$cd /scratch/cdctest
$mkdir certs
$mkdir auth
Create a password file:
$ docker run \
--entrypoint htpasswd \
registry:2 -Bbn testuser testpassword > auth/htpasswd
$ docker container stop registry
Generate a self-signed certificate:
$openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
$ docker container stop registry
$ docker run -d \
--restart=always \
--name registry \
-v /scratch/cdctest/registry:/var/lib/registry \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-p 443:443 \
-v /scratch/cdctest/auth:/auth \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v /scratch/cdctest/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
$curl http://bej00apw.cn.com:443/v2/_catalog
- Copy the generated domain.crt file to /etc/docker/certs.d/bej00apw.cn.com:443/ca.crt on every Docker host.
$docker login bej00apw.cn.com:443/my-busybox
References:
https://docs.docker.com/registry/deploying/