Setup a docker private registry with a web front-end

I wanted to set up a docker registry at home for images I build but which I do not want to be publicly available.  Running the default docker registry container was one solution.  But soon I found myself wishing there were a good front-end for it.

A quick search of both Docker Hub and the internet in general will yield several options to get that front-end.  I chose docker-registry-ui for mine.  It seemed to be a simple, easy-to-implement solution, and for the most part it was.  I will say that the author’s doc does not make some of the steps and choices clear, but most of the doc for this project was fine.  It’s FOSS, so no complaints here.

It utilizes docker-compose, so make sure you have that installed before you get moving.

Throughout this post, I reference the host running the containers as dockerhost.  Replace that with your host’s name, obviously.

Clone the repo

First I cloned the repo from https://github.com/Joxit/docker-registry-ui.

Make sure you read the examples to see which one best fits your scenario.  I suspect for most this will be the ui-as-standalone option.  I copied that subdirectory into a separate directory so that I could customize it and run docker-compose from there.  For example…

$ cp -r ui-as-standalone ~/docker/

Configure it

If you want to run without requiring authentication, you should edit simple.yml in the root of that subdirectory. There is a credentials.yml if you want to protect the instance by requiring usernames and passwords.

In my case, in simple.yml, I changed:

  • REGISTRY_URL: set it to the hostname and port of the machine running registry.
  • ports: I set my external port (the first number) to 8080. Set yours to what you want. Obviously, if you run other containers on this host, just make sure you’re not using the external port for one of those containers.
  • volumes: I added a volume entry that looks like this: ./registry-data:/var/lib/registry
    Also, since I had a previous registry running, I did a docker cp … to get the docker/ directory and all subfolders into the local directory .registry-data/.  That way the new container would already have my images pre-populated.  When the new registry container loads, it will already have that data.

My final config for docker-compose looks like this:

version: '2.0'
services:
  registry:
    image: registry:2.7
    ports:
      - 5000:5000
    volumes:
      - ./registry-data:/var/lib/registry
      - ./registry-config/simple.yml:/etc/docker/registry/config.yml

  ui:
    image: joxit/docker-registry-ui:latest
    ports:
      - 8080:80
    environment:
      - REGISTRY_TITLE=A docker registry
      - REGISTRY_URL=http://dockerhost.example.com:5000
      - SINGLE_REGISTRY=true
    depends_on:
      - registry

I also changed registry-config/simple.yml as follows:

  • Access-Control-Allow-Origin: [‘http://dockerhost:8080’]
    This allows you to access the instance from something other than localhost.

My final registry-config/simple.yml looks like this:

version: 0.1
log:
  fields:
    service: registry
  storage:
    delete:
      enabled: true
    cache:
      blobdescriptor: inmemory
    filesystem:
      rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['http://dockhost:8080']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization', 'Accept']
    Access-Control-Max-Age: [1728000]
    Access-Control-Allow-Credentials: [true]
    Access-Control-Expose-Headers: ['Docker-Content-Digest']

Run it

Once you’ve done that, it’s a simple step to run your containers:

$ docker-compose -f simple.yml up -d

Check it

Open a browser to http://dockerhost:8080 and see what you get.

Final notes

I did not play with setting up credentials.  It seems as simple as:

  • utilizing both files named credentials.yml rather than simple.yml
  • replacing the default credentials in registry-config/credentials.yml with your own, including a hashed password that you will have to generate

Overall this was a good fit for my needs.

You may also like...