hibooboo2/docker_add_insecure_registry.sh

## docker_add_insecure_registry.sh
set -x
: ${PORT:=443}
: ${DOMAIN:=example.com}
openssl s_client -showcerts -connect ${DOMAIN}:${PORT} </dev/null 2>/dev/null|openssl x509 -outform PEM >ca.crt
sudo cp ca.crt /etc/docker/certs.d/${DOMAIN}/ca.crt
cat ca.crt | sudo tee -a /etc/ssl/certs/ca-certificates.crt
sudo service docker restart

## docker_create_registry.sh
set -x
: ${DOMAIN:=example.com}
: ${USER:=someuser}
: ${PORT:=443}
sudo openssl req -new > ${DOMAIN}.csr
sudo openssl rsa -in privkey.pem -out ${DOMAIN}.key
sudo openssl x509 -in ${DOMAIN}.csr -out ${DOMAIN}.cert -req -signkey ${DOMAIN}.key -days 10000
htpasswd -c ${DOMAIN}.htpasswd ${USER}
curl -LO https://gist.githubusercontent.com/hibooboo2/4770044e0c31250d8d55/raw/23c014e99167ac9e8d1c4cce8adc5060112835ab/nginx.conf
REG_ID=$(docker run -d -p 5000:5000 registry)
IP=$(docker inspect -format '{{ .NetworkSettings.IPAddress }}' ${REG_ID})
DOMAIN=${DOMAIN} REGISTRY_ADDRESS=${IP} sed -e '{s/{{\([^{]*\)}}/${\1}/g; s/^/echo "/; s/$/";/}' -e e nginx.conf > tmp
mv tmp nginx.conf
docker run --restart=always -v `pwd`/nginx.conf:/etc/nginx/nginx.conf:ro --link registry:registry -v `pwd`:/opt/nginx -p ${PORT}:443 -d nginx

## nginx.conf
http {
    upstream to-proxy {
        server {{REGISTRY_ADDRESS}};
    }

    server {

        listen   443;

        ssl    on;
        ssl_certificate    /opt/nginx/{{DOMAIN}}.cert;
        ssl_certificate_key    /opt/nginx/{{DOMAIN}}.key;

        proxy_set_header Host       $http_host;   # required for Docker client sake
        proxy_set_header X-Real-IP  $remote_addr; # pass on real client IP

        client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

        server_name {{DOMAIN}};
        access_log /var/log/nginx/nginx.vhost.access.log;
        error_log /var/log/nginx/nginx.vhost.error.log;
        location / {
            auth_basic    "Restricted";
            auth_basic_user_file    /opt/nginx/{{DOMAIN}}.htpasswd;
            proxy_pass http://to-proxy;
        }
        location /_ping {
             auth_basic off;
             proxy_pass http://to-proxy;
        }
        location /v1/_ping {
             auth_basic off;
             proxy_pass http://to-proxy;
        }
    }
}

events {
  worker_connections  4096;  ## Default: 1024
}
	set -x
	: ${PORT:=443}
	: ${DOMAIN:=example.com}
	openssl s_client -showcerts -connect ${DOMAIN}:${PORT} </dev/null 2>/dev/null\|openssl x509 -outform PEM >ca.crt
	sudo cp ca.crt /etc/docker/certs.d/${DOMAIN}/ca.crt
	cat ca.crt \| sudo tee -a /etc/ssl/certs/ca-certificates.crt
	sudo service docker restart
	set -x
	: ${DOMAIN:=example.com}
	: ${USER:=someuser}
	: ${PORT:=443}
	sudo openssl req -new > ${DOMAIN}.csr
	sudo openssl rsa -in privkey.pem -out ${DOMAIN}.key
	sudo openssl x509 -in ${DOMAIN}.csr -out ${DOMAIN}.cert -req -signkey ${DOMAIN}.key -days 10000
	htpasswd -c ${DOMAIN}.htpasswd ${USER}
	curl -LO https://gist.githubusercontent.com/hibooboo2/4770044e0c31250d8d55/raw/23c014e99167ac9e8d1c4cce8adc5060112835ab/nginx.conf
	REG_ID=$(docker run -d -p 5000:5000 registry)
	IP=$(docker inspect -format '{{ .NetworkSettings.IPAddress }}' ${REG_ID})
	DOMAIN=${DOMAIN} REGISTRY_ADDRESS=${IP} sed -e '{s/{{\([^{]*\)}}/${\1}/g; s/^/echo "/; s/$/";/}' -e e nginx.conf > tmp
	mv tmp nginx.conf
	docker run --restart=always -v `pwd`/nginx.conf:/etc/nginx/nginx.conf:ro --link registry:registry -v `pwd`:/opt/nginx -p ${PORT}:443 -d nginx
	http {
	upstream to-proxy {
	server {{REGISTRY_ADDRESS}};
	}

	server {

	listen 443;

	ssl on;
	ssl_certificate /opt/nginx/{{DOMAIN}}.cert;
	ssl_certificate_key /opt/nginx/{{DOMAIN}}.key;

	proxy_set_header Host $http_host; # required for Docker client sake
	proxy_set_header X-Real-IP $remote_addr; # pass on real client IP

	client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads

	server_name {{DOMAIN}};
	access_log /var/log/nginx/nginx.vhost.access.log;
	error_log /var/log/nginx/nginx.vhost.error.log;
	location / {
	auth_basic "Restricted";
	auth_basic_user_file /opt/nginx/{{DOMAIN}}.htpasswd;
	proxy_pass http://to-proxy;
	}
	location /_ping {
	auth_basic off;
	proxy_pass http://to-proxy;
	}
	location /v1/_ping {
	auth_basic off;
	proxy_pass http://to-proxy;
	}
	}
	}

	events {
	worker_connections 4096; ## Default: 1024
	}