root@deb-VirtualBox:~# mkdir certs root@deb-VirtualBox:~# mkdir auth
169.254.156.101 myregistrydomain.com
root@deb-VirtualBox:~# mkdir -p /etc/docker/certs.d/myregistrydoman.com:5000
root@deb-VirtualBox:~/certs# apt-get install openssl Reading package lists... Done Building dependency tree Reading state information... Done openssl is already the newest version (1.0.2g-1ubuntu13.5). 0 upgraded, 0 newly installed, 0 to remove and 113 not upgraded.
root@deb-VirtualBox:~/certs# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /root/certs/dockerrepo.key -x509 -days 365 -out /root/certs/dockerrepo.crt -subj /CN=myregistrydomain.com Generating a 4096 bit RSA private key ................................................................................................................................................................++ .....................................................................................................................................................................................................++ writing new private key to '/root/certs/dockerrepo.key' root@deb-VirtualBox:~/certs# cd /etc/docker/certs.d/myregistrydoman.com:5000 root@deb-VirtualBox:/etc/docker/certs.d/myregistrydoman.com:5000# cp /root/certs/dockerrepo.crt ca.crt root@deb-VirtualBox:/etc/docker/certs.d/myregistrydoman.com:5000# docker pull registry:2 2: Pulling from library/registry 81033e7c1d6a: Pull complete b235084c2315: Pull complete c692f3a6894b: Pull complete ba2177f3a70e: Pull complete a8d793620947: Pull complete Digest: sha256:672d519d7fd7bbc7a448d17956ebeefe225d5eb27509d8dc5ce67ecb4a0bce54 Status: Downloaded newer image for registry:2
cd /root root@deb-VirtualBox:~# docker run --entrypoint htpasswd registry:2 -Bbn test password > auth/htpasswd
root@deb-VirtualBox:~# docker run -d -p 5000:5000 -v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dockerrepo.crt -e REGISTRY_HTTP_TLS_KEY=/certs/dockerrepo.key -v `pwd`/auth:/auth -e REGISTRY_AUTH=htpasswd -e REGISTRY_AUTH_HTPASSWD_RELM="Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2 0d007ea4f85da395b2de25b6a6c5c1178c06e4df8cf859bf5ef5808b655c30a2
root@deb-VirtualBox:~# docker pull busybox Using default tag: latest latest: Pulling from library/busybox f70adabe43c0: Pull complete Digest: sha256:58ac43b2cc92c687a32c8be6278e50a063579655fe3090125dcb2af0ff9e1a64 Status: Downloaded newer image for busybox:latest
root@deb-VirtualBox:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mywebserver latest 1d666b38b200 2 days ago 330MB
mywebserver v1 d749c49988b5 2 days ago 330MB
mywebserver1 v1 a23dab42b0ee 2 days ago 321MB
optimized v1 dd055168eb91 2 days ago 301MB
customimage v1 9528f83769a3 2 days ago 301MB
hello-world latest e38bc07ac18e 3 weeks ago 1.85kB
centos 6 70b5d81549ec 3 weeks ago 195MB
centos latest e934aafc2206 3 weeks ago 199MB
busybox latest 8ac48589692a 4 weeks ago 1.15MB
registry 2 d1fd7d86a825 3 months ago 33.3MB
root@deb-VirtualBox:~# docker tag busybox myregistrydomain.com:5000/my-busybox root@deb-VirtualBox:~# docker push myregistrydomain.com:5000/my-busybox root@deb-VirtualBox:~# docker login myregistrydomain.com:5000/my-busybox Username: test Password:
Now let me test how we can push the private docker image in another host
root@deb-VirtualBox2:~# cd /etc/docker root@deb-VirtualBox2:~# mkdir certs.d root@deb-VirtualBox2:~# cd /etc/docker/certs.d root@deb-VirtualBox2:~# mkdir myregistrydomain.com\:5000/ root@deb-VirtualBox2:~# chown root:root ca.crt
root@deb-VirtualBox2:~# docker login myregistrydomain.com:5000 root@deb-VirtualBox2:~# docker pull myregistrydomain.com:5000/my-busybox