Setup Secure Docker Private Registry in Linux | Step-by-Step Tutorial with SSL & Authentication

Want to host your own Docker Private Registry securely on Linux? In this step-by-step tutorial, you’ll learn how to deploy a **secure, self-hosted Docker Registry** using **Nginx reverse proxy, SSL encryption (SANs), and basic authentication**. 🔐 Perfect for DevOps engineers, developers, or anyone working with **CI/CD pipelines** and **container security**. ⏱️ **Timestamps:** 00:00 - Introduction 00:26 - Why You Need a Private Docker Registry 01:07 - Prerequisites 02:01 - Step 1: Generate SSL Certificate with SANs 04:39 - Step 2: Docker Compose Setup for Registry + Nginx 06:18 - Step 3: Configure Nginx Reverse Proxy with SSL 07:49 - Step 4: Add Basic Auth with htpasswd 09:13 - Step 5: Trust Self-Signed Cert on Docker Client 10:55 - Step 6: Push & Pull Docker Images Securely 13:23 - Troubleshooting Tips 📁 **Create SSL Certificates (with SANs):** mkdir -p ~/private-registry/certs && cd ~/private-registry/certs 📄 `openssl.cnf` (update domain as needed): [req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = New York L = New York O = LinuxTechi OU = IT Department CN = registry.linuxtechi.org [v3_req] keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = registry.linuxtechi.org 🔑 **Generate Key and Certificate:** openssl genrsa -out registry.linuxtechi.org.key 2048 openssl req -new -key registry.linuxtechi.org.key -out registry.linuxtechi.org.csr -config openssl.cnf openssl x509 -req -days 365 -in registry.linuxtechi.org.csr -signkey registry.linuxtechi.org.key -out registry.linuxtechi.org.crt -extensions v3_req -extfile openssl.cnf 📁 **Create Docker Compose Directory:** mkdir -p ~/private-registry/nginx/conf.d cd ~/private-registry 📝 **docker-compose.yml** services: registry: image: registry:latest ports: - "5000:5000" environment: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: Registry REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /registry-data volumes: - ./auth:/auth - ./registry-data:/registry-data restart: always nginx: image: nginx:latest ports: - "80:80" - "443:443" volumes: - ./nginx/conf.d:/etc/nginx/conf.d - ./certs:/etc/nginx/ssl depends_on: - registry restart: always 📝 **Nginx Reverse Proxy Config:** vi ~/private-registry/nginx/conf.d/default.conf server { listen 80; server_name registry.linuxtechi.org; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name registry.linuxtechi.org; ssl_certificate /etc/nginx/ssl/registry.linuxtechi.org.crt; ssl_certificate_key /etc/nginx/ssl/registry.linuxtechi.org.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; client_max_body_size 0; chunked_transfer_encoding on; location / { proxy_pass http://registry:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; proxy_set_header Authorization $http_authorization; proxy_pass_request_headers on; proxy_buffering off; } } 🚀 **Start the Services:** cd ~/private-registry docker compose up -d 🔐 **Create Auth with `htpasswd`:** sudo apt install apache2-utils -y sudo htpasswd -Bc ~/private-registry/auth/registry.password devops 🔒 **Trust Certificate on Client Machine:** sudo mkdir -p /etc/docker/certs.d/registry.linuxtechi.org:443 sudo cp registry.linuxtechi.org.crt /etc/docker/certs.d/registry.linuxtechi.org:443/ca.crt sudo systemctl daemon-reload sudo systemctl restart docker 📦 **Login and Push Image:** docker login registry.linuxtechi.org:443 docker tag hello-world registry.linuxtechi.org:443/devops/my-app:latest docker push registry.linuxtechi.org:443/devops/my-app:latest 🔄 **Test Pull:** docker rmi registry.linuxtechi.org:443/devops/my-app:latest docker pull registry.linuxtechi.org:443/devops/my-app:latest 🧰 **Common Issues & Fixes:** ✅ Certificate Error? - Check SANs in cert and Docker trust path. ✅ Login Failed? - Double-check `htpasswd` file + restart Docker. ✅ Nginx Error? - Validate paths in `default.conf` and view logs: docker logs nginx_container_id sudo tail -f /var/log/nginx/error.log 📌 **Subscribe for more DevOps tutorials** like this. 👍 Like & 💬 Comment if this helped you. 🔔 Don't forget to turn on the bell icon for updates! #Docker #PrivateRegistry #DevOps #LinuxTechi #SelfHosted #ContainerSecurity #Nginx #SSL #DockerCompose #LinuxTutorial