Firstly you will need to get letsencrypt working and get a certificate for the domain which you are planning on accessing your registry with. Issue the following commands:
git clone https://github.com/letsencrypt/letsencrypt.git
cd letsencrypt
./letsencrypt-auto certonly
Choose the following option:
Place files in webroot directory (webroot)
Next, enter the domain name of your registry: e.g registry.yourdomain.co.za
Follow the steps and your certificates will be issued.
By default Letsencrypt generates .pem files. These need to be changed to .key, and .crt files.
Change the directory to that of domain you used above:
cd /etc/letsencrypt/live/registry.yourdomain.co.za/
Next, run the following commands to create the .key and .crt files:
cp privkey.pem domain.key
cat cert.pem chain.pem > domain.crt
Next, change the permissions of these files:
chmod 777 domain.crt
chmod 777 domain.key
Next, setup basic authentication to ensure that you have to login prior to interacting with the registry:
mkdir auth
docker run --entrypoint htpasswd registry:2 -Bbn SOME_USERNAME SOME_PASSWORD > auth/htpasswd
Finally, create the docker registry with the following command:
docker run -d -p 5000:5000 --restart=always --name registry -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/data:/var/lib/registry -v /etc/letsencrypt/live/registry.YOURDOMAIN.co.za:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2
To test that authentication is working you can do:
docker login registry.YOURDOMAIN.co.za
You should then be prompted with the username and password entered above.