The main difference is that it does not bootstrap a Go build environment in the
docker container. Instead a registry binary is cross compiled locally and bundled
into the container. This dramatically reduces the container size, from roughly 580MB down to
The following is performed:
- Uses gox to build a registry binary for Linux AMD64 architectures
- Installs nginx 1.9.1
- Installs supervisor to run both nginx and the registry itself
- Reverse proxies the main registry server
- Reverse proxies
/health/to the debug server's
- Performs HTTP to HTTPS redirection
- Properly configures the registry version response header in nginx so the docker client uses the v2 API.
It is assumed:
- S3 is the storage backend
- Your load balancer will be terminating the SSL connection
SemaphoreCI is setup to build once a day and push up an image tagged
kinesis/registry if the build succeeds.
Building the Registry
In order for this to work you will need a Go development environment setup so that
gox can be
Basic auth is required for all end points except healthchecks.
Create a new password file using:
htpasswd -bc docker-registry.htpasswd USERNAME PASSWORD
in the registry can be configured via environment variables. Unfortunately
registry 2.0 does not allow starting up without a configuration file. As such
we are running this with a config file linked from the host.
An example script to run the container follows:
#!/bin/bash NAME=registry IMAGE="kinesis/registry" docker pull $IMAGE docker stop $NAME docker kill $NAME docker rm $NAME docker run \ -v /root/docker-registry.htpasswd:/etc/nginx/docker-registry.htpasswd \ -v /root/config.yml:/app/config.yml -p 80:80 \ --name registry \ -d kinesis/registry
Ideally these settings can be passed in on startup of your host. On AWS with an
EC2 instance this could be done via user-data.