### 1. 私有镜像仓库部署

#### 1.1 拉取镜像

```bash
docker pull registry
```

#### 1.2 设置https

##### 1.2.1 创建证书

```bash
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/registry.key  -x509 -days 365 -out /opt/registry/certs/registry.crt
```

##### 1.2.2 创建密码文件

```bash
htpasswd -Bbn Securitit 123456 > /opt/registry/auth/htpasswd
```

##### 1.2.3 创建registry config 文件

```yaml
version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['*']
    Access-Control-Allow-Methods: ['*']
    Access-Control-Max-Age: [1728000]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
```

##### 1.2.4 使用ssl 启动容器

```bash
docker run -d \
--name registry \
-p 5000:5000 \
--restart=always \
--privileged=true \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-v /opt/registry/auth/:/opt/registry/auth \
-e "REGISTRY_AUTH_HTPASSWD_PATH=/opt/registry/auth/htpasswd" \
-v /opt/registry/certs/:/opt/registry/certs \
-v /opt/registry/config/config.yml:/etc/docker/registry/config.yml \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/opt/registry/certs/registry.crt \
-e REGISTRY_HTTP_TLS_KEY=/opt/registry/certs/registry.key \
registry
```

### 2. 镜像仓库web管理

```bash
docker run -d -p 8080:80 \
--name registry-ui \
--restart=always \
--privileged=true \
-e "REGISTRY_TITLE=Sunqi Docker" \
-e "REGISTRY_URL=https://192.168.0.3:5000" \
joxit/docker-registry-ui:latest
```