Hello,
We have an internal docker registry with TLS enabled and I’m trying to upload a manifest list to it by running docker manifest push.
However, whenever I ran this command, I got the below error indicating that a HTTP request was sent to.a HTTPS port.

docker manifest push localhost:5055/testing/debian_testing:1.0
failed to put manifest localhost:5055/testing/debian_testing:1.0: error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body>\r\n<center><h1>400 Bad Request</h1></center>\r\n<center>The plain HTTP request was sent to HTTPS port</center>\r\n<hr><center>nginx/1.19.2</center>\r\n</body>\r\n</html>\r\n"

Interestingly, other docker manifest commands such as create and inspect work correctly by sending HTTPs requests.

As far as I know, docker CLI should always first try HTTPs and then fallback to HTTP. But this seems incorrect with docker manifest push command.
Am I missing something or is there some workaround for this?

Thank you in advance for any pointers!

Since you are using localhost as hostname the TLS cert must be self-signed. If docker manifest can fall back to http (I didn’t know that) then HTTPS could fail because that is considered insecure as it is self-signed. Try this

docker manifest push --insecure localhost:5055/testing/debian_testing:1.0

Yes, I also tried the command with insecure flag but still got the same error response.

Also, I don’t see any fallback happens in the logs of our docker registry. There is always only one http request for docker manifest push. No https request in the log spotted.
Not sure if I set something up incorrectly.

1. ensure manifest create used --insecure
2. docker version bigger than 18.09