admin/env/api/02-nginx-docker-registry-tunnel.sh

#!/bin/sh

apt install -y docker.io apache2-utils nginx

# install cloudflared
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -o cloudflared.deb
dpkg -i cloudflared.deb
rm cloudflared.deb

docker run -d -p 5000:5000 --name registry --restart always registry:latest

cd /etc/nginx
mkdir -p auth
cd auth
htpasswd -c .htpasswd zxsanny
chmod 640 .htpasswd
chown root:www-data .htpasswd

cd /etc/nginx/sites-available
tee docker-registry << 'END'
server {
    listen 80;
    server_name _;
    client_max_body_size 900M;

    location / {
        auth_basic "Registry";
        auth_basic_user_file /etc/nginx/auth/.htpasswd;
        proxy_pass http://localhost:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
END
ln -sf /etc/nginx/sites-available/docker-registry /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default

nginx -t
systemctl restart nginx

# start tunnel — prints a *.trycloudflare.com URL
cloudflared tunnel --url http://localhost:80

# then from another machine:
# docker login <printed-trycloudflare-url>
# enter username: zxsanny and the password set above