Reputation: 1924
Private Docker Registry Not Connectible to Shell & Web Management UI?
Background:
To setup a private docker registry server at path c:\dkrreg on localhost on Windows 10 (x64) system, installed with Docker for Windows, have successfully tried following commands:
docker run --detach --publish 1005:5000 --name docker-registry --volume /c/dkrreg:/var/lib/registry registry:2
docker pull hello-world:latest
docker tag hello-world:latest localhost:1005/hello-world:latest
docker push localhost:1005/hello-world:latest
docker pull localhost:1005/hello-world:latest
Push and Pull from localhost:1005/hello-world:latest via command line succeeds too.
Issue:
If i use my IP address via docker pull 192.168.43.239:1005/hello-world:latest it gives following error in command shell:
Error response from daemon: Get https://192.168.43.239:1005/v1/_ping: http: server gave HTTP response to HTTPS client
When using 3rd party Docker UI Manager via docker run --detach portainer:latest it also shows error to connect as:
2017/04/19 14:30:24 http: proxy error: dial tcp [::1]:1005: getsockopt: connection refused
Tried other stuff also. How can I connect my private registry server that is localhost:1005 from LAN using any Docker Management UI tool ?
Upvotes: 1
Views: 754
Answers (2)
Reputation: 1924
At last find solution to this which was tricky
Generated CA private key and certificate as
ca-cert-mycompany.pemandca-cert-key-companyname.pem. And configured docker-compose.yml to save both files as :ro in these locations:/usr/local/share/ca-certificates,/etc/ssl/certs/,/etc/docker/certs.d/mysite.com. But I also tried only copying certificate to/usr/local/share/ca-certificateswas enough as docker will ignore duplicate CA certificates. This extra copying is because at many placed docker fellow recommended the same. I did not executed command:update-ca-certificatesthis time in registry container but was doing earlier as against what is suggested by many.Defined in docker-compose.yml: random number as
REGISTRY_HTTP_SECRET, and server's chained certificate (CA certificate appended to end of it) toREGISTRY_HTTP_TLS_CERTIFICATEamd server's public key toREGISTRY_HTTP_TLS_KEY. Had disabled HTTP authentication. Especially used some naming for file names as found with other certificates in container folder asmysite.com_server-chained-certificate.crtinstead of justcertificate.crt.V-Imp: pushed certificate to trusted root in windows using command
certutil.exe -addstore root .\Keys\ca-certificate.crtfollowed with restarting Docker for Windows from taskbar icon and then creating container usingdocker-compose up -d. This is most important step without this nothing worked.
Now can perform docker pull mysite.com:1005/my-repo:my-tag.
Upvotes: 1
Reputation: 1276
You need to specify to your Docker daemon that your registry is insecure: https://docs.docker.com/registry/insecure/
Based on your OS/system, you need to change the configuration of the daemon to specify the registry address (format IP:PORT, use 192.168.43.239:1005 rather than localhost:1005).
Once you have done that, you should be able to execute the following:
docker pull 192.168.43.239:1005/hello-world:latest
You should also be able to access it via Portainer using 192.168.43.239:1005 in the registry field.
If you want to access your registry using localhost:1005 inside Portainer, you can try to run it inside the host network.
docker run --detach --net host portainer:latest
Upvotes: 0
Related Questions
- Docker private registry token authentication failed with status: 400 Bad Request
- Docker Private Registry: connection refused
- Docker private registry
- How to get remote access to a private docker-registry?
- Local private Docker registry will not respond
- Cannot login to private docker registry
- Docker private registry issue
- Docker push to private registry issues
- Error setting up private docker-registry
- Remote communication with private docker registry issues