Skip to content

Registry

Registry is a being used as a Docker pull through cache for my network.

🛠 Installation

Default Port: 5000

Configuration path: /etc/docker

homelab/docker/registry

task up
docker compose up

🚀 Upgrade

Warning

The below commands purge any unused Docker images! Use at your own risk!

homelab/docker/registry

task upgrade
(
  git pull origin
  docker compose up --force-recreate --build -d
  docker image prune -a -f
)

⚙ Config

🖥 Server

Init .env

task init
cp .env.tmpl .env

homelab/docker/registry/.env


homelab/docker/registry/compose.yaml
cat << EOF > ./docker/registry/compose.yaml
---
services:
  registry:
    container_name: registry
    image: library/registry:2.8.3
    environment:
      - REGISTRY_STORAGE_DELETE_ENABLED=true
      - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
      - REGISTRY_PROXY_REMOTEURL="https://registry-1.docker.io"
      - REGISTRY_PROXY_USERNAME=$DOCKER_USER
      - REGISTRY_PROXY_PASSWORD=$DOCKER_TOKEN
    env_file:
      - .env
    ports:
      - '5000:5000'
    volumes:
      - ${REGISTRY_DIR:-/var/lib/registry}:/var/lib/registry
    restart: always

EOF
---
services:
  registry:
    container_name: registry
    image: library/registry:2.8.3
    environment:
      - REGISTRY_STORAGE_DELETE_ENABLED=true
      - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry
      - REGISTRY_PROXY_REMOTEURL="https://registry-1.docker.io"
      - REGISTRY_PROXY_USERNAME=$DOCKER_USER
      - REGISTRY_PROXY_PASSWORD=$DOCKER_TOKEN
    env_file:
      - .env
    ports:
      - '5000:5000'
    volumes:
      - ${REGISTRY_DIR:-/var/lib/registry}:/var/lib/registry
    restart: always

💻 Client

Tip

registry-mirrors must start with http or https else an error will be thrown when trying to restart the docker service.

/etc/docker/daemon.json

cat <<EOF > /etc/docker/daemon.json
{
  "log-driver": "journald",
  "insecure-registries": [ "192.168.2.81:5000" ],
  "registry-mirrors": [ "https://registry.l.nicholaswilde.io" ]
}

EOF
(
  [ ! -d /etc/docker ] && mkdir -p /etc/docker
  wget https://raw.githubusercontent.com/nicholaswilde/homelab/refs/heads/main/docker/registry/daemon.json -O /etc/docker/daemon.json
)
{
  "log-driver": "journald",
  "insecure-registries": [ "192.168.2.81:5000" ],
  "registry-mirrors": [ "https://registry.l.nicholaswilde.io" ]
}

Restart the Docker service

task restart
(
  systemctl daemon-reload
  systemctl restart docker.service
)

Traefik

homelab/pve/traefik/conf.d/registry.yaml
---
http:
 #region routers 
  routers:
    registry:
      entryPoints:
        - "websecure"
      rule: "Host(`registry.l.nicholaswilde.io`)"
      middlewares:
        - default-headers@file
        - https-redirectscheme@file
      tls: {}
      service: registry
#endregion
#region services
  services:
    registry:
      loadBalancer:
        servers:
          - url: "http://192.168.2.81:5000"
        passHostHeader: true
#endregion
  middlewares:
    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true
    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    default-whitelist:
      ipAllowList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

📝 Usage

💻 Client

docker pull ubuntu
docker pull https://registry.l.nicholaswilde.io/library/ubuntu
docker pull 192.168.2.81:5000/library/ubuntu

WIP

🚀 Upgrade

Warning

The below commands purge any unused Docker images! Use at your own risk!

homelab/docker/registry

task upgrade
(
  git pull origin
  docker compose up --force-recreate --build -d
  docker image prune -a -f
)

Task List

task: Available tasks for this project:
* decrypt:       Decrypt .env using SOPS
* encrypt:       Encrypt .env using SOPS
* export:        Export the task list
* init:          Init
* mklinks:       Make client symlinks
* restart:       Restart Docker containers
* status:        Status
* stop:          Stop registry container
* up:            Tun Docker compose in the foreground.
* up-d:          Run Docker compose in the background.
* update:        Update running containers
* upgrade:       upgrade

🩺 Troubleshooting

Watch the logs on the server during a pull to ensure that the image is being pulled through the local registry.

homelab/docker/registry

task logs
docker logs registry -f

🔗 References