777 domain.key
cp the domain.crt and domain.key to ubuntu user $HOME.
and create a dir named certs which will be mounted later
mkdir ~ubuntu/certs cp domain.crt ~ubuntu/certs/ cp domain.key ~ubuntu/certs/ exit
Run the registry as a container.
docker run -d -p 443:5000 --restart=always --name alexregistry \ -v "$(pwd)"/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ registry:2
Test with curl or your browser.
curl --request GET --url https://<your-domain>:443/v2/_catalog --header 'content-type: application/json'
Seed your docker registry
Follow the dkp guide on how to seed your docker registry with images.
https://docs.d2iq.com/dkp/2.3/pre-provisioned-prerequisites-air-gapped