This article shows how you can set up a Docker Private Registry with authentication and SSL using Nexus Repository OSS.
Nexus Repository OSS is a universal repository manager with support for all major package formats and types. It’s a free solution for storing and sharing Docker images and other components like NuGet or NPM packages across the deployment pipeline while keeping your proprietary and third-party images private and secure.
- In addition, using Nexus, we can store custom-built Docker images by configuring and creating a Nexus private registry. Here, step by step, is how to create and configure the Nexus private registry. We can install Nexus as a service or as a Docker container using Docker-Compose. In this setup, we are configuring Nexus as a Docker container.
- Docker Hub is the original registry for Docker container images and it is being joined by more and more other publicly available registries such as the Google Container Registry and others. Nexus Repository Manager Pro and Nexus Repository Manager OSS support Docker registries as the Docker repository format for hosted and proxy repositories.
- Install docker-compose. Sudo pip install docker-compose. Make sure Docker is running. Sudo systemctl start docker.service Configure & Start Nexus. On EC2 host, create a new Nexus directory, a Data directory (we can use this dir for backups), and create a new Docker-Compose file. Mkdir /etc/nexus mkdir /etc/nexus/nexus-data touch /etc/nexus.
Make sure Docker is installed and up and running. Nexus is up and running and Docker registry is already is configured. If you have not yet, click here to setup Nexus 3 to configure as Docker Registry. Steps to configure in Docker to upload Docker images to Nexus: Configure Docker service to use insecure registry with http.Create Docker daemon.
I am using an Ubuntu Server 16.04 and Docker 1.12 to host the Nexus Repository and NGINX containers.
Running Nexus Repository container
First you have to build your own Nexus 3 docker image and expose port 8081 and 5000. Nexus management UI will run on 8081 while Docker Registry will run on 5000. This Docker image can be found on Docker Hub at stefanprodan/nexus.
Create a directory named nexus and add a Dockerfile with the following content:
Next you need to create a dedicated docker network for your registry:
Now you can build the nexus image and run the nexus container:
/path/to/nexus-data with your own location.
Running NGINX as reverse proxy for Nexus
Create a directory named nginx and add a Dockerfile with the following content:
In the same directory create the nginx.conf file with the following content:
nexus.demo.com with your own domain. The NGINX server detects if a call is made by the docker client, based on user agent, and redirects that call to the Docker Registry.
Build and run the NGINX container:
Now you can access the Nexus UI by navigation to your nexus sub-domain. The default credentials are
admin123, you should change them before proceeding with the setup. Nexus can be configured to support static or dynamic user and group definitions and can authenticate users against LDAP or Active Directory.
Navigate to the repository administration page and create a new repository by selecting the docker (hosted) recipe. In the repository connectors section, check Create an HTTP connector at specified port and insert 5000 as the port value. For a detailed walkthrough check the nexus documentation on Docker Registry.
At this point, the Docker Registry is up and running, but you can’t access it from a docker client because Docker requires the registry to run on SSL.
You can use letsencrypt certbot to generate a certificate for nexus sub-domain or you can use CloudFlare to manage your domain and enable the free Flexible SSL option. Since certbot NGINX plug-in is still experimental I opted for the CloudFlare certificate.
Nexus Docker Registry Setup Mac
Once you’ve configured the certificate you can start using the Docker Private Registry by logging in with your nexus credentials:
Nexus Docker Registry Setup Windows 10
Nexus Repository OSS is used by more than 100,000 development teams, if you need to run a self-hosted Docker Registry you should consider using Nexus.