Ref:
https://docs.docker.com/registry/insecure/Prerequisite:
* Docker service installed and running
* Private CA and server key/certs are already on CA server
Steps:
#-- Registry Host --#
mkdir -p /etc/docker/certs
cp /etc/pki/tls/private/dokcerhub.example.com.key /etc/docker/certs
cd /etc/docker/certs
cat /etc/pki/tls/certs/dokcerhub.example.com.crt /etc/pki/CA/cacert.pem > dokcerhub.example.com.crt
docker run -d -p 5000:5000 --restart=always --name registry -v /etc/docker/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dokcerhub.example.com.crt -e REGISTRY_HTTP_TLS_KEY=/certs/dokcerhub.example.com.key registry:2
docker ps # to make sure registry is UP
#-- Docker Host --#
mkdir -p /etc/docker/certs.d/dokcerhub.example.com:5000
scp dokcerhub.example.com:/etc/pki/CA/cacert.pem /etc/docker/certs.d/dokcerhub.example.com:5000/ca.crt
cp /etc/docker/certs.d/dokcerhub.example.com:5000/ca.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
systemctl restart docker
docker pull ubuntu
docker tag ubuntu dokcerhub.example.com:5000/ubuntu
docker push ubuntu dokcerhub.example.com:5000/ubuntu