Start docker registry with letsencrypt certificates (Linux Ubuntu)

start_docker_registry.bash

#!/usr/bin/env bash

# install docker
# https://docs.docker.com/engine/installation/linux/ubuntulinux/

# install docker-compose
# https://docs.docker.com/compose/install/

# install letsencrypt
# https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

# Generate SSL certificate for domain
/opt/letsencrypt/letsencrypt-auto certonly --keep-until-expiring --standalone -d domain.example.com --email info@example.com

# Setup letsencrypt certificates renewing
line="30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/letsencrypt-renew.log"
(crontab -u root -l; echo "$line" ) | crontab -u root -

# Rename SSL certificates
# https://community.letsencrypt.org/t/how-to-get-crt-and-key-files-from-i-just-have-pem-files/7348
cd /etc/letsencrypt/live/domain.example.com/
cp privkey.pem domain.key
cat cert.pem chain.pem > domain.crt
chmod 777 domain.crt
chmod 777 domain.key

# https://docs.docker.com/registry/deploying/
docker run -d -p 5000:5000 --restart=always --name registry \
  -v /etc/letsencrypt/live/domain.example.com:/certs \
  -v /opt/docker-registry:/var/lib/registry \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  registry:2
  
# List images
# https://domain.example.com/v2/_catalog

thanks

Better Install letsencrypt with
apt-get install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

After renew you have to do "Rename SSL certificates" again and restart docker

chmod 777 domain.key

This does not look like a good idea ..?

Maybe it would be better to change the owner of domain.key instead of opening its permissions, right?

Instead of cat cert.pem chain.pem > domain.crt, I think you can just do cp fullchain.pem domain.crt. I'd love it if someone else could confirm this though!

How to add usernames and passwords?