This guide explains how to run a Docker registry using Docker Compose and configure K3s to allow insecure (HTTP) registry access for large image uploads.
- Docker and Docker Compose installed
- (Optional) Self-signed certificates if you want HTTPS (see
generate-certs.sh)
-
Clone or copy the files to your server:
docker-compose.ymlconfig.ymlcerts/(if using HTTPS)
-
Create the data directory:
sudo mkdir -p /opt/docker-registry-data sudo chown $USER:$USER /opt/docker-registry-data
-
Start the registry:
docker compose up -d
- By default, this runs the registry on port 5000 (HTTP)
- For HTTPS, update
docker-compose.ymlandconfig.ymlto use port 443 and provide certs
-
Test the registry:
curl http://localhost:5000/v2/ # Should return {}
Add the following to /etc/docker/daemon.json:
{
"insecure-registries": ["localhost:5000", "yourdomainname.com:5000"]
}Then restart Docker:
sudo systemctl restart dockerAdd the following to /etc/rancher/k3s/registries.yaml:
mirrors:
"yourdomainname.com:5000":
endpoint:
- "http://yourdomainname.com:5000"Then restart K3s:
sudo systemctl restart k3sTag your image for the registry:
docker tag <local-image> yourdomainname.com:5000/<image-name>:<tag>Push the image:
docker push yourdomainname.com:5000/<image-name>:<tag>- If you see
http: server gave HTTP response to HTTPS client, it means the registry is running on HTTP but the client expects HTTPS. Make sure the registry and all configs use HTTP if you don't use TLS. - For large uploads, ensure timeouts are set high in
config.ymland Docker Compose. - If you change ports, update all references in configs and
/etc/hostsas needed.