The Docker Registry

Deploy a registry server

$ docker run -d -p 5000:5000 \
    --restart=always \
    --name registry \
    -v /mnt/registry:/var/lib/registry \
    registry:2

• --restart=always restart automatically when Docker restarts or if it exits
• /var/lib/registry storage location

$ docker pull alpine
$ docker image tag alpine 192.168.99.100:5000/alpine:latest
$ docker image push 192.168.99.100:5000/alpine:latest
# /
$ docker build --tag 192.168.99.100:5000/foo/bar:latest .

$ docker pull 192.168.99.100:5000/alpine:latest

The Docker Engine

Configuration

• Windows: C:\ProgramData\Docker\config\daemon.json
• Linux: /etc/docker/daemon.json

It’s highly recommended to secure your registry using a TLS certificate issued by a known CA, you can choose to use self-signed certificates, or use your registry over an unencrypted HTTP connection.

Configures Docker to entirely disregard security for your registry. This is very insecure and is not recommended. Only used for isolated testing or in a tightly controlled, air-gapped environment.

{
  // ...
  "insecure-registries":["192.168.99.100:5000"]
}

Watchtower

containrrr/watchtower

Update the running version of your containerized app simply by pushing a new image to the Docker Hub or your own image registry.

$ docker run -d \
    --name watchtower \
    -e WATCHTOWER_LABEL_ENABLE=true \ 
    -v /var/run/docker.sock:/var/run/docker.sock \
    containrrr/watchtower

• WATCHTOWER_LABEL_ENABLE=true - Include only containers with the enable label.

docker run -d --label=com.centurylinklabs.watchtower.enable=true someimage