Private Registry Mirror / Registry Cache

Jan 1, 0001

Definition

A Private Registry Mirror or Registry Cache is a local copy of a container image registry that serves as an intermediary between a public registry and an organization’s internal infrastructure. It helps in reducing latency, improving download speeds, and ensuring availability even if the public registry is down. Additionally, it can enhance security by allowing organizations to apply their own access controls and vulnerability scanning policies before images are used in production.

Secure Settings Example

version: '2'
services:
  registry:
    image: registry:2
    ports:
      - "5000:5000"
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
      REGISTRY_HTTP_TLS_KEY: /certs/domain.key
    volumes:
      - /var/lib/registry
      - ./certs:/certs
    restart: always

Insecure Settings Example

version: '2'
services:
  registry:
    image: registry:2
    ports:
      - "5000:5000"
    environment:
      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
    volumes:
      - /var/lib/registry
    restart: always