Reputation: 4370
Tunnel or SSL Forbidden - Pulling a docker image from private registry
I've setup a private Docker registry on my PC and I'm able to pull and push the image to it and pull it back again if I use the following command :
docker pull localhost:5000/new_buntu
But, if I replace localhost with my IP address, it doesn't work.
$ docker pull 10.118.56.140:5000/new_buntu
Using default tag: latest
Error response from daemon: Get https://10.118.56.140:5000/v2/: Tunnel or SSL Forbidden
Now an interesting observation is, if I want see the list of images inside my docker registry, I visit:
http://localhost:5000/v2/_catalog
which is an HTTP URL. But, as seen in the output, when I try to pull an image using my IP address, it tries to connect over HTTPS. I wonder if docker has some sort of setting that if the images is not being pulled from localhost, it'll force the SSL. If so, how do I stop it?
I've tried putting "http" in the pull command but it didn't work:
$ docker pull http://10.118.56.140:5000/new_buntu
invalid reference format
I want all the people on my network to be able to fetch image from my registry. How do I do it?
Upvotes: 1
Views: 4507
Answers (2)
Reputation: 296
I had the same issue, but I needed to configure the "bypass proxy settings" with the URL of my Registry. Later, I did what 7_R3X wrote here with this on "Docker Engine" configuration:
{
...
,
"insecure-registries": [
"http://registry-url:8444"
],
"registry-mirrors": []
}
Upvotes: 0
Reputation: 4370
Took me a little effort exploring this issue but finally I figured it out. Docker, as it seems, does force SSL if the image is being pulled from a remote machine. To prevent this behavior, we need to specifically tell docker that the registry we're trying to connect to isn't SSLized. Follow these steps to configure the docker image for it:
- Right Click on the docker’s icon in the icon bar.
- Click on “Settings”.
- Go to the “Daemon” Tab in the Settings Panel.
- Add the registry’s IP address and port number in “Insecure registries” section. (10.118.56.140:5000 in my case)
- Open a browser and visit http://:/v2/_catalog to see the list of all the available images. (http://10.118.56.140:5000/v2/_catalog in my case)
Issue the following command to pull the image.
docker pull IP_Address:Port_Number/Image_Name
For eg:
docker pull 10.118.56.140:5000/new_buntu
Upvotes: 2
Related Questions
- Docker not able to pull images behind proxy TLS handshake timeout
- Dockerfile FROM command doesn't get image from insecure private registry
- docker push to private registry failed "server gave HTTP response to HTTPS client"
- Docker Private Registry: connection refused
- Failed to pull image from Docker local insecure registry: http: server gave HTTP response to HTTPS client
- Docker pull image without ssl in Kubernetes with docker private registry
- Unable to push to private docker registry via TLS
- Docker insecure registry pull doesnt work
- Docker - Unable to push image to private registry
- Docker: Unable to pull image from remote private registry