Setup Docker Registry on RPi
The goal

Set up a local Docker Registry so that when the GitLab CI does it's thing, it is not constantly downloading the images over the Internet saving time and bandwidth.


  • Raspberry Pi Model 3B+

  • Raspberry OS (2021-10-30-raspios-bullseye-armhf-lite)

  • hostname = dhub so hostname -f =

  • using "pi" as the user

  • Note: using as domain, change that to the correct domain where needed

  • In this case: OS is ArcoLinux

  • Docker is already installed and working

Setup the Server:

Install Raspberry OS (search for instructions on internet)

sudo apt install vim

Update to use static IP instead of DHCP (search for instructions on internet) (hint: sudo vim /etc/dhcpcd.conf)

Since I am using PiHole for the DNS server, ssh into PiHole and add DNS entry to /etc/pihole/custom.list and restart DNS

Install and setup Docker Registry.

Install Docker:

curl -fsSL -o


sudo usermod -aG docker pi


Check if it works:

docker ps


docker images

Both should display just the report header.

Setup a more secure system:


Create a directory to hold the certificates:

mkdir certs

Create a cert:

openssl req \
  -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
  -addext "subjectAltName =" \
  -x509 -days 365 -out certs/domain.crt

Answer the questions it will ask.

Note: the cert will expire in 365 days! Will need to renew in a year.

Start Docker Registry with a run command: (This will pull the Registry image from Docker Hub and start it)

docker run -d \
  --restart=always \
  --name registry \
  -v "$(pwd)"/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  -p 443:443 \

The certs on Server and Computer must match.

(Again, for this example, the computer is running Arch Linux, there may be a different process for other OS's.)

Copy the domain.crt from $HOME/certs on Server to Computer.

On Computer: copy domain.crt to /etc/ca-certificates/trust-source/anchors/ and it must have a .crt extension.

sudo trust extract-compat

Also on Computer:

sudo vim /etc/docker/daemon.json

Add the following line:

  "registry-mirrors": [""]

Restart docker on Computer.

sudo systemctl restart docker

And then test it.



Since this is the first time, it should be an empty list.

Select an image from Docker Hub and pull it:

docker pull <new image>


should display the new image stored on Server.