Docker private registry with mirror

docker docker-registry
0x7d7b picture 0x7d7b · Feb 17, 2015 · Viewed 34.2k times · Source

I created two Docker containers. The first one provides a private Docker registry and the second one is a mirror of the official Docker registry:

docker run -d --name registry -v /local/path/to/registry:/registry -e SETTINGS_FLAVOR=local -e STORAGE_PATH=/registry -p 5000:5000 registry

docker run -d --name mirror -v /local/path/to/mirror:/registry -e STORAGE_PATH=/registry -e STANDALONE=false -e MIRROR_SOURCE=https:/registry-1.docker.io -e MIRROR_SOURCE_INDEX=https://index.docker.io -p 5555:5000 registry

Now I would like to combine both. Whenever a user pulls images it should first query the private registry and then the mirror. And when images are pushed they should only be pushed to the private registry.

I do not have an idea about how this can be done. Any help is appreciated.

Answer

Tomasz Sętkowski picture Tomasz Sętkowski · Feb 17, 2015

You cannot just force all docker push commands to push to your private registry. One reason is that you can have any number of those registers. You have to first tell docker where to push by tagging the image (see lower).

Here is how you can setup docker hosts to work with a running private registry and local mirror.

Client set-up

Lets assume that you are running both mirror and private registry on (resolvable) host called dockerstore. Mirror on port 5555, registry on 5000.

Then on client machine(s) you should pass extra options to docker daemon startup. In your case:

  1. Add --registry-mirror=http://dockerstore:5555 to tell daemon to prefer using local mirror rather then dockerhub. source
  2. Add --insecure-registry dockerstore:5000 to access the private registry without further configuration. See this answer
  3. Restart docker daemon

Using the mirror

When you pull any image the first source will be the local mirror. You can confirm by running a docker pull, e.g.

docker pull debian

In the output there will be message that image is being pulled from your mirror - dockerstore:5000

Using local registry

In order to push to private registry first you have to tag the image to be pushed with full name of the registry. Make sure that you have a dot or colon in the first part of the tag, to tell docker that image should be pushed to private registry.

Docker looks for either a “.” (domain separator) or “:” (port separator) to learn that the first part of the repository name is a location and not a user name.

Example:

Tag 30d39e59ffe2 image as dockerstore:5000/myapp:stable

docker tag 30d39e59ffe2 dockerstore:5000/myapp:stable

Push it to private registry

docker push dockerstore:5000/myapp:stable

Then you can pull as well

docker pull dockerstore:5000/myapp:stable

Related questions

How to get a list of images on docker registry v2

I'm using docker registry v1 and I'm interested in migrating to the newer version, v2. But I need some way to get a list of images present on registry; for example with registry v1 I can execute a GET request …

Read More
How to push a docker image to a private repository

I have a docker image tagged as me/my-image, and I have a private repo on the dockerhub named me-private. When I push my me/my-image, I end up always hitting the public repo. What is the exact syntax to …

Read More
How to delete images from a private docker registry?

I run a private docker registry, and I want to delete all images but the latest from a repository. I don't want to delete the entire repository, just some of the images inside it. The API docs don't mention a …

Read More