Error setting up private docker-registry

Question

Using the official Docker registry container I'm trying to run a private docker-registry on AWS EC2, but I keep running into connection errors. The command to run the standard container is:

docker run -d \
         -e SETTINGS_FLAVOR=s3 \
         -e AWS_BUCKET=mybucket \
         -e STORAGE_PATH=/registry \
         -e AWS_KEY=whateffa \
         -e AWS_SECRET=verysecret \
         -e SEARCH_BACKEND=sqlalchemy \
     -e AWS_REGION=eu-west-1 \
     -e STORAGE_REDIRECT=true \
         -p 443:5000 \
         registry

But when I try to push a local image to that new registry using:

docker push zite.com:443/test

I get:

FATA[0014] Error: v1 ping attempt failed with error: 
Get https://zite.com:443/v1/_ping: dial tcp 1.2.3.4:443: i/o timeout. 
If this private registry supports only HTTP or HTTPS with an unknown CA
certificate, please add `--insecure-registry zite.com:443` to the daemon's
arguments. In the case of HTTPS, if you have access to the registry's CA
certificate, no need for the flag; simply place the CA certificate at
/etc/docker/certs.d/zite.com:443/ca.crt

I've added --insecure-registry zite.com:443 to a number of places (because I'm not sure where the proper place for the docker daemon options is:

/etc/sysconfig/docker
/etc/docker/default
/etc/docker/default

To get some more detail I've tried:

OpenSSL s_client -connect zite.com:443/v1/_ping -prexit -debug

which gave me:

CONNECTED(00000003)
write to 0x7f906b700000 [0x7f906d001000] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 39 00 00   ......W... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 9a 00 00 99 00   ..3..2../.......
0030 - 00 96 03 00 80 00 00 05-00 00 04 01 00 80 00 00   ................
0040 - 15 00 00 12 00 00 09 06-00 40 00 00 14 00 00 11   .........@......
0050 - 00 00 08 00 00 06 04 00-80 00 00 03 02 00 80 00   ................
0060 - 00 ff fe c8 6e d6 d0 17-f7 e9 6c b2 2f ee 09 83   ....n.....l./...
0070 - e4 c0 71 11 be 86 77 5d-b9 9b 9f 54 c9 07 a6 fa   ..q...w]...T....
0080 - e2 ef                                             ..
read from 0x7f906b700000 [0x7f906d006600] (7 bytes => 0 (0x0))
9308:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.10.1/src/ssl/s23_lib.c:185:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 130 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

I'm too new to this to understand how to solve this issue.

GETting the '_ping' url works fine btw:

curl -v http://zite.com:80/_ping

gives:

* Hostname was NOT found in DNS cache
*   Trying 52.17.133.30...
* Connected to zite.com (1.2.3.4) port 80 (#0)
> GET /_ping HTTP/1.1
> User-Agent: curl/7.37.1
> Host: zite.com
> Accept: */*
>
< HTTP/1.1 200 OK
* Server gunicorn/19.1.1 is not blacklisted
< Server: gunicorn/19.1.1
< Date: Tue, 31 Mar 2015 22:04:06 GMT
< Connection: keep-alive
< X-Docker-Registry-Standalone: True
< Expires: -1
< Content-Type: application/json
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Length: 2
<
* Connection #0 to host zite.com left intact
{}~

I've tried running the container on ports 80, 443, 500, but to no avail (and opened these ports on the AWS EC2 machine). The error stays. I also tried building a brand new image from the github source. I've tried getting an answer at the official repo, but that has stalled and I have to move on.

A number of guides I've followed:

http://blog.50projects.com/2014/08/build-your-own-private-docker-registry.html https://blog.docker.com/2013/07/how-to-use-your-own-registry/ https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04

Answer 1

OK, found it. It turns out that you have to run the LOCAL docker daemon with the '--insecure-registry' option, not the docker daemon of the remote docker registry.