Skip to content

Instantly share code, notes, and snippets.

@handeglc
Last active January 18, 2021 19:00
Show Gist options
  • Save handeglc/ce2a17d72b5c71b7efd5dcca3d2a5521 to your computer and use it in GitHub Desktop.
Save handeglc/ce2a17d72b5c71b7efd5dcca3d2a5521 to your computer and use it in GitHub Desktop.
# Secure Docker Registry Runner for RHEL (Red-Hat) and CentOS
# This script will run the secure private registry image with given password and the certificate,
# trust the certificate on the machine who runs the script.
#
# <author: handeglc>
#
# The file structure should be like this:
#
# ./
# certs/
# cert.crt
# cert-key.key
# auth/
# pass.password
# docker-images/
# registry.tar
#
# registry.tar -> docker registry image (registry:2.7.1)
# cert.crt -> certificate file (can be created with openssl)
# cert-key.key -> key file for creating the certificate (can be created with openssl)
# load registry image
docker load -i docker-images/registry.tar
# add certificate to trushed certs
sudo cp certs/cert.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust enable
sudo update-ca-trust extract
# add the certificate to the trusted docker certificates
sudo cp certs/cert.crt /etc/pki/ca-trust/source/anchors/registry1:5000
# restart docker service
systemctl daemon-reload
systemctl restart docker
# run the docker registry
docker run -d -p 5000:5000 --name registry -v certs:/certs --restart unless-stopped \
-e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cert.crt \
-e REGISTRY_AUTH_TLS_KEY=/certs/cert-key.key \
-v auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSED_PATH=/auth/pass.password registry:2.7.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment