In my Bare-Metal Kubernetes tutorial, I explained how to set up your own private Docker registry, but since Nexus also lets you do that, we might as well kill two birds with one stone and do it here.
To configure Nexus for this, first create a new blob store for your images.[1]This step is optional, if you want to store the images in their own sub-directory..
Then create a new repository, of type docker (hosted).
To configure the repo:
- Give the repo a name (e.g. my-docker).
- Create an HTTP connector at port 8083[2]Docker needs to be handled over a separate port since most Nexus repositories are handled via a URL of the form http://nexus3:8081/repository/{REPO-NAME}/..., but this is not a valid Docker image name..
- Allow anonymous pulls.
- If you want to make the images immutable, set the deployment policy to Disable redeploy.
- Configure the blob store you want to keep images in.
Because Nexus is now listening on a new port, add --publish 8083:8083 to your docker run command, and restart the server.
If you haven't already done so, activate the Docker Bearer Token Realm in the Security/Realms tab of the admin interface.
Create a user for pushing images
We don't want to allow just anybody to push images to our private registry, so we need to limit access to it. While we could just use the admin account, this is obviously not a Good Thing™ to do, so we'll create a new user that has specific permissions for this (and only this).
In the Security/Roles tab, create a new Nexus role and give it the nx-repository-view-docker-my-docker-* privilege (a shorthand for the -add, -browse, -delete, -edit and -read privileges).
These privileges allow people to use the my-docker registry[3]For example, push or delete images., but if you want to also allow them to administer the registry, assign the nx-repository-admin-docker-my-docker-* privilege, as well.
Then, in the Security/Users tab, create a new user and assign it the my-docker role we just created.
This is the user we will login as on the client computer, that has permission to push images.
Client configuration
On the client computer, allow access to the private registry over HTTP by adding the following entry to /etc/docker/daemon.json:
{
"insecure-registries": [ "nexus3:8083" ]
}
Then restart the Docker service:
sudo systemctl restart docker
Login to the private Docker registry, as the user we created above:
docker login nexus3:8083 Then tag an image with the name of your Nexus server, and push it: docker tag hello-world nexus3:8083/my-hello-world docker push nexus3:8083/my-hello-world |
|
If you go to another computer, you can pull the image from the registry, without needing to login[4]Since the registry allows anonymous pulls.:
docker pull nexus3:8083/my-hello-world |
|
References
| ↵1 | This step is optional, if you want to store the images in their own sub-directory. |
|---|---|
| ↵2 | Docker needs to be handled over a separate port since most Nexus repositories are handled via a URL of the form http://nexus3:8081/repository/{REPO-NAME}/..., but this is not a valid Docker image name. |
| ↵3 | For example, push or delete images. |
| ↵4 | Since the registry allows anonymous pulls. |
I am a 
