Firstly you will need to get letsencrypt working and get a certificate for the domain which you are planning on accessing your registry with. Issue the following commands:

git clone https://github.com/letsencrypt/letsencrypt.git

cd letsencrypt

./letsencrypt-auto certonly

Choose the following option:

Place files in webroot directory (webroot)

Next, enter the domain name of your registry: e.g registry.yourdomain.co.za

Follow the steps and your certificates will be issued.

By default Letsencrypt generates .pem files. These need to be changed to .key, and .crt files.

Change the directory to that of domain you used above:

cd /etc/letsencrypt/live/registry.yourdomain.co.za/

Next, run the following commands to create the .key and .crt files:

cp privkey.pem domain.key

cat cert.pem chain.pem > domain.crt

Next, change the permissions of these files:

chmod 777 domain.crt

chmod 777 domain.key

Next, setup basic authentication to ensure that you have to login prior to interacting with the registry:

mkdir auth

docker run --entrypoint htpasswd registry:2 -Bbn SOME_USERNAME SOME_PASSWORD > auth/htpasswd

Finally, create the docker registry with the following command:

docker run -d -p 5000:5000 --restart=always --name registry -v `pwd`/auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/data:/var/lib/registry -v /etc/letsencrypt/live/registry.YOURDOMAIN.co.za:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2

To test that authentication is working you can do:

docker login registry.YOURDOMAIN.co.za

You should then be prompted with the username and password entered above.