生成证书
openssl genrsa -out mydomain.key 2048
生成秘钥
openssl req -newkey rsa:4096 -nodes -sha256 -keyout mydomain.key -x509 -days 365 -out mydomain.crt
将生成的秘钥放置在所有将要pull镜像的docker服务器的目录/etc/docker/certs.d/mydomain/下
scp mydomain.crt xxx@xxx:/etc/docker/certs.d/mydomain/
注意:放置好秘钥文件后记得重启所在机器的docker-daemin
生成账户密码文件
docker run --entrypoint htpasswd registry:2.2 -Bbn tester 123456 > auth/htpasswd;
运行registry
docker run -d -p 6000:5000 --restart=always --name registry -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v `pwd`/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/mydomain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/mydomain.key registry:2.5.1
登陆 docker login xxx:6000
参考
https://docs.docker.com/registry/insecure/#using-self-signed-certificates
https://docs.docker.com/registry/deploying/#running-a-domain-registry
http://www.cnblogs.com/modprobe/p/6026033.html