Docker Community Forums

Share and learn in the Docker community.

Docker & Registry work, but integrating TLS fails


(Cybork) #1

Hi All,

I’ve installed the basic Docker & private registry packages (onto an ESXi VM running CentOS 7.2.x) as described here - https://docs.docker.com/v1.6/registry/deploying

Everything seems to have worked as expected (i.e. I can start/stop docker processes, run docker commands, push/pull images, etc.) until I hit the step that suggests using ‘curl’ to verify an https connection. When I run that command, I receive the following output:

curl -v https://localhost:5000

  • About to connect() to localhost port 5000 (#0)
  • Trying ::1…
  • Connection refused
  • Trying 127.0.0.1…
  • Connected to localhost (127.0.0.1) port 5000 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
  • NSS error -5938 (PR_END_OF_FILE_ERROR)
  • Encountered end of file
  • Closing connection 0
    curl: (35) Encountered end of file

The server console shows the following when I run the command to start the registry:

docker run tls_registry
Usage of loopback devices is strongly discouraged for production use. Either use --storage-opt dm.thinpooldev or use --storage-opt dm.no_warn_on_loop_devices=true to suppress this warning.
time=“2016-05-01T17:29:38.198297892Z” level=info msg=“endpoint local-8082 disabled, skipping” environment=development instance.id=66187de6-223e-4b63-9d0b-45723eb66887 service=registry version="-extld=gcc"
time=“2016-05-01T17:29:38.198542731Z” level=info msg=“endpoint local-8083 disabled, skipping” environment=development instance.id=66187de6-223e-4b63-9d0b-45723eb66887 service=registry version="-extld=gcc"
time=“2016-05-01T17:29:38.198631711Z” level=info msg=“using inmemory layerinfo cache” environment=development instance.id=66187de6-223e-4b63-9d0b-45723eb66887 service=registry version="-extld=gcc"
time=“2016-05-01T17:29:38.198674021Z” level=info msg=“listening on :5050” environment=development instance.id=66187de6-223e-4b63-9d0b-45723eb66887 service=registry version="-extld=gcc"
time=“2016-05-01T17:29:38.198951872Z” level=info msg=“Starting upload purge in 36m0s” environment=development instance.id=66187de6-223e-4b63-9d0b-45723eb66887 service=registry version="-extld=gcc"
time=“2016-05-01T17:29:38.199011332Z” level=info msg=“debug server listening localhost:5051”

It seems that the process is reading the config.yml file, as it refers to the customized ports that I specified, but I never see any evidence of listening processes those ports, & the ‘docker run tls_registry’ process never “returns to the command prompt” as I’ve seen with other images.

Output from the netstat command confirms that there is a process listening on port 5000. I know very little about SSL/TLS, but tried to follow the directions explicitly. Additional data includes:

docker version

Client:
Version: 1.9.1
API version: 1.21
Package version: docker-1.9.1-25.el7.centos.x86_64
Go version: go1.4.2
Git commit: 78ee77d/1.9.1
Built:
OS/Arch: linux/amd64

Server:
Version: 1.9.1
API version: 1.21
Package version: docker-1.9.1-25.el7.centos.x86_64
Go version: go1.4.2
Git commit: 78ee77d/1.9.1
Built:
OS/Arch: linux/amd64

From what I could tell, the log files (both /var/log/messages & output of journalctl) don’t appear to contain anything helpful.

I will be monitoring this thread regularly until I can resolve this issue, & I will be glad to provide any other relevant data that is needed. I just need to get this working ASAP.

Thanks in advance for any help.


(Cybork) #2

For whatever it’s worth, I downloaded & built from the .tar.gz version of the ‘Docker Registry 2.0’ source code. I have wondered more than once if perhaps the download was corrupted/incomplete, but I don’t see any checksums on the GitHub site to check against…

Again, thanks in advance for any help provided.


(Jcercurati) #3

@cybork I’m facing same issue. Did you find a solution? Could you please share?