Private docker registry + Apache Proxy + Self Signed certificate

Hello, we are trying to setup a private registry in our infrastructure.

Our main goal is to delegate the SSL handshake to our corporate Apache proxy (not a docker container), so that any client connecting to the registry uses the proxy to reach the Docker registry, which has a public DNS domain.

Desired Schema: Corporate Apache 2.2 + SSL ----> Docker Registry

We have configured the SSL on the Apache for the Registry’s DNS domain, but any time we connect to it, we cannot connect. We’ve tried with self-signed certs, created with openSSL.

As we didn’t find a good solution, we desperately followed Docker’s official guide here:, but we still have to use our corporate Apache proxy, without the SSL (our guessing) on that part of the infrastructure, just on the dockerized container provided by Docker guys.

New Schema: Corporate Apache 2.2 ----> (Dockerized Apache ----> Docker Registry)

We are stuck at this point, as we cannot login, push nor pull from the registry.

Any suggestions?

I am having the same issue(or same problem).
I have the private registry working, configured with nginx (both registry and nginx are started in container). From our local network anyone can pull/push images: docker pull

Now we need to allow the employees from a different country to pull the images.
For that we have to use the company Appache proxy, which is and the url that I can use:
is tata,


  1. docker pull

Using default tag: latest
Error response from daemon: Get x509: certificate signed by unknown authority

  1. in the browser,

it is OK

  1. in the client:
    docker pull

it is OK


  • docker registry and the docker engine (the client that use docker pull) are on UBUNTU 16 LTS
  • docker engine versions:
    — — for registry: Docker version 1.11.2, build b9f10c9

— — for client Docker version 1.12.1, build 23cf638

  • the compose file that starts docker registry and nginx

image: “nginx:1.9”
- 5043:443
- registry:registry
- ./nginx/:/etc/nginx/conf.d:ro

image: registry:2
- ./data:/data

— sudo cat /etc/docker/daemon.json
{ “insecure-registries”:[ “”, “” ] }

— sudo cat /etc/default/docker

— sudo mkdir /etc/docker/certs.d/

— sudo mkdir /etc/docker/certs.d/

— put the ca.crt in both folders /etc/docker/certs.d/ and /etc/docker/certs.d/
I tried with the ca.crt created by me, also cat the syste, crt files in the ca.crt and also with ca.crt file from the apache -proxy server (I copied the content from it) is the name of our apache proxy server where we externalized other applications
(I am not allowed to publish the real name)

— /docker_repo is used to map