I will share how to create an Private Docker Registry with Nexus3.x.
It built on Nexus, and provides GUI environment
I tried to write a lot of screenshots.
Demo Environment
- Ubuntu 18.04
- Docker version 18.09.1
- Docker requires at least > v1.8
- Nexus 3.20.1
Install Nexus3 and create Private Docker Registry
Nexus ip is 182.252.133.70.
$ ssh root@182.252.133.70
1) Create Host <-> Nexus container permanent volume
$ mkdir /nexus-data
2) Create Nexus container
$ docker run --name nexus -d -p 5000:5000 -p 8081:8081 -v /nexus-data:/nexus-data -u root sonatype/nexus3
3) Connect to Nexus web http://182.252.133.70:8081
First time, login admin account is required.
admin password find /nexus-data/admin.password
$ cat /nexus-data/admin.password
6f471aea-1d52-4e4b-9988-1714e9bf849d # admin's password
Enter a new admin password.
4) Create docker-hosted and docker-proxy Blob on Nexus
Gear > Repository > Blob Stores > Create blob store
You need to create docker-hosted and docker-hub.
Name : docker-hosted
Name : docker-hub
5) Create docker-hosted and docker-proxy Repository on Nexus
Gear > Repository > Repositories > Create repository
You need to create docker-hosted and docker-hub.
Select docker (hosted)
- Name : docker-hosted
- Check HTTP and input 5000
- Check Enable Docker V1 API
- Select Blob store docker-hosted
Select docker (proxy)
- Name : docker-hub
- Check Enable Docker V1 API
- Input https://registry-1.docker.io in Remote storage
- Select Use Docker Hub
6) Set Realms on Nexus
Gear > Realms > Move Docker Bearer Token Realm to active > Save
7) Set docker command http enabled (v1)
Create file /etc/docker/daemon.json
✔️ If the file does not exist, you must create it.
$ cat /etc/docker/daemon.json
{
"insecure-registries" : ["182.252.133.70:5000"]
}
Restart docker daemon
$ service docker restart
Restart Nexus container
$ docker restart nexus
Push image from external client to Private Docker Registry
Client ip is 182.252.133.71.
$ ssh root@182.252.133.71
1) Set docker command http enabled (v1)
Create file /etc/docker/daemon.json
✔️ If the file does not exist, you must create it.
💥 All clients must be setting.
$ cat /etc/docker/daemon.json
{
"insecure-registries" : ["182.252.133.70:5000"]
}
Restart docker daemon
$ service docker restart
2) Login Private Docker Registry
$ docker login 182.252.133.70:5000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
3) docker pull and push Private Docker Registry
docker pull busybox image (from https://hub.docker.com/_/busybox)
$ docker pull busybox # docker pull from hub.docker.com
bdbbaa22dec6: Pull complete
Digest: sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
Check busybox image
$ docker images -a
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 6d5fcfe5ff17 5 weeks ago 1.22MB
tag
$ docker tag 6d5fcfe5ff17 182.252.133.70:5000/busybox:v20200205
push Private Docker Registry
$ docker push 182.252.133.70:5000/busybox:v20200205
The push refers to repository [182.252.133.70:5000/busybox]
195be5f8be1d: Pushed
v20200205: digest: sha256:edafc0a0fb057813850d1ba44014914ca02d671ae247107ca70c94db686e7de6 size: 527
Check image in Private Docker Registry
1) Connect to Nexus web http://182.252.133.70:8081
Browse > docker-hosted
tag
Pull in Private Docker Registry
$ docker pull 182.252.133.70:5000/busybox:v20200205
bdbbaa22dec6: Pull complete
Digest: sha256:edafc0a0fb057813850d1ba44014914ca02d671ae247107ca70c94db686e7de6
Status: Downloaded newer image for 182.252.133.70:5000/busybox:v20200205
182.252.133.70:5000/busybox:v20200205
$ docker images -a
REPOSITORY TAG IMAGE ID CREATED SIZE
182.252.133.70:5000/busybox v20200205 6d5fcfe5ff17 5 weeks ago 1.22MB
More to do
443 port, need adding SSL
SSL should be applied.
After that, creating file /etc/docker/daemon.json can be omiited.
💡 I'll write this next posting.