#!/bin/bash

# create certificate
openssl req \
  -newkey rsa:4096 -nodes -sha256 -keyout host.key \
  -x509 -days 365 -out host.crt
  
  # add certificate global 
  mkdir -p /usr/share/ca-certificates/local
  cp host.crt /usr/share/ca-certificates/local/
  nano /etc/ca-certificates.conf
  # insert line 
  local/host.crt
  mkdir -p /etc/docker/certs.d/host/
  cp host.crt /etc/docker/certs.d/host/ca.crt
  service docker restart
  # curl and docker done!
  
  # add user htpasswd
  mkdir auth
   docker run \
  --entrypoint htpasswd \
  registry:2 -Bbn user pass > auth/htpasswd
  
  # run registry on eg. host:433
   docker run -d \
  --restart=always \
  --name registry \
  -v "$(pwd)"/auth:/auth \
  -e "REGISTRY_AUTH=htpasswd" \
  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
  -v /etc/docker/certs:/certs \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/host.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/host.key \
  -p 443:443 \
  registry:2
    
    # login with user:pass
    docker login host:433
    
    docker tag app:latest host:433/app
    docker push host:433/app
    
    # tadam, done!