Back to Blog
team@tinypod.app

Container Registries: Where to Store Your Docker Images

Container registries store and distribute Docker images. Learn when to use Docker Hub, GitHub Container Registry, or host your own.

dockercontainersdevops

What Is a Container Registry?


A container registry stores container images and serves them when you run docker pull or podman pull. It's like npm for containers.


Public Registries


Docker Hub

The default registry. Largest collection of images. Free for public images, paid for private.

  • Pros: Largest ecosystem, everyone knows it
  • Cons: Rate limits on free tier (100 pulls/6h unauthenticated)

    • GitHub Container Registry (ghcr.io)

    Integrated with GitHub. Free for public repos.

  • Pros: Tied to your code, GitHub Actions integration
  • Cons: Smaller ecosystem

    • Quay.io (Red Hat)

    Red Hat's registry. Good for enterprise.

  • Pros: Security scanning, robot accounts
  • Cons: Smaller community

    • Self-Hosted Registries


    Harbor

    Full-featured registry with vulnerability scanning, RBAC, replication.

  • Best for: Teams with security requirements
  • Resources: 2 CPU, 4 GB RAM

    • Docker Registry

    Minimal, official registry. Just stores and serves images.

  • Best for: Simple private registry needs
  • Resources: 1 CPU, 512 MB RAM

    • Gitea Container Registry

    If you self-host Gitea for git, it includes a container registry.


    When to Self-Host Your Registry


  • You have private images and don't want to pay for Docker Hub
  • You want to avoid rate limits
  • Compliance requires images stay on your infrastructure
  • You need vulnerability scanning on every push

    • When NOT to Self-Host


  • You only use public images (just use Docker Hub)
  • You have fewer than a handful of private images (GHCR free tier is enough)
  • You don't want to manage another service

    • Registry Best Practices


    Tag Images Properly

    Use semantic versioning, not just :latest. You need to know what version is running.


    Clean Up Old Images

    Registries grow fast. Set retention policies to delete images older than N days.


    Scan for Vulnerabilities

    Use Trivy, Snyk, or Harbor's built-in scanning to check images for known CVEs.


    TinyPod pulls images from any registry. Use Docker Hub for open-source apps and your own registry for custom images.