I installed docker trusted registry (DTR) by following https://docs.docker.com/docker-trusted-registry/install/#download-the-commercially-supported-docker-engine-installation-script .
For the key/certificate, I didn’t set my own key, just used whatever DTR set by default.
Also I set the Domain name to DTR machine’s ip address. Because I found my docker client has problem to access DTR using domain name dtr..com, but it can access DTR machine using IP.
I added user admin/password as admin via DTR admin UI->Settings->Auth. I can login admin UI using this account with no problem.
Now I am following https://docs.docker.com/docker-trusted-registry/quick-start/ on DTR machine.
I pulled jenkins image from docker hub and built dtr.yourdomain.com/ci-infrastructure/jnkns-img, without setting SSL.
When I trying to push image to DTR, I failed to login docker. The commands I used were:
//download DTR server certificate
openssl s_client -connect 172.16.12.116:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee -a /tmp/tracy/server.pem
//copy the certificate to /etc/docker/certs.d/172.16.12.116/ca.crt
cp /tmp/tracy/server.pem /etc/docker/certs.d/172.16.12.116/ca.crt
docker login 172.16.12.116
email: (blank, because I don’t see any place to set email when adding admin user via DTR admin UI’s Settings->Auth)
Then I got this error:
FATA Error response from daemon: v1 ping attempt failed with error: Get https ://172.16.12.116/v1/_ping:
x509: cannot validate certificate for 172.16.12.116 because it doesn’t contain any IP SANs. If this private re
gistry supports only HTTP or HTTPS with an unknown CA certificate, please add
--insecure-registry 172.16.12.1 16 to the daemon’s arguments. In the case of HTTPS, if you have access to the registry’s CA certificate, no n
eed for the flag; simply place the CA certificate at /etc/docker/certs.d/172.16.12.116/ca.crt
I have two questions,
I have put ca.crt to /etc/docker/certs.d/172.16.12.116/ca.crt, why can’t docker get it?
I installed DTR which is V2 registry, why it is trying to Get https ://172.16.12.116/v1/_ping?
In my previous topic, I have reported /v1/_ping not working in DTR and got reply from Jeff. He said that this API was specifically used by V1 registry, and DTR is V2. So I don’t understand how this “…Get https ://172.16.12.116/v1/_ping…” error happened.
(I inserted three spaces in three links, because the website said I am new user and only allowed me to have 2 links in post)