Docker Community Forums

Share and learn in the Docker community.

Docker doesn't pull images from Nexus

Hi Team,

We have installed HTTPS certificate in nexus server, and when we are pulling the docker image getting below error.

Error response from daemon: Get https://DNS-Name:8443/v2/: http: server gave HTTP response to HTTPS client

is 8443 the https port in nexus?
remember there are 2 ports, one for http and one for https

`Yes, there is 2 ports for nexus, But we can give any port for https right ? or any specific port needed ?`
And i enabled 8443 through Nginx.

The problem is, nexus server is running with https://dnsname.com, But when we changed nexus server HTTP to https, docker login doesn't work from the client machine. it's through below error

Error response from daemon: Get https://DNS-Name:8443/v2/: http: server gave HTTP response to HTTPS client

Please share you nginx.conf.

server {
        listen 8443 default_server;
        listen [::]:8443 default_server;
        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
        server_name _;
        location / {
                try_files $uri $uri/ =404;
        }
}

This is my error log when I enable https in nexus server.

2019-08-06 11:13:28,060+0000 INFO  [FelixStartLevel]  *SYSTEM org.sonatype.nexus.internal.jetty.ConnectorRegistrarImpl - Adding connector configuration DockerConnectorConfiguration{repositoryName=petchem-docker, scheme=http, port=8084}
2019-08-06 11:13:28,062+0000 INFO  [FelixStartLevel]  *SYSTEM org.sonatype.nexus.internal.jetty.ConnectorRegistrarImpl - Adding connector configuration DockerConnectorConfiguration{repositoryName=central-docker, scheme=http, port=8083}
2019-08-06 11:13:28,066+0000 INFO  [FelixStartLevel]  *SYSTEM org.sonatype.nexus.internal.jetty.ConnectorRegistrarImpl - Adding connector configuration DockerConnectorConfiguration{repositoryName=trendmicro_test, scheme=http, port=8082}
2019-08-06 11:13:28,066+0000 WARN  [FelixStartLevel]  *SYSTEM org.sonatype.nexus.repository.docker.internal.DockerConnectorFacetImpl - Could not configure HTTPS connector on port 8443 for docker repository trendmicro_test
org.sonatype.nexus.bootstrap.jetty.UnsupportedHttpSchemeException: Unsupported HTTP Scheme: https
        at org.sonatype.nexus.internal.jetty.ConnectorRegistrarImpl.validate(ConnectorRegistrarImpl.java:128)

Thanks for sharing your nginx configuration. Though, I am confused - how is this configuration related to nexus?

This is a simple web server configuration, which by no means, looks like something that servs a java application.

We are facing below issue while using docker login for nexus server.

Error response from daemon: Get https://FQDN.com:8087/v2/: x509: certificate signed by unknown authority

The certificate is singed by a CA unknown to your system.

See: https://docs.docker.com/ee/dtr/user/access-dtr/ (section: Configure your host) to get an idea where the certificate needs to be stored on your OS and what needs to be done to make it available in docker.

I Understand, But docker login cmd by default it should go via https right, we should not add the certificate in local machine right ?

If we are using docker login with http(insecure port) we use to add daemon.jason file in where we build docker machine.

… obviously you still don’t understand. Why would I post a link showing how certificates are added if they would be of no use?!

I understand. But

Even if it is a GoDaddy certificate?

What does wget/curl say?

Now it's started working when we put .crt file in certs path.

Thanks