Add Insecure Registry to Docker

Question

I have a docker 1.12 running on CentOS. I am trying to add insecure registry to it and things mentioned in documentation just don't work. The system uses systemd so I created a /etc/systemd/system/docker.service.d/50-insecure-registry.conf file.

$ cat /etc/systemd/system/docker.service.d/50-insecure-registry.conf
[Service]
Environment='DOCKER_OPTS=--insecure-registry="hostname.cloudapp.net:5000"'

After loading daemon and restarting docker service, systemd shows that the environment variable is there

$ sudo systemctl show docker | grep Env
Environment=DOCKER_OPTS=--insecure-registry="hostname.cloudapp.net:5000"

But when I run docker info I don't see that insecure registry added

$ docker info
........
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
    127.0.0.0/8

Pushing images to hostname.cloudapp.net fails with

Pushing application     (hostname.cloudapp.net:5000/application:latest)...
The push refers to a repository     [hostname.cloudapp.net:5000/mozart_application]
ERROR: Get https://hostname.cloudapp.net:5000/v1/_ping: http: server gave HTTP response to HTTPS client

Is there something that could be done ? Am I missing something ?

UPDATE

Resolved the issue by adding a file /etc/docker/daemon.json with following content

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

And then restart docker

sudo systemctl daemon-reload
sudo systemctl restart docker

After that insecure registry hostname.cloudapp.net:5000 works.

Answer 1

For WSL :

ps aux | grep dockerd

This will give you the daemon.json path, for me it was --config-file=/var/snap/docker/2963/config/daemon.json

Then add the

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

and restart wsl.

Answer 2

For Ubuntu 22.04.4 LTS on WSL, I was able to get the insecure registry to work by changing the file as listed above then running:

sudo systemctl restart docker.service

With other commands it seems to not incorporate the new settings...

Answer 3

If you already have a config.json file, the final file should look something like this. Here registry.myprivate.com is the one which was giving me problems.

{
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "xxxxxxxxxxxxxxxxxxxx=="
                },
                "registry.myprivate.com": {
                        "auth": "xxxxxxxxxxxxxxxxxxxx="
                }
        },
        "HttpHeaders": {
                "User-Agent": "Docker-Client/19.03.8 (linux)"
        },
        "insecure-registries" : ["registry.myprivate.com"]
}

Answer 4

I had some trouble getting this to work on raspbian/raspberry pi with docker installed via the official docker script ("convenience script"). For some reason the config has to exist in /home/pi/.config/docker/daemon.json. Why/Where it is configured like that I have no idea

This is instead of the /etc/docker/daemon.json mentioned everywhere else

Answer 5

For Mac

From MacOS desktop

• click the Docker "whale" icon on the menubar at the top
• select "Preferences..." to bring up the Docker Desktop setting window
• Then select the "Docker Engine"
• From here it should display a JSON excerpt of what is currently in your daemon.json file.
• Add a line in the outermost level of the JSON object for insecure-registries and provide ip.address.for.registry:port as the corresponding value
• click Apply and Restart

Here is visual of that process:

You should now be able to run commands such as:

$ docker build -t mysimpleapp .
$ docker tag mysimpleapp 172.16.0.65:30350/simple
$ docker push 172.160.65:30350/simple
> Using default tag: latest
The push refers to repository [172.16.0.65:30350/simple]
f5d693d2f2fe: Pushed 
66d5de1853fa: Pushed 
f317cd97a2b5: Pushed 
d517aeda4ce5: Pushed 
199d178b1757: Pushed 
latest: digest: sha256:edde4d73130ef9c88d3d273ab4a727e0f8762f0d65802afb01f46eb6877d087c size: 2425

Answer 6

On Mac. source

1. Goto ~/Library/Containers/com.docker.docker/Data/database
2. There is an .git repository (.git)
3. Reset to HEAD git reset --hard
4. now you have com.docker.driver.amd64-linux folder
5. Go into ~/Library/Containers/com.docker.docker/Data/database/com.docker.driver.amd64-linux/etc/docker
6. there is your daemon.json file

Answer 7

Creating /etc/docker/daemon.json file and adding the below content and then doing a docker restart on CentOS 7 resolved the issue.

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

Answer 8

For me in Ubuntu 20.04 better way is edit systemd service

/lib/systemd/system/docker.service

and add here line after [Service]

Environment=DOCKER_OPTS=--insecure-registry=10.0.0.10:6000

or it can be done automatically by 2 commands using sed, it will add the line after [Service]

sed 's/\[Service\]/\[Service\] \nEnvironment=DOCKER_OPTS=--insecure-registry=10.0.0.10:6000/' /lib/systemd/system/docker.service > /lib/systemd/system/docker.service.tmp
mv /lib/systemd/system/docker.service.tmp /lib/systemd/system/docker.service

Answer 9

Anyone looking to add insecure registry on amazon linux 2: You will have to change the setting under /etc/sysconfig/docker and then restart docker daemon: here's how my /etc/sysconfig/docker looks like

# The max number of open files for the daemon itself, and all
# running containers.  The default value of 1048576 mirrors the value
# used by the systemd service unit.
DAEMON_MAXFILES=1048576

# Additional startup options for the Docker daemon, for example:
# OPTIONS="--ip-forward=true --iptables=true"
# By default we limit the number of open files per container
OPTIONS="--default-ulimit nofile=1024:4096 --insecure-registry yourinsecureregistryhostname:port"

# How many seconds the sysvinit script waits for the pidfile to appear
# when starting the daemon.
DAEMON_PIDFILE_TIMEOUT=10

Answer 10

I happened to encounter a similar kind of issue after setting up local internal JFrog Docker Private Registry on Amazon Linux.

THE followings I did to solve the issue:

Added "--insecure-registry xx.xx.xx.xx:8081" by modifying the OPTIONS variable in the /etc/sysconfig/docker file:

OPTIONS="--default-ulimit nofile=1024:40961 --insecure-registry hostname:8081"

Then restarted the docker.

I was then able to login to the local docker registry using:

docker login -u admin -p password hostname:8081

Answer 11

For me the solution was to add the registry to here:

/etc/sysconfig/docker-registries

DOCKER_REGISTRIES=''
DOCKER_EXTRA_REGISTRIES='--insecure-registry  b.example.com'

Answer 12

The solution with the /etc/docker/daemon.json file didn't work for me on Ubuntu.

I was able to configure Docker insecure registries on Ubuntu by providing command line options to the Docker daemon in /etc/default/docker file, e.g.:

# /etc/default/docker    
DOCKER_OPTS="--insecure-registry=a.example.com --insecure-registry=b.example.com"

The same way can be used to configure custom directory for docker images and volumes storage, default DNS servers, etc..

Now, after the Docker daemon has restarted (after executing sudo service docker restart), running docker info will show:

Insecure Registries:
  a.example.com
  b.example.com
  127.0.0.0/8

Answer 13

(Copying answer from question)

To add an insecure docker registry, add the file /etc/docker/daemon.json with the following content:

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

and then restart docker.