diff --git a/playbooks/groups/docker-registry.yml b/playbooks/groups/docker-registry.yml
index 8cdfadfdde..f28d650ee9 100644
--- a/playbooks/groups/docker-registry.yml
+++ b/playbooks/groups/docker-registry.yml
@@ -28,3 +28,63 @@
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
+
+- name: setup docker distribution registry
+  hosts: docker-registry:docker-registry-stg
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - /srv/private/ansible/vars.yml
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+
+  # NOTE: tls is disabled for docker-distribution because we are listening only
+  #       on localhost and all external connections will be through httpd which
+  #       will be SSL enalbed.
+  roles:
+    - {
+      role: docker-distribution,
+        conf_path: "/etc/docker-distribution/registry/config.yml",
+        tls: {
+          enabled: False,
+        },
+        log: {
+          fields: {
+            service: "registry"
+          }
+        },
+        storage: {
+          cache: {
+            layeredinfo: "inmemory"
+            },
+          filesystem: {
+            rootdirectory: "/srv/"
+        },
+        httpd: {
+          addr: "localhost:5000"
+        },
+        when: env == "staging"
+      }
+    - {
+      role: docker-distribution,
+        conf_path: "/etc/docker-distribution/registry/config.yml",
+        tls: {
+          enabled: False,
+        },
+        log: {
+          fields: {
+            service: "registry"
+          }
+        },
+        storage: {
+          cache: {
+            layeredinfo: "inmemory"
+            },
+          filesystem: {
+            rootdirectory: "/srv/"
+        },
+        httpd: {
+          addr: "localhost:5000"
+        },
+        when: env == "production"
+      }
+