How to Setup Docker Private Registry on CentOS 7.x / RHEL 7.x

10 Responses

  1. Anders Jackson says:

    Good article, and it is posible to move this to Ubuntu, by using ufw(8) instead of firewall-cmd(8).

    But how do we secure the repository? Shouldn’t it be using https instead of http?

  2. James Yu says:

    Hi, I just followed through your post and found out the –insecure-registry setting does not work, maybe a hand?
    The setting is as follows:
    # cat /usr/lib/systemd/system/docker.service
    [Unit]
    Description=Docker Application Container Engine
    Documentation=https://docs.docker.com
    After=network-online.target firewalld.service
    Wants=network-online.target

    [Service]
    Type=notify
    # the default is not to use systemd for cgroups because the delegate issues still
    # exists and systemd currently does not support the cgroup feature set required
    # for containers run by docker
    ExecStart=/usr/bin/dockerd –-insecure-registry boot-node:5000
    ExecReload=/bin/kill -s HUP $MAINPID
    # Having non-zero Limit*s causes performance problems due to accounting overhead
    # in the kernel. We recommend using cgroups to do container-local accounting.
    LimitNOFILE=infinity
    LimitNPROC=infinity
    LimitCORE=infinity
    # Uncomment TasksMax if your systemd version supports it.
    # Only systemd 226 and above support this version.
    #TasksMax=infinity
    TimeoutStartSec=0
    # set delegate yes so that systemd does not reset the cgroups of docker containers
    Delegate=yes
    # kill only the docker process, not all processes in the cgroup
    KillMode=process
    # restart the docker process if it exits prematurely
    Restart=on-failure
    StartLimitBurst=3
    StartLimitInterval=60s

    [Install]
    WantedBy=multi-user.target

    also I have
    192.168.0.31 boot-node
    in /etc/hosts

    • James Yu says:

      after I change “192.168.0.31 boot-node” to “192.168.0.31 boot-node boot-node” in /etc/hosts
      and change “/usr/bin/dockerd –insecure-registry boot-node:5000” to “/usr/bin/dockerd –insecure-registry=boot-node:5000” for ExecStart
      it starts to work

  3. nag says:

    By using this I am not able to push images getting the below response
    Get ‘https://x.x.x.x:5000/v2/:’ http: server gave HTTP response to HTTPS client

    • Pradeep Kumar says:

      Hi Nag,

      Did you update your system’s ‘/usr/lib/systemd/system/docker.service’ file and reload daemon service and restart Docker service ..?

  4. Vijay says:

    how can we get the list of all the images inside a registry?

  5. maddy says:

    Pradeep,

    how do we avoid docker push from trying to use a webproxy? in /etc/profile, I have explicitly set

    export no_proxy=”localhost,127.0.0.1,node2,*.local.domain”

    Yet when pushing image, docker tries to resolve the hostname through webproxy

    [[email protected] ~]# cat /etc/hosts
    15.12.70.46 node2 node2

    # docker push node2:5000/friendlyhello
    The push refers to a repository [node2:5000/friendlyhello]
    983860a985da: Preparing
    fc5535ef2a0b: Preparing
    0bd3f73f5940: Preparing
    63d42cb10c64: Preparing
    32d47307f796: Preparing
    c86aa07d5fdb: Waiting
    d8a33133e477: Waiting
    Error: Status 404 trying to push repository friendlyhello: ….
    “>\nYour requested host \”node2\” could not be resolved by DNS.\n\n\n\n\n\n\n\n\n\n\nFor assistance, contact your network support team.\n\n\n\n\n\n\n”

  6. InvisiBill says:

    I’m a little confused about the firewall command. Should we need to be opening up port 5000 instead of 80?

Leave a Reply to Pradeep Kumar Cancel reply

Your email address will not be published. Required fields are marked *