Skip to main content

Decoding Docker - Part 2


                                            Docker Remote Registry

Continuing the blog series on my trysts with docker, in this installment we will look into the details of how to set up a docker remote registry. Hope now you have an idea on how to get Docker up and running , if not go ahead and read the first part of my blog series here

Now that we have docker engine up and running, and  few containers spinned up in it we might very well think about a centralized docker image repository. Of course we have Docker hub, and you could  save your images there. But what if you want to have a bit more privacy and would like to save all your hard work in house?That is where Docker remote registry comes in handy.

Docker remote registry can be set up in a local machine for centralized storage of docker images. You can pull and push images just like you do in Docker hub.It allows centralized collaboration of people working on docker containers in your firm. For eg: a developer working on a project can save the current status of his container as an image and push it to the remote registry . His fellow team mate could download the image and spin up and container and continue the work. This is just one of the use cases, the functionality is somewhat similar to an SVN repository. However, one major drawback I noticed was the lack of a search/list functionality.

Here is how you can set it up:

Server side configuration:

To start with, you will need a certificate for connecting to the remote registry. Lets create one using openssl in the machine where you plan to set up your docker remote registry:

mkdir -p certs && openssl req \
  -newkey rsa:4096 -nodes -sha256 -keyout /certs/domain.key \
  -x509 -days 365 -out /certs/domain.crt

This command will create a domain.key and domain.crt file and store it in /certs . The domain.crt file is required for the client side configuration 

During the certificate creation process, it would ask for a domain name. You can give the name as your server hostname or any other name that you find suitable. For this example , lets assume that the name is "" . If you have a DNS in your network should point to the IP of the machine where the registry is hosted, so that docker engines can connect to it. Otherwise you will have to create an entry in the hostfile pointing to your registry server IP.

Docker registry in this case will be running from within a docker container. To get it up and running, use the following command:

docker run -d -p 5000:5000 --restart=always --name registry \
  -v `pwd`/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \

 This command will download the registry image and run it as a docker container exposing registry at port 5000 of the host. You can check the status by running the "docker ps" command

Client side configuration:

To clarify the terminology, client means the docker engine which will connect to the docker remote registry.If you want to connect to the docker remote registry from another machine that has docker engine installed, some prerequisite configurations should be in place.

Remember the domain.crt file we created using ssl during the server side configuration? You need to copy it over to the client machine to the following location: /etc/docker/certs.d/

Note: You will have to create the certs.d and the sub folders at /etc/docker , it will not be present by default

Restart the docker engine and we are good to go!!

Now lets see how we can use the remote registry to store your images.First, lets start with pulling an image from the docker hub

docker pull ubuntu

 You could very well create an image of your own from a container that you are working on using the commit command. For eg:

docker commit <container name>  <new-image-name>

for eg: docker commit ubuntuvm ubuntu-image

Please note that the images that you create using the process is stored locally and is accessible only from your local docker engine. It will be listed once you run the "docker images" command locally. However once you commit it to registry, it can be pulled by other docker engines in your network.

In the next step, lets tag the image that we created  using commit or pulled from docker hub

docker tag ubuntu

Push the image to the registry, and we are done!!

docker push

Now if you want to pull the docker image from another docker engine in your network, you could do that using the following command  provided the domain.crt file is copied over to the machine.

docker pull


Post a Comment

Popular posts from this blog

Cloud Security - Risk factors

Cloud security is a major consideration for enterprise wide cloud adoption, especially public cloud. This is part 1 of a serious of blog posts , where I am planning to pen down the different dimensions of Cloud security, starting with the risk factors of cloud adoption. The various attributes of security risks  involved in the process can be summed up as follows: ENISA* recommends the following  risk areas to be taken into account, while embarking on a cloud adoption journey

Windows server 2012: where is my start button??

If you have been using Windows Server OS for a while, the one thing that will strike you most when you login to a Windows server 2012 is that there is no start button!!.. What??..How am I going to manage it?? Microsoft feels that you really dont need a start button, since you can do almost everything from your server  manager or even remotely from your desktop. After all the initial configurations are done, you could also do away with the GUI and go back to server core option.(In server 2012, there is an option to add and remove GUI). So does that mean, you need to learn to live without a start button. Actually no, the start button is very much there .Lets start looking for it. Option 1: There is "charms" bar on the side of your deskop, where you will find a "start" option. You can use the "Windows +C" shortcut to pop out the charms bar Option 2: There is a hidden "start area"in  the bottom left corner of your desktop

Install nested KVM in VMware ESXi 5.1

In this blog, I will explain the steps required to run a nested KVM hypervisor on  Vmware ESXi. The installation of KVM is done on Ubuntu 13.10(64 bit). Note: It is assumed that you have already installed your Ubuntu 13.10 VM in ESXi, and hence we will not look into the Ubuntu installation part. 1) Upgrade VM Hardware version to 9. In my ESXi server, the default VM hardware version was 8. So I had to shutdown my VM and upgrade the Hardware version to 9 to get the KVM hypervisor working. You can right click the VM and select the Upgrade hardware option to do this. 2)In the ESXi host In /etc/vmware edit the 'config' file and add the following setting vhv.enable = "TRUE" 3)Edit the VM settings and go to VM settings > Options  > CPU/MMU Virtualization . Select the Intel EPT option 4) Go to Options->CPUID mask> Advanced-> Level 1, add the following CPU mask level ECX  ---- ---- ---- ---- ---- ---- --H- ---- 5) Open the vmx