Thank you for your interest in Redapt. Whether you are a current customer or are interested in becoming one, we are here to help. Just input a few bits of information, and we'll quickly connect you with a helpful Redapt expert.
Now that we’ve discussed and shown you how to do a few things with containers, we are ready to show you how to create your own docker registry to securely store your container images. This is especially important in light of recent news about Docker Hub images being insecure.
Below are a few examples of why having a private docker registry is a good idea:
This tutorial will explain how to install and configure a docker registry server, as well as generate and sign SSL keys for secure authentication when issuing a ‘docker pull’, or ‘docker push’ command.
NOTE: If you are going to be using your private docker registry in production, you may want to consider getting your SSL certificate signed by a Certificate Authority (VeriSign). Also, we are using AWS for the purposes of this blog, but these can be executed on any public cloud.
Things You’ll Need:
Step 1: Login to your EC2 instance and clone the docker-registry repository.
Step 2: To make things easier, we created a script that will generate and sign the keys / certs for us. It is located in the GitHub repository we have cloned in step 1.
NOTE: Before we run the ‘generate-ca.sh script, it is important to know a few things if you are self signing your certificate.
When generating the keys and certs it is necessary to enter a password. However, we will have the script remove it after it has been entered. Also note, when prompted with the questions below, fill them out accordingly:
“Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password :”
Press Enter Here to bypass this prompt
“Common Name (e.g. server FQDN or YOUR name):”
This will need to be whatever you are going to call your DNS Name.Example: registry.redapt.com
Now let’s go ahead and run the script to generate our keys and certificates.
Great! We have our certificates and keys generated, let’s go and configure our deploy-registry.sh script to point to our S3 Bucket.
Fill out your script with the IAM Access Key, Secret Key, etc. If you are familiar with Amazon S3, it should be self-explanatory. Once you have filled out the necessary information, run the script to start your docker container.
If successful, you should see your docker registry container running on your EC2 instance by running the following command.
We are now ready to build and deploy the nginx registry container which will handle our SSL encryption. Build and run your nginx-registry container.
And that’s it! You have successfully deployed a private docker registry server, with SSL authentication. Now when we run a ‘docker ps’ command, we should see the following:
Now that we have our registry server up and running, we will need to authenticate to it. To do so, we will need to retrieve the following files from our docker registry server.
Once we have copied those 3 files to our client, we will need to create and place them in the following directory:
Now that we have our client configured and authenticating to our Docker Registry. It is time to test it all out. For testing purposes, we will pull down a docker hub image from our public docker hub, re-tagging it, and pushing it to our new Private Docker Registry Server. To do this, run the following commands:
NOTE: Be sure to replace “registry.yourdomain.com” with the actual URL you used when generating your certificates and setting up your DNS.
Success! Your new docker image should start to push to your new Private Docker Registry Server. Stay tuned for our next post and don’t forget to comment below!
Note: This is currently a way of setting up a private docker registry. This might change at a later date as software vendors continue to develop things for docker. But for now, this is a way of getting up and running with a private docker registry on AWS.