Wednesday, November 19, 2014

private docker registry push issue: Invalid registry endpoint

I ran into the problem during pushing an image to my private docker registry. It's the first time pushing after I upgrade my docker client to v1.3.1

2014/11/19 15:55:06 Error: Invalid registry endpoint https://docker.xxx.com/v1/: Get https://docker.xxx.com/v1/_ping: dial tcp 184.xx.xxx.xxx:443: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry docker.xxx.com` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/docker.xxx.com/ca.crt

Since I'm running docker via boot2docker, docker instance actually is managed by boot2docker. I have to add parameter --insecure-registry to somewhere in the boot2docker virtual machine.

Here's the official solution: (https://github.com/boot2docker/boot2docker#insecure-registry)

Insecure Registry
As of Docker version 1.3.1, if your registry doesn't support HTTPS, you must add it as an insecure registry.
$ boot2docker init
$ boot2docker up
$ boot2docker ssh
$ echo 'EXTRA_ARGS="--insecure-registry <YOUR INSECURE HOST>"' | sudo tee -a /var/lib/boot2docker/profile
$ sudo /etc/init.d/docker restart



--- update 1: ---

To add HTTPS support for your private docker hub,
1, install nginx
apt-get install nginx

2, 
rm  /etc/nginx/sites-enabled/default

3, add nginx profile `docker` under /etc/nginx/sites-enabled/
suppose your docker hub application listening on 80
server {
    listen 443 ssl;
    ssl on;
    ssl_certificate YOURCERT.crt;
    ssl_certificate_key YOUR_PRIVATE_KEY.pem;

    client_max_body_size 0;
    location / {
        proxy_pass http://127.0.0.1:80;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Scheme $scheme;
        proxy_pass_header Server;
        proxy_set_header X-Forwarded-Proto https;
        proxy_redirect http:// https://;
    }
}
make sure you added 
client_max_body_size 0;
, this setting will allow you to upload images(POST data) >1M.

4, restart nginx 
service restart nginx


5, try to browse your docker hub by both HTTP and HTTPS. No error or warning should be seen.


--- update 2: still see certificate warning ---
you're probably using intermediate CA, you need to put root CA and intermediate CA together(concat them) in the .crt file.

~~~~


Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)