Docker Private Registry + Let’s Encrypt on Ubuntu 18.04


In this post I describe how to create a Docker private registry. with Let’s Encrypt. As environment we will use vagrant and Ubuntu 18.04



We will need an installed docker and certbot

  • Docker installation
$ sudo apt-get remove docker docker-engine containerd runc
$ sudo apt-get update

$ sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
$ curl -fsSL | sudo apt-key add -
$ sudo add-apt-repository \
"deb [arch=amd64] \
$(lsb_release -cs) \
$ sudo apt-get update
$ sudo apt-get install docker-ce docker-ce-cli
  • certbot instalaltion
$ sudo add-apt-repository ppa:certbot/certbot -y
$ sudo apt update
$ sudo apt install certbot -y

Creating a Docker registry

Now that we have all the necessary components installed, we can start creating our private registry

#Switch to root
$ sudo su
#Get files with certbot
$ certbot certonly --standalone --preferred-challenges http --non-interactive --staple-ocsp --agree-tos -m -d
#Setup Let's Encrypt automatic update settings
$ cat <<EOF > /etc/cron.d/letencrypt
30 2 * * 1 root /usr/bin/certbot renew >> /var/log/letsencrypt-renew.log && cd /etc/letsencrypt/live/ && cp privkey.pem domain.key && cat cert.pem chain.pem > domain.crt && chmod 777 domain.*
#SSL certificates
$ cd /etc/letsencrypt/live/ && \
cp privkey.pem domain.key && \
cat cert.pem chain.pem > domain.crt && \
chmod 777 domain.*
#Log in and push. The username is testuser and the password is Password123.
$ mkdir -p /mnt/docker-registry
$ docker run --entrypoint htpasswd registry:latest -Bbn testusesr Password123 > /mnt/docker-registry/passfile
docker run -d -p 443:5000 --restart=always --name registry \
-v /etc/letsencrypt/live/ \
-v /mnt/docker-registry:/var/lib/registry \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_PATH=/var/lib/registry/passfile \

Now we need to open port 443 and then we can check if everything works properly.

$ sudo ufw allow 80
$ sudo ufw allow 443
$ curl

In result we should see something like this {“repositories”: []}

Push into registry

You need to log in to docker first.

$ docker login -u testuser -p Password123
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded

Now we can push docker images into our private registry

$ docker pull alpine:latest
$ docker tag alpine:latest
$ docker push
The push refers to repository []
2831c86be5c6: Pushed

 by the author.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



DevOps Consultant. I’m strongly focused on automation, security, and reliability.