Registry Mirror / Air-gapped Registry

Jan 1, 0001

Definition

A Registry Mirror is a local cache of a container image registry that helps reduce latency and bandwidth usage by serving images from a nearby source. An Air-gapped Registry is a container image registry that operates in a network environment isolated from the internet, often used in high-security environments to prevent unauthorized access and data exfiltration. Both setups are crucial for maintaining performance and security in environments with strict network policies or limited internet connectivity.

Secure Settings Example

# Docker Daemon configuration for a secure registry mirror
{
  "registry-mirrors": ["https://my-secure-mirror.local"],
  "insecure-registries": [],
  "tlsverify": true,
  "tlscacert": "/etc/docker/certs.d/my-secure-mirror.local/ca.crt",
  "tlscert": "/etc/docker/certs.d/my-secure-mirror.local/client.cert",
  "tlskey": "/etc/docker/certs.d/my-secure-mirror.local/client.key"
}

Insecure Settings Example

# Docker Daemon configuration with insecure settings
{
  "registry-mirrors": ["http://my-insecure-mirror.local"],
  "insecure-registries": ["my-insecure-mirror.local"],
  "tlsverify": false
}

Registry Mirror / Air-gapped Registry

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter