📦 (Post 4): Docker Registries: Docker Hub, Private Registry & Image Sharing!

After building beautiful containers and connecting them in networks, it's time to share your hard work. Whether you're working in a team, deploying to servers, or simply backing up your images — Docker Registries are the way to store and distribute container images across systems.

🗂 What is a Docker Registry?

A Docker registry is a storage and distribution system for named Docker images. It holds versions of images (tags) and allows push/pull access through Docker clients.

Common Registries:

• 📌 Docker Hub — Public & private repositories, hosted by Docker Inc.
• 📌 Private Registry — Your own self-hosted or cloud-hosted image registry.
• 📌 Others — GitHub Container Registry, Google Artifact Registry, AWS ECR, etc.

☁️ Docker Hub Basics

Docker Hub is like GitHub — but for Docker images. It's the default registry Docker pulls from.

🔐 Logging in:

docker login

You'll be prompted for your Docker ID and password. This stores a token in ~/.docker/config.json.

🏷 Tagging an Image:

Before pushing, tag it properly with your Docker Hub username:

docker tag myapp aelify/myapp:v1

⬆️ Pushing to Docker Hub:

docker push aelify/myapp:v1

⬇️ Pulling from Docker Hub:

docker pull aelify/myapp:v1

🧼 Best Practices:

• 🔸 Always use :tags instead of :latest for better version control.
• 🔸 Keep images small using multi-stage builds.
• 🔸 Set your repos to private when sharing sensitive images.

🔐 Hosting Your Own Private Docker Registry

Don't want to rely on Docker Hub? You can host your own registry using the official image.

⚙️ Start a Registry Container

docker run -d \
  -p 5000:5000 \
  --name registry \
  registry:2

This will start a local registry at localhost:5000.

📦 Tag and Push to Local Registry

docker tag myapp localhost:5000/myapp
docker push localhost:5000/myapp

📥 Pull from Local Registry

docker pull localhost:5000/myapp

🛡 Securing with a Domain and SSL (Advanced)

Running a private registry in production? You'll need a domain + HTTPS.

Step 1: Nginx Reverse Proxy

server {
  listen 443 ssl;
  server_name registry.mycompany.com;

  ssl_certificate /etc/nginx/ssl/fullchain.pem;
  ssl_certificate_key /etc/nginx/ssl/privkey.pem;

  location / {
    proxy_pass http://localhost:5000;
  }
}

Step 2: Docker Daemon Trust

Tell Docker to trust your registry:

// /etc/docker/daemon.json
{
  "insecure-registries" : ["registry.mycompany.com:5000"]
}

Then restart Docker:

systemctl restart docker

🔑 Managing Credentials Securely

Docker stores auth credentials in ~/.docker/config.json. To prevent leakage:

• 🔐 Use docker logout after pushes on shared systems.
• 🔐 Mount secrets using Docker Swarm instead of ENV vars (if using Swarm).
• 🔐 Use credential helpers like pass, osxkeychain, or wincred.

🚀 Recap: Image Lifecycle

1. 🛠 Build your image locally.
2. 🏷 Tag the image with registry address.
3. 🔐 Login to the registry.
4. ⬆️ Push to registry.
5. ⬇️ Pull on another host.

📌 Summary

• 🗂 Docker Hub is the easiest way to share images publicly or privately.
• 🏢 Set up a Private Registry for enterprise or internal needs.
• 🔐 Use SSL and auth for production registries.
• 🔑 Secure your Docker credentials & automate with CI/CD.

Next time someone says "where's your image?", you'll know exactly how to store, tag, push, and secure your Docker builds like a pro 💪.

In our next post, we'll dive into 🕸 (Post 5): Orchestrating Containers with Docker Swarm & Kubernetes Basics!

— Blog by Aelify (ML2AI.com)