By Fahad Ahammed in container store raspberry pi

Raspberry Pi and Docker Registry

Raspberry Pi and Docker Registry

Recently I have been using a Raspberry Pi 3B+ bought from a classified advertisement site called Bikroy.com. A student wanted to sell this, as his final college project was done. It was cheaper with an acrylic casing and a fan. However, I wanted to use this Pi for several pet projects. Initially I did install Pi-Hole for network wide adblocker and along with samba with a spare portable hard disk. It was working OK. No extra pressure in this 1GB ram Pi. I thought Why not give it a little bit more pressure?

Thus, I planned to install docker registry in it for my “local private docker hub” type of need. Let me share what I had to do.

What did I need to setup to get Private Docker Registry or Private Docker Hub?

I have Ubuntu Focal Fossa Server version in Raspberry Pi. Needed to install –

  1. docker
  2. docker-compose
  3. apache2-utils

What did I need to configure?

After installing above tools. I used below docker-compose.yml file to initiate the registry server.

version: '3'

services:
  registry:
    image: registry:2
    restart: always
    ports:
    - "5000:5000"
    environment:
      REGISTRY_AUTH: htpasswd
      REGISTRY_AUTH_HTPASSWD_REALM: Registry
      REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
    volumes:
      - ./auth:/auth
      - ./data:/data

In the same directory I created an auth directory and there I created a password file with htpasswd command or apache2-utils package.

htpasswd -c auth/registry.password <username>

After that I just executed

docker-compose up -d

for running the server as a daemon.

As I have installed pi-hole and it’s panel in it already, already have lighttpd server installed. So, I did need to configure lighttpd for accessing the registry with a domain which should be resolved by port 80.

In lighttpd.conf enabled “mod_proxy”.

server.modules = (
"mod_access",
"mod_accesslog",
"mod_auth",
"mod_expire",
"mod_compress",
"mod_redirect",
"mod_setenv",
"mod_rewrite",
"mod_proxy"
)

As I wanted to access my registry via “http://docker.hub.hole” domain. But is not a valid one. So, it was necessary to modify hosts file in my workstation and added this entry in local dns options in pi hole too.

<raspberry_pi_IP> docker.hub.hole

For reverse proxy to 5000 port, needed to create a vhost in lighttpd with reverse proxy in the registry.

$HTTP["host"] == "docker.hub.hole" { #FDQN
accesslog.filename = "/var/log/lighttpd/docker.hub.hole_access.log" # Web server Access log file
server.errorlog = "/var/log/lighttpd/docker.hub.hole_error.log" # Web server Error log file
proxy.balance = "hash" 
proxy.server  = ( "" => ( ( "host" => "<raspberry_pi_ip>", "port" => 5000 ) ) )
}

Restarted the lighttpd server and I could access the registry with the domain.

There were more tasks to do to signing in to this docker hub. As it has no https, I needed to add a line in my workstations docker config.

Added insecure-registries entry in “/etc/docker/daemon.json” –

{
  "metrics-addr" : "0.0.0.0:9323",
  "experimental" : true,
  "insecure-registries" : ["http://docker.hub.hole"]
}

And restarted docker. Then I could login with –

docker login http://docker.hub.hole

by using the password and user which I did set via htpasswd -c ….

By the way, if you face error like-

error authenticating user…

or

Error response from daemon: login attempt to http://192.168.31.101:5000/v2/ failed with status: 401 Unauthorized

Then try to create the password by using – 

htpasswd -cB auth/registry.password <username>

Conclusion

It is damn slow if you do set PI in WiFi. But It does work. I have been working last few days with this hub and it does serve me OK.

Pressure in CPU or RAM is not that high, as I am the only developer using this pi for the containers. There are some very positive things to feel too.

  • It works fine on boot.
  • As lighttpd, it is light and do the job well.
  • Personal Container store, No need to live in fear of pushing the container with confidential contents in it. (which should be in practice and standard in your work flow at the first place.)
  • Using a spare hardware in the full swing
  • DYI project 😛

It is a fun setup. Loved it.