A private Docker registry lets you store and distribute custom Docker images within your organisation without sending them to Docker Hub. This guide sets up a private Docker registry with TLS and basic authentication on Ubuntu 24.04 LTS.
Tested and valid on:
- Ubuntu 24.04 LTS
Prerequisites
- Ubuntu 24.04 LTS server
- Docker Engine and Docker Compose installed
- A domain name pointed to the server
- Certbot installed for SSL certificates
Step 1 – Generate SSL Certificates
Obtain a Let’s Encrypt certificate for your registry domain:
sudo certbot certonly --standalone -d registry.example.comStep 2 – Create Basic Authentication
Install apache2-utils and create a password file:
sudo apt install apache2-utils -y
mkdir -p ~/registry/auth
htpasswd -Bc ~/registry/auth/htpasswd registryuserStep 3 – Create docker-compose.yml
Create the Compose file:
mkdir -p ~/registry && nano ~/registry/docker-compose.ymlAdd:
version: '3.9'
services:
registry:
image: registry:2
ports:
- "5000:5000"
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/fullchain.pem
REGISTRY_HTTP_TLS_KEY: /certs/privkey.pem
volumes:
- registry_data:/var/lib/registry
- /etc/letsencrypt/live/registry.example.com:/certs:ro
- ./auth:/auth
volumes:
registry_data:Step 4 – Start the Registry
Launch the registry:
cd ~/registry && docker compose up -dStep 5 – Log In and Push an Image
Log into your private registry:
docker login registry.example.com:5000Tag and push an image:
docker tag nginx:latest registry.example.com:5000/nginx:latest
docker push registry.example.com:5000/nginx:latestStep 6 – Pull from the Registry
Pull images on another Docker host:
docker pull registry.example.com:5000/nginx:latestConclusion
Your private Docker registry is running on Ubuntu 24.04 LTS with TLS and authentication. All image transfers are encrypted and require valid credentials.
