There comes a time in everybody's life where they realize they have to run their own Docker Registry. Unfortunately there's not a lot of good information on how to run one. Docker's documentation is pretty good, but is verbose and spread across a lot of different pages. This means having half a dozen tabs open and searching for the right information.
It's common to run the Docker Registry with little to no security settings, and fronting it with NGINX or Apache to provide this security. But there is another way.
In this post, I will show how to run the Docker Registry securely by itself with both TLS certificate backed encryption and certificate based endpoint authorization.
If you need to do advanced stuff like authenticate against LDAP, you'll still want to go down the reverse proxy road.
For simplicity, I will will assume a single registry running on the local filesystem and will avoid using OS specific init systems by focusing just on the
docker commands themselves. This should work on any system capable of running Docker.