Docker Private Registry with TLS and Basic AUTH

by Anish

Posted on Monday July 29th 2019


Certs Location

mkdir -p /opt/certs
cd /opt/certs/

Generate the Certificate

quick self-signed certificate generate the key/certificate pair, then sign it, all with one openssl line

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt

Docker Data Location : This is where all docker registry Data will be stored

mkdir -p /opt/data

BASIC AUTH Config: This is where the basic auth realm will be stored

mkdir -p /opt/auth

BASIC AUTH Config File

cd /opt
docker run --entrypoint htpasswd   registry:2 -Bbn dockerreg dockerreg > auth/htpasswd

Deploying the Private Docker registry with SSL and basic AUTH

The Registry is deployed as a container accessible via port 5000. Docker clients will use this domain to access the registry and push/pull images. By specifying a domain, a client can access multiple registries.

In this example our Docker registry is located at DNS localhost

docker run -d \
 -p 5000:5000 \
 --restart=always \
 --name registry \
 -v /opt/auth:/auth \
 -e "REGISTRY_AUTH=htpasswd" \
 -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
 -v /opt/certs:/certs \
 -v /opt/data:/var/lib/registry \
 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.crt \
 -e REGISTRY_HTTP_TLS_KEY=/certs/server.key \

Testing the registry Authentication

curl -kiv -H "Authorization: Basic $(echo -n "dockerreg:dockerreg" | base64)" https://localhost:5000/v2/

Testing the private docker registry

First Login to your private repository

docker login localhost:5000


docker pull nginx:latest
docker tag nginx:latest localhost:5000/nginx:latest
docker push localhost:5000/nginx:latest

remove images so they need to be pulled again

docker rmi nginx localhost:5000/nginx

Now pull from the Local repository

docker pull localhost:5000/nginx

Setting up registry with docker compose

  restart: always
  image: registry:2
    - 5000:5000
    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.crt
    REGISTRY_HTTP_TLS_KEY: /certs/server.key
    REGISTRY_AUTH: htpasswd
    - /opt/data:/var/lib/registry
    - /opt/certs:/certs
    - /opt/auth:/auth

Start your registry by issuing the following command in the directory containing the docker-compose.yml file:

docker-compose up -d

Video Demo

Next Reading : How to Monitoring All Executed Commands in Linux

Thanku for reading !!! Give a Share for Support

Asking for donation sound bad to me, so i'm raising fund from by offering all my Nine book for just $9

python Cryptography Topics
For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price

Kubernetes for DevOps

Hello Dockerfile

Cryptography for Python Developers

Cryptography for JavaScript Developers

Go lang ryptography for Developers