Docker Private Registry Setup

We can create our own secure private  docker repository where we can store our images and can be accessed from remote machine.

1. Goto /var/lib/docker in server and Create certificate using the domain name:

cd /var/lib/docker && mkdir certs
 mkdir -p certs && openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/ -x509 -days 365 -out certs/

2. Delete any old registry if exists:

docker rm  OR docker rmi registry:2

3. Recreate the registry using the newly created certificates by staying in the cert dir:

docker run -d -p 5000:5000 --restart=always --name bkdevregistry -v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/ -e REGISTRY_HTTP_TLS_KEY=/certs/ registry:2

4. Goto docker cert dir and copy the crt file as ca.crt and restart docker service

cd /etc/docker/certs.d/\:5000/
 cp /var/lib/docker/ /etc/docker/certs.d/\:5000/ca.crt
 update-ca-trust enable
 service docker restart

5. Now push images to private repository:

docker pull ubuntu
 docker tag ubuntu
 docker push

6. Client side configuration:

Copy the ca.crt file from docker registry server to local docker cert dir and restart docker service

mkdir -p /etc/docker/certs.d/\:5000/
 scp /etc/docker/certs.d/
 service docker restart

7. Pull image from remote registry :

docker pull

8. Check images in remote registry available using the crt file or in insecure mode:

curl -X GET --cacert /etc/docker/certs.d/\:5000/ca.crt


curl -X GET --insecure

Leave a Reply