← Portfolio

Self-Hosted Docker Registry on a Budget VPS

Production-ready private Docker registry using Sonatype Nexus 3, PostgreSQL, and Traefik on a 1 Gi RAM VPS

dockernexustraefikpostgresqlself-hosteddevopslinux
GitLab ↗

A fully operational private Docker registry and artifact store running on a 1 Gi RAM / 25 Gi SSD VPS — well below Sonatype’s recommended 8 Gi minimum. Includes JVM memory tuning, automatic TLS, PostgreSQL persistence, and CI/CD integration.

What it does

  • Private Docker registry at a custom subdomain with automatic TLS via Traefik and Let’s Encrypt
  • Sonatype Nexus 3 UI for repository management, user administration, and cleanup policies
  • PostgreSQL backend for reliable metadata persistence and crash-safe restarts
  • JVM tuned for constrained environments: G1GC, string deduplication, conservative heap sizing
  • Dedicated CI/CD user with least-privilege role for pipeline pushes and pulls
  • Automated blob store cleanup to prevent SSD exhaustion

Tech Stack

Sonatype Nexus 3 Docker Traefik PostgreSQL Ubuntu 22.04 Let's Encrypt GitLab CI/CD

The constraint-driven engineering

Running a JVM application designed for 8 Gi on 1 Gi requires deliberate trade-offs:

  • Heap: -Xms128m -Xmx384m — starts small, grows only as needed
  • Direct memory: capped at 192m (off-heap I/O buffers)
  • GC: G1GC with MaxGCPauseMillis=300 and UseStringDeduplication for ~5–10% heap savings
  • Swap: 2 Gi swapfile at vm.swappiness=10 — safety net, not a crutch
  • Docker limit: mem_limit: 700m, memswap_limit: 1400m — hard ceiling with 700m swap headroom

Steady-state memory usage: ~58% of the 700m limit, leaving comfortable headroom for traffic spikes.

Impact

  • ~€5/month total infrastructure cost for a fully private artifact registry
  • No Docker Hub rate limits on CI/CD pipelines
  • Cold boot to healthy in under 3 minutes on constrained hardware
  • Zero OOM kills since deployment