1. create htpasswd

  
docker run --rm --entrypoint htpasswd registry:2 -Bbn username password > htpasswd  
docker run --rm --entrypoint htpasswd registry:2 -Bbn test test > htpasswd  

htpasswd file inside have two records: username & test

2. create registry_config.yml

  
version: 0.1  
log:  
  fields:  
    service: registry  
storage:  
  delete:  
    enabled: true  
  cache:  
    blobdescriptor: inmemory  
  filesystem:  
    rootdirectory: /var/lib/registry  
http:  
  addr: :5000  
  headers:  
    X-Content-Type-Options: [nosniff]  
    Access-Control-Allow-Origin: ['*']  
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']  
    Access-Control-Allow-Headers: ['Authorization']  
    Access-Control-Max-Age: [1728000]  
    Access-Control-Allow-Credentials: [true]  
    Access-Control-Expose-Headers: ['Docker-Content-Digest']  
auth:  
  htpasswd:  
    realm: basic-realm  
    path: /etc/docker/registry/htpasswd  

Access-Control-Allow-Origin can change you want.

3. run docker

  
docker run -d -p 5000:5000 --restart=always --name registry-srv \  
           -v $(pwd)/registry_data:/var/lib/registry \  
           -v $(pwd)/registry_config.yml:/etc/docker/registry/config.yml \  
           -v $(pwd)/htpasswd:/etc/docker/registry/htpasswd \  
           registry:2.7.1  

4. test docker registry

  
#Auth test foo:bar bas64=>Zm9vOmJhcg==  
curl -k -v -H "Authorization: Basic Zm9vOmJhcg==" http:/xxx.xxx.xxx.xxx:5000/v2/  
  
#Auth test test:test bas64=>dGVzdDp0ZXN0  
curl -k -v -H "Authorization: Basic dGVzdDp0ZXN0" http://xxx.xxx.xxx.xxx:500/v2/  
curl -v -XGET -u test:test http://xxx.xxx.xxx.xxx:5001/v2/_catalog  

Auth ok -> 200 code

Then change user & password or token, get 401 code.

https://ithelp.ithome.com.tw/articles/10191285?sc=iThelpR
https://www.base64encode.org/
https://medium.com/@lvthillo/deploy-a-docker-registry-using-tls-and-htpasswd-56dd57a1215a
https://github.com/Joxit/docker-registry-ui
https://ithelp.ithome.com.tw/articles/10191213

hyper/docker-registry-web