Deploy a self-hosted Docker registry


In this tutorial, How to Deploy a self-hosted Docker registry with self-signed certificates. How to access it from a remote machine.

Prepare your directories

I will create on my user home directory, but you can place them in any directory.

mkdir ~/registry

Create subdirectories in the registry directory.

mkdir ~/registry/{certs,auth}

Go into the certs directory.

cd ~/registry/certs

Create a private key

openssl genrsa 1024 >
chmod 400

The output terminal is as below:

Deploy a self-hosted Docker registry

Create a docker_register.cnf file with the content as below:

nano docker_register.cnf

In that file, paste the following contents.


default_bits  = 2048

distinguished_name = req_distinguished_name

req_extensions = req_ext

x509_extensions = v3_req

prompt = no


countryName = XX

stateOrProvinceName = N/A

localityName = N/A

organizationName = Self-signed certificate

commonName = Self-signed certificate


subjectAltName = @alt_names


subjectAltName = @alt_names


IP.1 =

Note: Make sure to change IP.1 to match the IP address of your hosting server.

Save and close the file.

Generate the key with:

openssl req -new -x509 -nodes -sha1 -days 365 -key -out -config docker_register.cnf

Go into auth directory.

cd ../auth

Generate an htpasswd file

docker run --rm --entrypoint htpasswd registry:2.7.0 -Bbn USERNAME PASSWORD > htpasswd

Where USERNAME is a unique username and PASSWORD is a unique/strong password.

The output terminal is the picture below:

Deploy a self-hosted Docker registry 2

Now, Deploy a self-hosted Docker registry

Change back to the base registry directory.

cd ~/registry

Deploy the registry container with the command below:

docker run -d \

--restart=always \

--name registry \

-v `pwd`/auth:/auth \

-v `pwd`/certs:/certs \

-v `pwd`/certs:/certs \

-e REGISTRY_AUTH=htpasswd \






-p 443:443 \

Deploy a self-hosted Docker registry free

Now, you can access it from the local machine. however, you want to access it from a remote system. we need to add a ca.crt file. you need the copy the contents of the ~/registry/certs/ file.

Login in to your second machine

Create folder

sudo mkdir -p /etc/docker/certs.d/SERVER:443

where SERVER is the IP address of the machine hosting the registry.

Create the new file with:

sudo nano /etc/docker/certs.d/SERVER:443/ca.crt

paste the contents from ( from the hosting server) save and close the file.

How to login to the new registry

From the second machine.

docker login -u USER -p https://SERVER:443

Where USER is the user you added when you generated the htpasswd file above.


You have to Deploy a self-hosted Docker registry. I hope will this your helpful. Thank you for reading the DevopsRoles page!


About HuuPV

My name is Huu. I love technology and especially Devops Skill such as Docker, vagrant, git so forth. I likes open-sources. so I created site to share the knowledge that I have learned. My Job: IT system administrator. Hobbies: summoners war game, gossip.
View all posts by HuuPV →

Leave a Reply

Your email address will not be published.

Comment moderation is enabled. Your comment may take some time to appear.

This site uses Akismet to reduce spam. Learn how your comment data is processed.