I’m trying to do a docker push to a private registry service running on docker 1.12.1 swarm. The directions I’m using are at https://docs.docker.com/registry/insecure/#using-self-signed-certificates. The registry service is running with a self-signed certificate and a curl works once the certificate has been registered with the OS (El Capitan) and an entry is added to /etc/hosts:
where 192.168.99.100 is the Tiny Core linux VM which hosts the registry instance.
A curl works.
curl -v --cacert /tmp/certs/cert.pem https: //myregistrydomain.com:5000/v2/_catalog
- Trying 192.168.99.100…
- Connected to myregistrydomain.com (192.168.99.100) port 5000 (#0)
- TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- Server certificate: myregistrydomain.com
GET /v2/_catalog HTTP/1.1
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Docker-Distribution-Api-Version: registry/2.0
< X-Content-Type-Options: nosniff
< Date: Fri, 23 Sep 2016 06:45:35 GMT
< Content-Length: 20
- Connection #0 to host myregistrydomain.com left intact
When i try a docker push, however, it fails:
docker pull alpine
docker tag alpine myregistrydomain.com/alpine
docker push myregistrydomain.com/alpine
The push refers to a repository [myregistrydomain.com/alpine]
Get https: //myregistrydomain.com/v1/_ping: dial tcp: lookup myregistrydomain.com on 10.0.2.3:53: no such host
I suspect that the documentation is really just using ‘myregistrydomain.com’ as an example rather than an absolute requirement. I don’t think an engineer would hardwire a specific name into the infrastructure. My suspicion is that ‘myregistrydomain.com’ is hitting the internal docker networking stack and the DNS lacks an entry for it.
That said, I did try using the barebones IP address and, once again, curl was happy but docker balked:
I suspect my experiment with myregistrydomain.com isn’t getting this far, unless there is an up-front issue with IP addresses.
Any help would be appreciated… it seems to be a common issue, but Docker is changing rapidly so I’m not sure if earlier attempts are still relevant. I would prefer not to use the insecure flag.