1. 安装docker引擎并启动docker服务
2. 生成自签证书,脚本如下crt.sh:
    #!/bin/bash
    # 生成自签证书脚本
    
    #common name默认是主机名
    #CN=`hostname`
    CN='docker.repo'
    #证书名
    CrtName='registry'
    
    mkdir certs;cd certs
    
    openssl req -x509 -days 3650 -subj "/CN=${CN}/" -nodes -newkey rsa:4096 -sha256 -keyout ${CrtName}.key -out ${CrtName}.crt
    
    cat ${CN}.crt >> /etc/pki/tls/certs/ca-bundle.crt

3. 下载docker-compose(容器):
    $ curl -L https://github.com/docker/compose/releases/download/1.7.0/run.sh > /usr/local/bin/docker-compose

4. 编写docker-compose.yml

    registry_web:
        image: 'hyper/docker-registry-web'
        ports:
            - "80:8080"
        restart: always
        links:
            - registry
        environment:
            - REGISTRY_HOST=registry
            - REGISTRY_PORT=5000
            - TRUST_ANY_SSL=true
    
    
    registry:
        image: 'registry:2.2.1'
        ports:
            - "443:5000"
        restart: always
        volumes:
            - ./certs:/certs
            - /dockrepo:/var/lib/registry
        environment:
            - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt
            - REGISTRY_HTTP_TLS_KEY=/certs/registry.key
            - REGISTRY_STORAGE_DELETE_ENABLED=true
            
      
5. docker-compose up -d 

6. 客户端需要做的是:
    1. 拷贝registry.crt到/etc/docker/certs.d/docker.repo(即证书创建时指定的CN)/
    2. echo 'registry_ip   docker.repo' >> /etc/hosts
    
7. 推送和拉取镜像,eg:
    docker push docker.repo/busybox
    docker pull docker.repo/busybox
8. 可以通过浏览器来访问,查看registry里的镜像:
    http://docker.repo/