访问Docker私有注册表

Question

I have my private docker registry running on a remote machine, which is secured by TLS and uses HTTPS. Now I want to access it from my local docker-machine installed on Windows 7. I have copied the certificates to "/etc/docker/certs.d/" in the docker-machine VM and restarted docker.

After this I can successfully login to my private registry using credentials, but when I try to push an image to it, it gives me a certificate signed by unknown authority error. After researching a little I restarted the docker daemon with docker -d --insecure-registry https://<registry-host> , and it worked.

My question is: if I have copied my certificates to the host machine, why do I need to start the registry with the --insecure-registry option?

I can only access the registry from another host with certificates as well as restarting docker with --insecure-registry , which looks a little wrong to me.

Docker version: 1.8.3

Any pointers on this would be really helpful.

Answer 1

certificate signed by unknown authority

The error message gives it away - your certificates are self-signed (as in not trusted by a known CA).

See here .

Answer 2

If you would like to access your registry with HTTP, follow the instructions here

Basically (do this on the machine from which you try to access the registry):

1. edit the file /etc/default/docker so that there is a line that reads: DOCKER_OPTS="--insecure-registry myregistrydomain.com:5000" (or add that to existing DOCKER_OPTS)
2. restart your Docker daemon: on ubuntu, this is usually service docker stop && service docker start