Tunnel Connection Failed error when logging into artifactory docker registry

Question

We have created a private docker registry in artifactory. Our artifactory is a standalone installation and have Nginx as a webserver. SSL certificates are trusted and works fine.

on docker client, I have copied the ca.crt to /etc/docker/certs.d/:5001/ while am trying to login or push images from my docker client i see below error.

[root@cds-dev-test ~]# docker login artifactory.host:5001 Username: raj Password: Email: raj@gmail.com Error response from daemon: invalid registry endpoint

https://artifactory.host:5001/v0/: unable to ping registry endpoint v2 ping attempt failed with error: Get https://artifactory.host:5001/v2/: Tunnel Connection Failed v1 ping attempt failed with error: Get artifactory.host:5001/v1/_ping: Tunnel Connection Failed. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry artifactory.host:5001 to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/artifactory.host:5001/ca.crt

my docker version is 1.9.1 and artifactory versioin 4.4.3.

It works when i use --insecure-registry option but not the secure way. We have all trusted certs in place, still see the error.

I have tried using proxy settings on docker client and also without proxy... always the same error.

Any help guys?

Answer 1

I figured it out.

I have proxy settings under my docker deamon. I have added No_Proxy and it works fine.

FYI.... so people if you are using trusted CA cert, and your network is behind proxy, make sure your docker services file doesnt have proxy settings, if it does add No-proxy=artifactory.host.

/etc/systemd/system/docker.service.d/http-proxy.conf

Thanks