Private Docker Registry Installation

It is advisable to have a local registry for your targets in order to simply deployment and maintenance.

There are many ways you can do that depending on your network topology and available resources.

The following guide will provide instructions on running your own registry.

On VPN gateway (OpenBSD)

The suggested way is to run the docker registry on its own system, however the next best thing as far as flexibility goes is to run it on your VPN gateway and limit access to the registry to dockerd servers.

We assume you followed the VPN Server Installation

You can use the provided playbook to setup the docker registry on the VPN gateway

ansible-playbook --connection=local -i 127.0.0.1, runonce/docker-registry.yml
# or with settings.yml
ansible-playbook --connection=local -i 127.0.0.1, runonce/docker-registry.yml -e '@settings.yml'

On dedicated server (OpenBSD)

Alternatively, you can proceed with manual installation by following the steps.

Install the needed packages

pkg_add -vi go git

Create a user to run the registry (ie registry)

useradd -m registry
mkdir -p ~registry/storage

Install and configure the go docker registry (these steps assume you are in the root folder of the project echoCTF.RED/)

#export GOPATH="/home/registry/go"
git clone https://github.com/distribution/distribution.git
cd distribution/cmd/registry/main
git checkout 90939f1173f65356e724f398793b4d7239a49595
go build main.go
install -o root /root/distribution/cmd/registry/main /usr/local/sbin/registry
install -m 555 -o root -g wheel contrib/docker_registry.rc /etc/rc.d/docker_registry
install -m 444 -o root -g wheel contrib/docker-registry.yml /etc/docker-registry.yml
install -d  -o registry /home/registry/storage
rcctl set docker_registry status on
rcctl start docker_registry

As Docker container

There is an official docker registry image available at https://hub.docker.com/_/registry

docker run -d -p 5000:5000 --restart always --name registry registry:2