Running your private docker registry is actually super easy to do, and this blog post shows you how you could achieve this. I am assuming you understand what docker is and docker compose. This example will use nginx in combination with letsencrypt.

Prerequisites

letsencrypt

sudo apt-get -y install letsencrypt

Docker installed Docker compose installed Option to use the htpasswd command, install through:

sudo apt-get -y install apache2-utils

And the ability to mount a docker volume.

Setup

Create the following 3 directories: - data - nginx - sslcerts And create a docker-compose.yml file with the following content:

services:
  nginx:
    image: "nginx:1.9"
    ports:
      - 443:443
    links:
      - registry:registry
    volumes:
      - ./nginx/:/etc/nginx/conf.d
      - ./sslcerts/:/etc/nginx/sslcert/
  registry:
    image: registry:2
    ports:
      - 127.0.0.1:5000:5000
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
    volumes:
      - ./data:/data
  registry_gui:
    image: konradkleine/docker-registry-frontend:v2
    ports:
      - 80:80
    environment:
      ENV_DOCKER_REGISTRY_HOST: yoururl.com
      ENV_DOCKER_REGISTRY_PORT: 443
      ENV_DOCKER_REGISTRY_USE_SSL: 1

This installs 3 docker containers, nginx, the registry, and a gui to manage your registry. Change yoururl.com to your own definition Your structure should look like:

drwxr-xr-x 3 arno arno      27 Dec  7 20:20 data
-rw-r--r-- 1 arno arno     628 Dec  7 20:28 docker-compose.yml
drwxr-xr-x 2 arno arno      62 Dec  7 20:12 nginx
drwxr-xr-x 3 arno arno      93 Dec  7 20:11 sslcerts

The next step is to create a username and password for your registry, this file will be read by nginx, and functions as basic auth.

htpasswd -c nginx/htpasswd arno

Create an nginx/nginx.conf file with the contents, and change yoururl.com to whatever you want

upstream docker-registry {
  server registry:5000;
}

server {
  listen 443;
  server_name yoururl.com;

  # SSL
  ssl on;
  ssl_certificate /etc/nginx/sslcert/fullchain.pem;
  ssl_certificate_key /etc/nginx/sslcert/privkey.pem;
  ssl_trusted_certificate /etc/nginx/sslcert/chain.pem;

  # disable any limits to avoid HTTP 413 for large image uploads
  client_max_body_size 0;

  # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
  chunked_transfer_encoding on;

  location /v2/ {
    # Do not allow connections from docker 1.5 and earlier
    # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
    if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
      return 404;
    }

    # To add basic authentication to v2 use auth_basic setting plus add_header
    auth_basic "registry.localhost";
    auth_basic_user_file /etc/nginx/conf.d/htpasswd;
    add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;

    proxy_pass                          http://docker-registry;
    proxy_set_header  Host              $http_host;   # required for docker client's sake
    proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto $scheme;
    proxy_read_timeout                  900;
  }
}

Next step is setting up letsencrypt for https.

letsencrypt certonly --standalone -d yoururl.com

Copy the certificates to sslcerts:

/etc/letsencrypt/live/yoururl.com/* sslcerts/

Only one thing left, that is creating a service for your docker file create a file in /lib/systemd/system/docker-registry.service

[Unit]
Description=Docker Registry Service
Requires=docker.service
After=docker.service

[Service]
Restart=always
ExecStart=/usr/local/bin/docker-compose -f /dockerregistry/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /dockerregistry/docker-compose.yml down

[Install]
WantedBy=local.target

change the path of /dockerregistry to your specified path. Ready to start up your registry!

sudo service docker-registry start

Check if your docker registry is working by running doing a docker login

docker login https://yoururl.com

It should request a username and password, as has been defined earlier with the htpasswd. You are now able to push and tag images! Browse to your yoururl.com to see if the repositories created by you. It is usefull to auto renew your ssl certificates with a cronjob that runs letsencrypt and restarts nginx. References: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04