Public | Automated Build

Last pushed: a month ago
Short Description
Docker Registry Reverse Proxy with Basic Auth Nginx Server - ready for production
Full Description

Docker Registry Reverse Proxy with Basic Auth Nginx Server (marvambass/nginx-registry-proxy)

maintained by MarvAmBass

FAQ - All you need to know about the marvambass Containers

What is it

This Dockerfile (available as marvambass/nginx-registry-proxy) gives you a nginx reverse proxy with SSL and Basic Auth to use with your Docker Registry (registry)

View in Docker Registry marvambass/nginx-registry-proxy

View in GitHub MarvAmBass/docker-nginx-registry-proxy

Running marvambass/nginx-registry-proxy Container

To run this container, you need a running registry with the name registry for example:

docker run -d --name registry \
-v $YOUR_REGISTRY_DIR:/registry \
-e "SETTINGS_FLAVOR=local" \
-e "STORAGE_PATH=/registry" \

You also need a htpasswd-file howto and a ssl keypair howto

Put the new files in a folder to get a result like this:

~/your/path/external$ ls
cert.pem  docker-registry.htpasswd  key.pem

You're now ready to run the nginx-registry-proxy Server ;)

docker run -d -p 443:443 \
-v $PATH\_TO\_YOUR/external:/etc/nginx/external \
--link registry:registry --name nginx-registry-proxy \

Use your private Docker Registry

Let's asume, you followed all steps until now. You've a Server ( with https on port 443 and a basicauth user named tom with the password jerry.

Let's check if the Server is available by opening this URL _\_ping_. If the Server returns true your Registry is up and running.

Let's get a new Docker Image from the offical Registry, rename it, and publish it into your private Registry.

$ docker pull scratch # this pulls the scratch image from the offical registry

Now we have the image named scratch in our local Docker Image Registry. You can check that with the command:

$ docker images
scratch              latest              511136ea3c5a        16 months ago       0 B

Let's rename the Image and publish it into your private Registry

$ docker tag scratch

Now the command docker images will show another Image

scratch              latest              511136ea3c5a        16 months ago       0 B             latest              511136ea3c5a        16 months ago       0 B

At this Point we're able to publish it into your private Registry but first we need to login into the server

$ docker login
Username: tom
Password: jerry
$ docker push

You're successfully published you're first Image into your private Registry.
Note that you need docker login on every Server (you can also use arguments for password and username, but this is not secure because of the process list of linux ps aux or the bash history)

Download the uploaded Image:

$ docker login
Username: tom
Password: jerry
$ docker pull

That's it - Have fun!

Based on

This Dockerfile bases on the marvambass/nginx-ssl-secure Image.

I got inspired by the following DigitalOcean Tutorial

Building the Dockerfile yourself

Just use the following command to build and publish your/this Docker Container.

docker build -t username/nginx-registry-proxy .
docker push username/nginx-registry-proxy

Cheat Sheet

Creating a self-signed ssl cert

Please note, that the Common Name (CN) is important and should be the FQDN to the secured server:

openssl req -x509 -newkey rsa:4086 -keyout key.pem -out cert.pem -days 3650 -nodes

Creating a htpasswd file

You need the htpasswd command (on Ubuntu you can simply install it with sudo apt-get install -y apache2-utils)

The first time you wanna create the htpasswd-file, you need to use the -c parameter (it stands for create).

htpasswd -c docker-registry.htpasswd user1

Any other new User you want to add, simply use the following command:

htpasswd docker-registry.htpasswd userN

if you use the -c on a existing htpasswd-file, all existing user will be deleted and you create a new file which only contains the new user

Docker Pull Command

Comments (4)
2 years ago

This image is useful . Thanks a lot. ^_^

2 years ago


this doesn't have anything to do with ssl certificates, if you don't specify your own, the parent container marvambass/nginx-ssl-secure ensures to create the ssl certificates.
of course you need to trust self signed certificates on every machine who wants to connect to this registry - or you could just use paid or startssl certificates.

the registry doesn't know anything about TLS, because NGINX terminates it

2 years ago

The Digital Ocean tutorial you referenced includes several steps for setting up the CA certificate, establishing a CA trust for the self-signed SSL certificate that NGINX uses. How did you skip that step and get a working registry? The registry should be complaining about not trusting the certificate during login, unless you're using an older registry.

3 years ago

Excellent exactly what I needed put SSL to a private docker registry without dealing with nginx configuration. (I tried with apache with no success)

Thanks a lot.