Docker Community Forums

Share and learn in the Docker community.

Private local registry TLS certificate questions

Hello guys!
For the last couple of days I have been trying to implement a secure private registry on my manager node of the swarm.
During the creation of the certificate I have a question about - Common Name (e.g. server FQDN or YOUR name).
Should I write an IP there or the hostname of the VM? In this case I have written the IP, because the vm cannot be pinged by its hostname from the other workers in the swarm, but only by the IP.
3. After I create a repository and I try to push an image

docker push 192.168.99.100:443/ubuntu-1

I get this error:

Get https://192.168.99.100:443/v2/: x509: cannot validate certificate for 192.168.99.100 because it doesn’t contain any IP SANs

However, when I write

docker push localhost:443/ubuntu-1

it successfully uploads the image to the private repository. Why is that?

If I push it on localhost, that would mean that the rest of the worker nodes would not be able to access the image on the repository, because their localhost is different (obviously).

OS Version: Ubuntu 18.04 LTS
Docker version 18.09.5, build e8ff056

Your help would be greatly appreciated!

The isue is due to the certs you have created, you need a SAN configuration, I send you bellow a tutorial, it is in french but it can help you a lot :

https://medium.com/@antelle/how-to-generate-a-self-signed-ssl-certificate-for-an-ip-address-f0dd8dddf754