How to set up a private Docker registry

Question

QA Hub Editorial · Accepted Answer

Short answer Run the official registry image, expose it over HTTPS with TLS certificates, configure basic auth or token auth, and optionally back it with S3, NFS, or local storage. Details A minimal secure registry uses a reverse proxy (Nginx or Traefik) for TLS termination and htpasswd for authentication: docker run -d -p 5000:5000 --name registry \ -v $(pwd)/auth:/auth \ -e REGISTRY_AUTH=htpasswd \ -e REGISTRY_AUTH_HTPASSWD_REALM=Registry \ registry:2 Before pushing, make sure you are building Docker images with tagged names that include the registry host. Persistent storage is critical; mount Docker volumes or object storage so images survive container restarts. For high availability, run multiple registry instances behind a load balancer with shared storage and Redis for blob metadata caching. Tips Use a content trust framework or Notary to sign images and prevent tampering. Regularly prune old tags to control disk usage, or enable automatic garbage collection. Restrict registry access to internal VPNs or private subnets for defense in depth.

Short answer

Details

Tips

Related Questions

What is the difference between Docker run and Docker compose

How to implement Docker image scanning for security vulnerabilities

What is container orchestration beyond Kubernetes

How to use Docker secrets for sensitive data

How to implement log management with the ELK stack

How to use Docker BuildKit for faster builds