Public Repository

Last pushed: 3 years ago
Short Description
Private docker registry 2.0
Full Description


kinesis/registry is a
private registry built from the distribution source.

The main difference is that it does not bootstrap a Go build environment in the
docker container. Instead a registry binary is cross compiled locally and bundled
into the container. This dramatically reduces the container size, from roughly 580MB down to

The following is performed:

  • Uses gox to build a registry binary for Linux AMD64 architectures
  • Installs nginx 1.9.1
  • Installs supervisor to run both nginx and the registry itself
  • Reverse proxies the main registry server
  • Reverse proxies /health/ to the debug server's /debug/health path
  • Performs HTTP to HTTPS redirection
  • Properly configures the registry version response header in nginx so the docker client uses the v2 API.

It is assumed:

  • S3 is the storage backend
  • Your load balancer will be terminating the SSL connection

Daily Builds

SemaphoreCI is setup to build once a day and push up an image tagged daily to
kinesis/registry if the build succeeds.

Building the Registry

In order for this to work you will need a Go development environment setup so that
gox can be go geted.

Basic Auth

Basic auth is required for all end points except healthchecks.

Create a new password file using:

htpasswd -bc docker-registry.htpasswd USERNAME PASSWORD


Most options
in the registry can be configured via environment variables. Unfortunately
registry 2.0 does not allow starting up without a configuration file. As such
we are running this with a config file linked from the host.

An example script to run the container follows:



docker pull $IMAGE
docker stop $NAME
docker kill $NAME
docker rm $NAME

docker run \
  -v /root/docker-registry.htpasswd:/etc/nginx/docker-registry.htpasswd \
  -v /root/config.yml:/app/config.yml
  -p 80:80 \
  --name registry \
  -d kinesis/registry

Ideally these settings can be passed in on startup of your host. On AWS with an
EC2 instance this could be done via user-data.

Docker Pull Command