Issues Pulling Images from Docker Hub Behind Proxy with SSL Interception on RHEL 7.9

Hello Docker Community,

I’m encountering an issue when trying to pull images from Docker Hub while behind a proxy with SSL interception in our on-premises data center. Interestingly, pulling images from works without any issues, but Docker Hub connections break and throw authentication and timeout errors. Here are the details of my setup and the troubleshooting steps I’ve taken so far:

Setup Details:

  • Environment: On-premises data center
  • Proxy: Enabled with SSL interception
  • Docker Version: 20.10.12
  • OS: [Your operating system]: RHEL 7.9

Proxy Configuration:

I’ve configured the proxy settings in both the Docker daemon and as environment variables:

export HTTP_PROXY=http://your.proxy.server:port
export HTTPS_PROXY=https://your.proxy.server:port
export NO_PROXY=localhost,,your.registry.server

I’ve also added the proxy settings in /etc/systemd/system/docker.service.d/http-proxy.conf and /etc/docker/daemon.json:

    "proxies": {
        "default": {
            "httpProxy": "http://your.proxy.server:port",
            "httpsProxy": "https://your.proxy.server:port",
            "noProxy": "localhost,,your.registry.server"

SSL Certificate:

I’ve added the proxy’s SSL certificate to Docker’s trusted certificates:

sudo mkdir -p /etc/docker/certs.d/
sudo cp your-proxy-cert.crt /etc/docker/certs.d/
sudo update-ca-certificates
sudo systemctl restart docker

Observations and Issues:

  1. Pulling images from works perfectly fine.
  2. Pulling images from Docker Hub results in connection breaks with authentication and timeout errors.

Request for Help:

I’m looking for suggestions or insights from the community to resolve this issue

the /etc/docker/certs.d/ is intended for custom/private repos.
Im not sure its posible to manipulate with the ones.

A solution could be to add it as a insecure repo:

"insecure-registries": [""]
1 Like

You ran update-ca-certificates but that has nothing to do with Docker. If you want the whole system to trust your cert, you have to add the cert to trusted certs of the OS. That should be somewhere under /etc/pki. I’m not a RHEL user so I just searched for this:

Is update-ca-certificates available on RHEL? I saw update-ca-trust in post above. Maybe it is available in newer versions.

I would not add the to the insecure registries. because that would mean no certificate validation, so even if you are not communicating with Docker Hub, it could work and you wouldn’t notice. Or it wouldn’t work, but by that time you already tried to log in and shared your credentials. Maybe it can’t happen with SSL interception. but I wouldn’t sleep well knowing I simply ignore certificates.