Use Docker Enterprise edition to build your own private registry server

Docker is really cool, especially since moving Docker images is 10 points easier than using a virtual machine. If you are ready to use Docker, you must have pulled a complete mirror from Docker Hub. Docker Hub is Docker's cloud registry server service, which contains thousands of Docker images to choose from. If you develop your own software package and create your own Docker image, you may want to have your own private registry server. If you have a mirror with a proprietary license, or want to provide a complex continuous integration (CI) process for your build system, it's even better to have your own private registry server.

Docker Enterprise edition includes Docker trusted registry server Docker Trusted Registry (DTR). This is a highly available registry server with secure image management, built to run on your own data center or cloud-based architecture. Next, we'll learn that DTR is a key component that provides a secure, reusable, and continuous software supply chain. You can get started right away with our free hosted demo, or download and install it for a 30-day free trial. Here are the steps to start your own installation.

Configure Docker Enterprise edition

DTR runs on the Common Control panel (UCP), so a single-node cluster is installed before you start. If you already have your own UCP cluster, skip this step. On your docker managed host, run the following command:

#  Pull and install  UCP
docker run -it -rm -v /var/run/docker.sock:/var/run/docker.sock -name ucp docker/ucp:latest install

When UCP is up and running, there are a few things you can do before installing DTR. Open the browser for the instance of UCP you just installed. There should be a link at the end of the log output. If you already have an Docker Enterprise license, enter it on this screen. If you haven't already, visit the Docker store for a 30-day free trial.

With the license ready, you may need to change the port on which UCP runs under 1. Because this is a single-node cluster, DTR and UCP may run their web services on the same port. If you have an UCP cluster with more than one node, this is not a problem because DTR looks for nodes that need free ports. In UCP, click "Administrator Settings -" > Cluster configuration "and modify the controller port, such as 5443.

Install DTR

We want to install a simple, single-node instance of DTR. If you want to install DTR for actual production use, you will set it to high availability (HA) mode, which requires another storage medium, such as cloud-based object storage or NFS. Since we are currently installing a single node instance, we are still using the default local storage.

First we need to pull the bootstrap image of DTR. The boostrap image is a tiny stand-alone installer that includes all the containers, volumes, and logical networks needed to connect to UCP and to set up and start DTR.

Use the command:

#  Pull and run  DTR  bootstrap 
docker run -it -rm docker/dtr:latest install -ucp-insecure-tls

Note: By default, both UCP and DTR have their own certificates and are not recognized by the system. If you have set up UCP using the TLS certificate that the system trusts, you can omit it -ucp-insecure-tls Options. In addition, you can use -ucp-ca Option to specify UCP's CA certificate directly.

The DTR bootstrap image then lets you determine several Settings, such as the URL address for the UCP installation and the administrator's username and password. It only takes one to two minutes to pull all of the DTR images until the setup is complete.

Ensure 1 cut safety

Once all cuts are ready, you can push or pull images from the register server. Before doing this, let's set up the TLS certificate to communicate securely with DTR.

On Linux, we can use the following command (just make sure to change the DTR_HOSTNAME variable to properly map the DTR we just set) :

#  from  DTR  pull  CA  Certificate (if  curl  Not available. You can use it  wget ) 
DTR_HOSTNAME=< DTR  The host name >
curl -k https://$(DTR_HOSTNAME)/ca > $(DTR_HOSTNAME).crt
sudo mkdir /etc/docker/certs.d/$(DTR_HOSTNAME)
sudo cp $(DTR_HOSTNAME) /etc/docker/certs.d/$(DTR_HOSTNAME)
#  restart  docker  Daemons (at  Ubuntu 14.04  On, the use of  `sudo service docker restart`  Command) 
sudo systemctl restart docker

For Mac and Windows versions of Docker, we will install the client in different ways. Go to "Settings -. > Daemons, in the "Insecure Registration Server" section, enter your DTR hostname. Click "Apply" and the docker daemon should work fine after a restart.

Push and pull mirror images

Now we need to set up a warehouse to hold the images. This is a little different from Docker Hub. If you do not have an docker push warehouse, it will automatically create one. To create a repository, open https:// in your browser < Your DTR hostname > And use your administrator credentials to log in when prompted. If you add a license to UCP, DTR will automatically get that license. If not, please confirm uploading your license now.

After you go to the web page, click the "New Warehouse" button to create a new warehouse.

We will be creating a repository for Alpine linux, so type "alpine" in the name input and click "Save" (called "Create" in DTR 2.5 and later).

Now let's go back to the shell interface and enter the following command:

#  pull  Alpine Linux  The latest version of 
docker pull alpine:latest
#  Log in to the new  DTR  The instance 
docker login <Your DTR hostname>
#  On the tag  Alpine  Enable to push it to you  DTR
docker tag alpine:latest <Your DTR hostname>/admin/alpine:latest
#  to  DTR  Push the mirror 
docker push <Your DTR hostname>/admin/alpine:latest

That's it! We just pushed a copy of the latest Alpine Linux, re-labeled it to store it in DTR, and pushed it to our private registry server. If you want to pull the image to a different Docker engine, set your DTR certificate as shown above, and then execute the following command:

#  from  DTR  Center pull mirror image 
docker pull <Your DTR hostname>/admin/alpine:latest

DTR has many excellent image management features, such as caching, imaging, scanning, signing, and even automated supply chain strategies for mirrors. We'll explore these features in more detail in a later blog post.

conclusion