Docker Community Forums

Share and learn in the Docker community.

Insecure private registry connection problems, v2 api not being used

insecure-registry
docker

(Jonlpercsol) #1

I have setup an insecure private registry on a centos 7 internal server following the guides here and here, using the registry:2 image.

here is my ExecStart line:

ExecStart=/usr/bin/docker daemon --insecure-registry fqdn:5000 -H fd://

I am able to push an image to the registry. I see it on disk, it is there. I can pull it locally. However, I have docker machine installed on a windows machine for testing and when I attempt to pull from there I cam getting either an error about oversize record length or an error that the server is behaving badly, depending on how I access the url.

Error response from daemon: Get https://fgdn:5000/v1/_ping: tls: oversized record received with length 20527

Error response from daemon: Get https://netbiosname:5000/v1/_ping: dial tcp: lookup netbiosname on 10.0.2.3:53: server misbehaving

The 10.0.2.3 ip is not an ip anywhere on our network so I have no idea where it is coming from.

It does not appear the v2 api is actually ever hit. The v1 api does not appear to be deployed.

Within a windows docker quickstart terminal:

If I curl hostname:5000/v1/ I get 404 not found.

If I curl hostname:5000/v2/, I receive an empty json object.

I can curl hostname:500/v2/centos/manifests/latest and it retrieves the manifest for the image.

I am running docker 1.11 on centos and docker 1.11 on windows.

So can anyone provide any clue as to where there might be a configuration issue that I can change to fix this issue?


(Jonlpercsol) #2

So I figured out the issue and it is captured in the github issue below requesting an update to the docker machine documentation as there is no clear documentation on the proper way to do this in boot2docker.

github[dot]com/docker/machine/issues/3433

Basically need to do the following:

  1. docker-machine ssh default
  2. sudo vi /var/lib/boot2docker/profile
  3. edit EXTRA_ARGS line add --insecure-registry hostename/ip:port