Creating a private repository for your image

We provide a private image registry you can push images to with each service. To make use of it you can start by creating a service and configuring it:

Note that we are leaving the Image empty, this will auto-populate the service with the provisioned registry. We are also setting Replicas to 0 to avoid starting the service and incurring costs before we have pushed the image.

Now you can click on Create:

Now you can click on the newly created service:

And copy the image:

Configuring docker to use Nhost’s registry

The CLI can configure docker automatically to be able to push and pull images from the docker registry. To do so you need to run the following command:

$ nhost docker-credentials configure

Installing credentials helper for docker in /usr/local/bin/docker-credential-nhost-login
I need root privileges to install the file. Please, enter your password.
Password:
- I am about to configure docker to authenticate with Nhost's registry. This will modify your docker config file on /Users/dbarroso/.docker/config.json. Should I continue? [y/N] y

After you have configured the credentials helper with the command above docker should be able to interact with your images normally:

$ docker buildx build \
    --push \
    --platform linux/amd64,linux/arm64 \
    -t registry.eu-central-1.nhost.run/f02bb536-f785-4732-9eb8-d1d3664d7949:123 \
    .
[+] Building 8.7s (11/11) FINISHED                                                                                                                  docker-container:focused_dirac
 => [internal] load .dockerignore                                                                                                                                             0.0s
 => => transferring context: 2B                                                                                                                                               0.0s
 => [internal] load build definition from Dockerfile                                                                                                                          0.0s
 => => transferring dockerfile: 96B                                                                                                                                           0.0s
 => [linux/arm64 internal] load metadata for docker.io/library/node:18-slim                                                                                                   6.4s
 => [linux/amd64 internal] load metadata for docker.io/library/node:18-slim                                                                                                   6.4s
 => [linux/arm64 1/2] FROM docker.io/library/node:18-slim@sha256:bfa807593c4e904c9dbdeec45a266d38040804e498c714bddf59734a1ed34730                                             0.0s
 => => resolve docker.io/library/node:18-slim@sha256:bfa807593c4e904c9dbdeec45a266d38040804e498c714bddf59734a1ed34730                                                         0.0s
 => [internal] load build context                                                                                                                                             0.0s
 => => transferring context: 28B                                                                                                                                              0.0s
 => [linux/amd64 1/2] FROM docker.io/library/node:18-slim@sha256:bfa807593c4e904c9dbdeec45a266d38040804e498c714bddf59734a1ed34730                                             0.0s
 => => resolve docker.io/library/node:18-slim@sha256:bfa807593c4e904c9dbdeec45a266d38040804e498c714bddf59734a1ed34730                                                         0.0s
 => CACHED [linux/arm64 2/2] ADD app.js app.js                                                                                                                                0.0s
 => CACHED [linux/amd64 2/2] ADD app.js app.js                                                                                                                                0.0s
 => exporting to image                                                                                                                                                        2.2s
 => => exporting layers                                                                                                                                                       0.0s
 => => exporting manifest sha256:b38199ab8a25d3c765cd763be8af6ea6b3542455f2e7ad37f92924538dbc2af7                                                                             0.0s
 => => exporting config sha256:d66a5274b034a3b5698044a03bbec53dccc9e4f5f774701c59604fa17c8f0ff3                                                                               0.0s
 => => exporting attestation manifest sha256:c5487067b094ab1d7a81a216595a0f773c55ceec95319e844cded94247e4d341                                                                 0.0s
 => => exporting manifest sha256:f1c56d22755cae4d73ee432f11d248ca10ae4b89be3d56f0ffe95e5d7ce10542                                                                             0.0s
 => => exporting config sha256:a532f91c5f9899a150b9c981933fa3b163879dcb5ceb48ebc132f72b564a5878                                                                               0.0s
 => => exporting attestation manifest sha256:9e1a0207de26c335df4cee8398ada86f7b6a68ebb86e39550fe862416a10df84                                                                 0.0s
 => => exporting manifest list sha256:f0d8521804f16280642e99c8c25bbd66f659a9a9bd7bb72cf0726dd98d9bfb00                                                                        0.0s
 => => pushing layers                                                                                                                                                         1.2s
 => => pushing manifest for registry.eu-central-1.nhost.run/f02bb536-f785-4732-9eb8-d1d3664d7949:123@sha256:f0d8521804f16280642e99c8c25bbd66f659a9a9bd7bb72cf0726dd98d9bfb00  1.0s
 => [auth] sharing credentials for registry.eu-central-1.nhost.run                                                                                                            0.0s
The credentials helper will authenticate requests with the logged in user, so don’t forget to authenticate with your user before trying to push or pull images. You can log in by running the command nhost login.

Updating the image in the service configuration

After you have pushed your image you can click on your service again and update the configuration:

Notice we added the tag :123 to the image that was already pre-populated and that we increased replicas to 1 to unpause the service. Don’t forget to copy the URL where we are exposing the service. Now you can click on update:

Wait a few seconds until the project is done updating the new service and visit the URL we copied before:

Using your own private registry

If you are publishing your images in your own private registry you can add pull credentials to your Run configuration so the image can be pulled successfully. To do so follow the next steps:

  1. Figure out the credentials you need. This might depend on your registry. For instructions on various registries see the next section.
  2. The credentials will be similar to:
{
  "auths": {
    "https://myregistry.com/v1": {
      "username": "myuser",
      "password": "mypassword"
    }
  }
}
  1. Create a secret under Settings -> Secrets with the contents of the auth section. For instance:

Pay attention that only the object inside “auths” is to be added.

  1. Configure the pullCredentials in your run configuration.
[image]
image = 'myprivaterepo/myservice:1.0.1'
pullCredentials = '{{ secrets.CONTAINER_REGISTRY_CREDENTIALS }}'

Pulling your image should work now.

Docker Hub Credentials

To create a credential that allows you to pull private images from Docker hub follow the next steps:

  1. Login to https://hub.docker.com with a user that can pull the image you want.
  2. Head to “Account Settings” -> “Personal access tokens”
  3. Create a new token with “Read Only” access permissions
  4. Copy the token you got

Your credentials will be:

{
  "https://index.docker.io/v1/": {
    "username":"<yourusername>",
    "password":"<the_token_you_just_got>"
  }
}
ResourcesLocal development