禁止隧道或SSL-从私有注册表中提取Docker映像

Question

I've setup a private Docker registry on my PC and I'm able to pull and push the image to it and pull it back again if I use the following command :

docker pull localhost:5000/new_buntu

But, if I replace localhost with my IP address, it doesn't work.

$ docker pull 10.118.56.140:5000/new_buntu
Using default tag: latest
Error response from daemon: Get https://10.118.56.140:5000/v2/: Tunnel or SSL Forbidden

Now an interesting observation is, if I want see the list of images inside my docker registry, I visit:

http://localhost:5000/v2/_catalog

which is an HTTP URL. But, as seen in the output, when I try to pull an image using my IP address, it tries to connect over HTTPS. I wonder if docker has some sort of setting that if the images is not being pulled from localhost, it'll force the SSL. If so, how do I stop it?

I've tried putting "http" in the pull command but it didn't work:

$ docker pull http://10.118.56.140:5000/new_buntu
invalid reference format

I want all the people on my network to be able to fetch image from my registry. How do I do it?

Answer 1

Took me a little effort exploring this issue but finally I figured it out. Docker, as it seems, does force SSL if the image is being pulled from a remote machine. To prevent this behavior, we need to specifically tell docker that the registry we're trying to connect to isn't SSLized. Follow these steps to configure the docker image for it:

1. Right Click on the docker's icon in the icon bar.

2. Click on “Settings”.

3. Go to the “Daemon” Tab in the Settings Panel.

4. Add the registry's IP address and port number in “Insecure registries” section. (10.118.56.140:5000 in my case)

5. Open a browser and visit http://:/v2/_catalog to see the list of all the available images. ( http://10.118.56.140:5000/v2/_catalog in my case)

6. Issue the following command to pull the image.

   docker pull IP_Address:Port_Number/Image_Name

For eg:

docker pull 10.118.56.140:5000/new_buntu