I am trying to get a private registry working but struggle to get my certificate accepted by docker.
My setup is as follows:
- Docker on RHEL 7 (called host)
- Nexus 3 on host with a docker repository
- nginx on host
- nginx reverse proxy forwards to nexus docker repository
- nginx uses a custom signed certificate for ssl, this certificate consists of a root ca, intermediate ca and the host certificate
The setup above should work correctly.
The problem I now have is that I always get
x509: certificate signed by unknown authority when I try to login to the registry.
I tried putting one / all / a merged certificate into
/etc/docker/certs.d/<registry:port> and installing the certificates on the host (and also on another ubuntu based docker host) without any success. I am not able to login,
Checking the registry url with openssl with
openssl s_client -showcerts -connect <registry:port> returns
Is there any way to debug docker daemon to find out why it is not able to correcly verify the certificate? I am pretty much stuck and already tried for hours
Thank you for your help!