Registry

2026-04-15

Registry is a self-hosted Docker image registry for privately storing and distributing container images.

This compose file deploys a Docker Registry with a Valkey instance for caching. Persistent data is stored on NFS volumes, and the service is proxied through a Traefik reverse proxy with Cloudflare TLS certificates.

Docker Compose

# compose.yaml

services:
  registry:
    image: registry:latest
    container_name: registry
    restart: unless-stopped
    depends_on:
      valkey:
        condition: service_healthy
    # ports:
    #  - 5000:5000
    networks:
      - registry
      - registry_proxy
    volumes:
      - type: volume
        source: docker-nfs
        target: /var/lib/registry
        volume:
          subpath: registry/data
      - type: volume
        source: docker-nfs
        target: /etc/distribution
        volume:
          subpath: registry/config
    environment:
      OTEL_TRACES_EXPORTER: none
      TZ: Europe/London
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=registry_proxy"

      - "traefik.http.services.registry.loadbalancer.server.port=5000"

      - "traefik.http.routers.registry.rule=Host(`registry.${TRAEFIK_BASE_URL}`)"
      - "traefik.http.routers.registry.entrypoints=websecure"
      - "traefik.http.routers.registry.tls.certresolver=cloudflare"

  valkey:
    image: docker.io/valkey/valkey:9
    container_name: registry-valkey
    restart: unless-stopped
    networks:
      - registry
    volumes:
      - type: volume
        source: docker-nfs
        target: /data
        volume:
          subpath: registry/valkey
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "1"
    healthcheck:
      test: ["CMD", "valkey-cli", "ping"]
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 5s
    command: valkey-server --save 30 1 --loglevel warning --requirepass ${VALKEY_PASSWORD}
    environment:
      TZ: Europe/London

volumes:
  docker-nfs:
    driver: local
    driver_opts:
      type: nfs
      o: addr=xxx.xxx.xxx.xxx,nolock,soft,rw,nfsvers=4.2
      device: :/mnt/nfs-volume

networks:
  registry:
    name: registry
  registry_proxy:
    name: registry_proxy

Environment Variables

# .env

VALKEY_PASSWORD=
TRAEFIK_BASE_URL=

Traefik Configuration

# compose.yaml (excerpt)

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    ...
    networks:
      - traefik
      # here
      - registry_proxy
    ...

networks:
  # here
  registry_proxy:
    name: registry_proxy