If you are running a private Docker Registry, the Docker ecosystem makes it very difficult to run without SSL in place. Even thought the out-of-the-box Docker Registry container runs without SSL, over HTTP, many things won’t work properly, or at least easily, without installing SSL certificates.
You can learn how to configure the registry server docker container to use your SSL certs here: https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry
If, like me, you are using self-signed SSL certificates, then docker will still complain about the certificates being signed by unknown authority. You will get errors on push and pull actions that look like this:
x509: certificate signed by unknown authority
If you can, I strongly recommend using a SSL certificate issued by a major certificate authority as it will save you a lot of headaches. If you can’t, you’ll need to tell any Docker engine which connects to the Docker Registry that the Registry can be trusted even though it’s not “secure” (due to the self signed SSL certs).
You can, in theory, add your certs or your personal CA to the trusted store of your servers, and docker images (if you’re doing any Docker-in-Docker), but for me it was much easier to simply tell docker to trust the Registry.
You’ll need to add an entry to /etc/docker/daemon.json. If the file doesn’t exist, you can create it. Then add the following:
{ "insecure-registries" : ["server.hostname.com:5443"] }
Replace “server.hostname.com” with your Docker Registry instance hostname, and the port “5443”, with the port your Docker Registry is running on.
Then restart the docker daemon:
service docker restart
Now your registry commands should work without errors!!!
Leave a Reply