We can create our own secure private docker repository where we can store our images and can be accessed from remote machine.
1. Goto /var/lib/docker in server and Create certificate using the domain name:
cd /var/lib/docker && mkdir certs mkdir -p certs && openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/sl09vmf0022.us.company.com.key -x509 -days 365 -out certs/sl09vmf0022.us.company.com.crt
2. Delete any old registry if exists:
docker rm OR docker rmi registry:2
3. Recreate the registry using the newly created certificates by staying in the cert dir:
docker run -d -p 5000:5000 --restart=always --name bkdevregistry -v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/sl09vmf0022.us.company.com.crt -e REGISTRY_HTTP_TLS_KEY=/certs/sl09vmf0022.us.company.com.key registry:2
4. Goto docker cert dir and copy the crt file as ca.crt and restart docker service
cd /etc/docker/certs.d/sl09vmf0022.us.company.com\:5000/ cp /var/lib/docker/sl09vmf0022.us.company.com.crt /etc/docker/certs.d/sl09vmf0022.us.company.com\:5000/ca.crt update-ca-trust enable service docker restart
5. Now push images to private repository:
docker pull ubuntu docker tag ubuntu sl09vmf0022.ua.company.com:5000/ubuntu1404 docker push sl09vmf0022.ua.company.com:5000/ubuntu1404
6. Client side configuration:
Copy the ca.crt file from docker registry server to local docker cert dir and restart docker service
mkdir -p /etc/docker/certs.d/sl09vmf0022.us.company.com\:5000/ scp sl09vmf0022.us.company.com:/var/lib/docker/certs/sl09vmf0022.us.company.com.crt /etc/docker/certs.d/sl09vmf0022.us.company.com:5000/ca.crt service docker restart
7. Pull image from remote registry :
docker pull sl09vmf0022.us.company.com:5000/oel6u6
8. Check images in remote registry available using the crt file or in insecure mode:
curl -X GET https://sn09vmf0022.us.company.com:5000/v2/_catalog --cacert /etc/docker/certs.d/sn09vmf0022.us.company.com\:5000/ca.crt
OR
curl -X GET https://sl09vmf0022.us.company.com:5000/v2/_catalog --insecure