Docker - 无法将图像推送到私有注册表

Question

I have created my own private registry on my server by pulling and running the registry image.

sudo docker run -d -p 5000:5000 registry

After which, I tried to tag a simple image and push it to the server.

sudo docker tag ubuntu:latest localhost:5000/myprivateubuntu

And I received this error:

Error: Invalid registry endpoint ... Get ... If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add '--insecure-registry localhost:5000' to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/localhost:5000/ca.crt

Anyhow know what's the problem?

Answer 1

stop the service.

sudo service docker stop

restart service with --insecure-registry arguments:

/usr/bin/docker -d --insecure-registry localhost:5000

or edit /etc/default/docker file and add the following line:

DOCKER_OPTS="--insecure-registry localhost:5000"

Answer 2

Setting Local insecure registry in docker along with proxy:

1) in ubuntu add the following flag --insecure-registry IP:port under DOCKER_OPTS in file /etc/default/docker

1.1) configure no_proxy env variable to bypass local IP/hostname/domainname...as proxy can throw a interactive msg ...like continue and this intermediate msg confuses docker client and finally timesout...

1.2) if domainname is configured...then don't forget to update /etc/hosts file if not using DNS.

1.3) in /etc/default/docker set the env variables http_proxy and https_proxy...as it enables to download images from outside company hubs. format http_proxy= http://username:password@proxy:port

2) restart the docker service...if installed as service, use sudo service docker restart

3) restart the registry container [sudo docker run -p 5000:5000 registry:2 ]

4) tag the required image using sudo docker tag imageid IP:port/imagename/tagname ifany

5) push the image ...sudo docker push ip:port/imagename

6) If u want to pull the image from another machine say B without TLS/SSL,then in B apply setps 1,1.1 and 2. If these changes are not done in machine B...pull will fail.

Answer 3

From comments of the accepted answer, it looks like the solution does not works for all. The following solution works for me.

Create systemd conf override file for Docker

sudo mkdir /etc/systemd/system/docker.service.d
sudo touch /etc/systemd/system/docker.service.d/docker.conf
sudo vi /etc/systemd/system/docker.service.d/docker.conf

Add these following line and save it

[Service]
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS
EnvironmentFile=-/etc/default/docker

Edit /etc/default/docker

sudo vi /etc/default/docker

Add the following line and save it. Replace localhost:5000 with your registry domain name and port

DOCKER_OPTS="--insecure-registry localhost:5000"

Restart docker daemon

Reload overriden configuration and restart docker as follows

sudo systemctl daemon-reload
sudo systemctl restart docker 

Answer 4

My solution, built on top of the prior ones.

# docker -v
Docker version 18.09.1, build 4c52b90
# uname -a
Linux host 4.15.0-43-generic #46~16.04.1-Ubuntu SMP Fri Dec 7 13:31:08 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Contents of my /etc/docker/daemon.json file:

{
    "runtimes": {
        "nvidia": {
            "path": "/usr/bin/nvidia-container-runtime",
            "runtimeArgs": []
        }
    },
    "insecure-registries" : [
        "ipaddress:port"
      ],
    "experimental" : false,
    "debug" : true
}

where ipaddress:port is the dotted IPv4 address of the registry machine followed by the registry port (eg 127.0.0.1:12345 ). I did not have to prefix with http:// or anything like that.

No changes to /etc/default/docker

And then I reloaded and restarted the daemon with:

# sudo systemctl daemon-reload
# sudo systemctl restart docker

docker push to the insecure registry works now.