Setting up a docker registry

As part of my new "infrastructure setup" I need my own private docker registry. This is of course run as a docker container.


  • docker
  • docker-compose

Create and mount data storage on host machine

  • I create an NFS share on my NAS and mount it in fstab:   /var/lib/docker-registry   nfs    auto  0  0

Setup htpasswd:

I create a user woodenstake and a password in a subfolder of my mount-point:

htpasswd -Bbn woodenstake ************** > /var/lib/docker-registry/auth/htpasswd

Docker image:

I modify the docker-compose.yml example from to fit setup:


  restart: always
  image: registry:2
  name: registry
    - 5000:5000
    REGISTRY_AUTH: htpasswd
    - /var/lib/docker-registry:/var/lib/registry
    - /var/lib/docker-registry/auth:/auth

as you can see, the volumes are from my mount.

Now I can simply run:

  • docker-compose up -d
  • Try it with sudo docker login localhost:5000

Setup haproxy with SSL termination

As you can see, I have no SSL termination here. I do this separately with haproxy:


frontend https

# SAN certificate from letsencrypt hat contains all my subdomains including
bind *:443 ssl crt /etc/letsencrypt/live/
 acl host_docker hdr(host) -i
 use_backend docker if host_docker

backend docker
    mode http
    option forwardfor
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    server docker_registry

Now I can:

sudo docker login

from outside

Make this repository mirror main docker repo:


to /etc/default/docker

Then restart the deamon.

Push yourself to yourself (to see everything works)

viktor@i7:~$ sudo docker images
REPOSITORY                        TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
registry                          2                   5dfdbfb4ed57        3 weeks ago         224.5 MB
viktor@i7:~$ sudo docker tag 5dfdbfb4ed57 localhost:5000/woodenstake/docker-registry
viktor@i7:~$ sudo docker push localhost:5000/woodenstake/docker-registry