runSecurePrivateDockerRegistry.sh

# Secure Docker Registry Runner for RHEL (Red-Hat) and CentOS

# This script will run the secure private registry image with given password and the certificate,
# trust the certificate on the machine who runs the script.

# 
# <author: handeglc>
#

# The file structure should be like this:
#
# ./
#	certs/
#		cert.crt
#		cert-key.key
#	auth/
#		pass.password
#	docker-images/
#		registry.tar 
#

# registry.tar -> docker registry image (registry:2.7.1)
# cert.crt -> certificate file (can be created with openssl)
# cert-key.key -> key file for creating the certificate (can be created with openssl)


# load registry image
docker load -i docker-images/registry.tar

# add certificate to trushed certs
sudo cp certs/cert.crt /etc/pki/ca-trust/source/anchors/

sudo update-ca-trust enable
sudo update-ca-trust extract

# add the certificate to the trusted docker certificates
sudo cp certs/cert.crt /etc/pki/ca-trust/source/anchors/registry1:5000

# restart docker service
systemctl daemon-reload
systemctl restart docker

# run the docker registry
docker run -d -p 5000:5000 --name registry -v certs:/certs --restart unless-stopped \
-e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert.crt \
-e REGISTRY_AUTH_TLS_KEY=/certs/cert-key.key \ 
-v auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSED_PATH=/auth/pass.password registry:2.7.1