docker（代理后面）从azure容器注册表工作拉，但是从registry-1.docker.io，它提供由未知权限错误签名的证书

Question

In ubuntu 18.04 VM

I am behind a proxy, I've set up docker configuration with the same proxy.

I created an azure container registry and when trying to docker pull from the registry it works.

But when trying to:

$docker run node:6

I get the error: "docker: Error response from daemon: Get https://registry-1.docker.io/v2/ : x509: certificate signed by unknown authority."

I've added the registry to /etc/docker/daemon.json:

{

"insecure-registries": ["registry-1.docker.io","myazureContainerRegistry.azurecr.io"]

}

By doing the above step, "$docker run myazureContainerRegistry.azurecr.io/myimage:tag" works but "$docker run node:6" still gives the certificate error.

I've added the certificate for "*.docker.io" to /etc/docker/certs.d/docker.io and also to /usr/local/share/ca-certificate (sudo apt update-ca-certificates), still it doesn't work.

I've also tried to:

1. $curl -k https://registry-1.docker.io/

2. $wget https://registry-1.docker.io/ --no-check-certificate

Both of these steps work but with docker (to run/pull node:6 ) I still get the certificate error.

The output of "$docker --version" is: "Docker version 18.09.2"

This is how my ~/.docker/config.json looks like:

config.json

I expect "docker run node:6" to pull the image successfully but it actually gives the error

Answer 1

For your issue, first of all, you need to have the certificate in the ~/.docker/config.json. Then you can pull the image from the registry without login. Then you can execute the command without pulling the image before. for you, the command like this:

docker run registry-1.docker.io/node:6

In my side, the config.json will like this:

And I can execute the command like this:

The URI of registry in the docker hub is https://index.docker.io/v1/charlesjunqiang .

Update

If you use the certificate file to authenticate the Docker registry. Then you should do some steps to authenticate the Docker registry in the client machine.

One:

Add the certificate file in the directory /usr/local/share/ca-certificates/docker-dev-cert/ with the name yourname.crt . Then execute the commands:

sudo update-ca-certificates
sudo service docker restart

Secord:

Create a directory in the directory /etc/docker/certs.d with the same name as the registry, for example, myregistry.azurecr.io. Then add the certificate file in it with the name yourname.cert . Also, you should add the file as .key that automatic created when you create the certificate file.

Then you can log in the registry and run the command docker run registry-1.docker.io/node:6 as you want.

There are screenshots of the result in my side.