Is Docker Trusted Registry mandatory to set up a Docker Private Registry?

Question

Not sure if SO is the correct forum to ask the following question. Please move them to the correct one if it's not.

I'd like to set up a Docker Private Registry, but after reading Docker's documentation (and related SO questions) - am not sure if:

• Docker Trusted Registry (DTR) is needed?
• Can I set up a single DTR under the Docker free plan?

Can anyone answer the above?

Answer 1

Docker Trusted Registry is a commercial offering from Docker Inc. It includes the on-premises registry server, optional integration with their UCP product, RBAC, integration with notary (rebranded as Content Trust) for image signing, and vulnerability scanning. There is no free or open source version of DTR itself.

---

Docker does have an open source registry product that you can download and run as a container in your own environment. It's available on the docker hub. Running this is as easy as:

$ docker run -d -p 5000:5000 --restart=unless-stopped --name registry \
  -v registry-data:/var/lib/registry \
  -e "REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/var/lib/registry" \
  registry:2

And then you can push/pull to your local registry with:

$ docker tag your_image 127.0.0.1:5000/your_image:latest
$ docker push 127.0.0.1:5000/your_image:latest
$ docker pull 127.0.0.1:5000/your_image:latest

Note that this is configured as an insecure registry, there are more steps to make it secure with TLS and add authorization. To connect to it from other hosts, you'd need to either add TLS to the registry, or update the other docker hosts with your IP as an insecure registry for dockerd.

---

You can also use Docker Hub itself for your registry if you are posting public images in the cloud. More than a single private repo would required a paid plan.

---

There are also third party implementations of the registry api. Two that I'm aware of are Nexus and Artifactory.