2014/11/19 15:55:06 Error: Invalid registry endpoint https://docker.xxx.com/v1/: Get https://docker.xxx.com/v1/_ping: dial tcp 184.xx.xxx.xxx:443: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry docker.xxx.com` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/docker.xxx.com/ca.crt
Since I'm running docker via boot2docker, docker instance actually is managed by boot2docker. I have to add parameter --insecure-registry to somewhere in the boot2docker virtual machine.
Here's the official solution: (https://github.com/boot2docker/boot2docker#insecure-registry)
Insecure Registry
As of Docker version 1.3.1, if your registry doesn't support HTTPS, you must add it as an insecure registry.
$ boot2docker init
$ boot2docker up
$ boot2docker ssh
$ echo 'EXTRA_ARGS="--insecure-registry <YOUR INSECURE HOST>"' | sudo tee -a /var/lib/boot2docker/profile
$ sudo /etc/init.d/docker restart
--- update 1: ---
To add HTTPS support for your private docker hub,
1, install nginx
apt-get install nginx
2,
rm /etc/nginx/sites-enabled/default
3, add nginx profile `docker` under /etc/nginx/sites-enabled/
suppose your docker hub application listening on 80
server { listen 443 ssl; ssl on; ssl_certificate YOURCERT.crt; ssl_certificate_key YOUR_PRIVATE_KEY.pem; client_max_body_size 0; location / { proxy_pass http://127.0.0.1:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_pass_header Server; proxy_set_header X-Forwarded-Proto https; proxy_redirect http:// https://; } }make sure you added
client_max_body_size 0;, this setting will allow you to upload images(POST data) >1M.
4, restart nginx
service restart nginx
5, try to browse your docker hub by both HTTP and HTTPS. No error or warning should be seen.
--- update 2: still see certificate warning ---
you're probably using intermediate CA, you need to put root CA and intermediate CA together(concat them) in the .crt file.
~~~~
No comments:
Post a Comment