Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Nettalco/dokploy/llms.txt

Use this file to discover all available pages before exploring further.

By default, Dokploy can pull any publicly available Docker image. To pull images from a private registry — your own Docker Hub repository, a GitHub Container Registry namespace, an AWS ECR repository, or any other Docker-compatible registry — you must first add the registry credentials to Dokploy. Once added, those credentials are securely stored and made available to the Docker daemon when building or deploying services.

Why Connect a Registry

  • Private images: Deploy application images that are not publicly accessible without exposing credentials in environment variables or Dockerfiles.
  • CI/CD pipeline integration: Push a freshly built image from your CI system and have Dokploy deploy it immediately using the same registry credentials.
  • Organisation registries: Use images stored in a shared organisational registry (e.g. a self-hosted Harbor instance) without distributing credentials to each team member.

Adding a Registry

1

Open Registries settings

In the Dokploy dashboard, navigate to Settings → Registries and click Add Registry.
2

Enter registry details

Fill in the following fields:
FieldDescription
Registry NameA friendly label used to identify this registry in the UI (e.g. Company ECR).
Registry URLThe registry hostname, without a protocol prefix (e.g. registry.hub.docker.com, ghcr.io, 123456789.dkr.ecr.us-east-1.amazonaws.com).
UsernameYour registry username or, for AWS ECR, AWS.
Password / TokenYour registry password, personal access token, or, for AWS ECR, the temporary token returned by aws ecr get-login-password.
Image PrefixOptional namespace prefix prepended to image names when pulling from this registry (e.g. myorg). Leave blank to use images as-is.
3

Test the connection

Click Test. Dokploy calls registry.testRegistry, which runs docker login <url> --username <user> --password-stdin against the registry and returns true on success or a descriptive error on failure.
4

Save

Click Save. Dokploy calls registry.create to persist the registry record (credentials are stored encrypted).

Supported Registries

Dokploy works with any registry that implements the Docker Registry HTTP API v2. Common options include:
RegistryURL FormatNotes
Docker Hubregistry.hub.docker.comUse your Docker Hub username and a personal access token (PAT).
GitHub Container Registryghcr.ioUsername is your GitHub username; password is a PAT with read:packages scope.
GitLab Registryregistry.gitlab.comUse a deploy token or personal access token.
AWS ECR<account>.dkr.ecr.<region>.amazonaws.comUsername is AWS; password is the short-lived token from aws ecr get-login-password.
Google Artifact Registry<region>-docker.pkg.devUsername is oauth2accesstoken; password is the output of gcloud auth print-access-token.
Self-hosted (Harbor, Nexus, etc.)Your instance hostnameAny registry implementing Docker Registry HTTP API v2 is supported.

Testing a Registry Connection

Two test endpoints are available:

Test with inline credentials — registry.testRegistry

Used when filling in the form before saving. Accepts registryUrl, username, password, and an optional serverId. Runs docker login and returns true or throws with the Docker error message.

Test a saved registry — registry.testRegistryById

Used after a registry has already been saved. Accepts a registryId (and optional serverId) and looks up the stored credentials before running docker login. Useful for verifying that credentials are still valid after a password rotation.
# Equivalent shell command Dokploy runs internally
echo "<password>" | docker login <registryUrl> --username <username> --password-stdin
On a multi-server setup, pass the serverId of the target server to both test endpoints. Dokploy will run the docker login command on the remote server via SSH, ensuring the credentials are tested against the actual Docker daemon that will pull images at deploy time.

Using a Private Image in an Application

Once a registry is saved, you can reference its images when creating an application.
1

Create or edit an application

Open a project and click New Service → Application (or edit an existing one).
2

Set source to Docker Image

In the Source section, select Docker Image.
3

Select the registry

Choose the registered registry from the Registry dropdown. Dokploy will use the stored credentials to authenticate the pull.
4

Enter the image name and tag

Enter the full image path relative to the registry (e.g. myorg/myapp:latest). Dokploy combines the registry URL and image name to form the full pull reference.
5

Deploy

Save and deploy. Dokploy authenticates with the registry before pulling the image.

Managing Registries

ActionAPI Endpoint
List all registriesregistry.all
Get a single registryregistry.one
Update a registryregistry.update
Remove a registryregistry.remove
Test with inline credentialsregistry.testRegistry
Test a saved registryregistry.testRegistryById
All registry endpoints enforce the registry permission — create, read, update, or delete — at the organisation level.
Registry credentials (passwords and tokens) are encrypted at rest. They are never returned in plain text through any API response after the initial save.
AWS ECR tokens expire after 12 hours. If you use ECR, you should update the stored password regularly using registry.update — for example, via a scheduled task that runs aws ecr get-login-password and calls the Dokploy API. Alternatively, use a long-lived IAM credential with ECR pull permissions instead of a temporary token so that the stored password does not expire.

Build docs developers (and LLMs) love