Issue with docker push on local registry https access to ressource denied

Question

I have a problem with my registry docker. My "server" VM is on kali-linux. I created the registry docker in HTTP and use a centOS VM as a client. I declared the registry insecure in the client VM and it worked perfectly.

Now I try to put it in HTTPS. In order to do that, I use nginx as a proxy. I followed this tutorial : Step 5 — Setting Up SSL except for Part 8 to make it a service (I don't know why but i can't do it).

Because I don't have a domain name, I used a fake one. In order to be recognized, I added my IP (192.168.XX) and the domain name I used (myregistryexemple) to the /etc/hosts file on both VM.

As asked by the tutorial, I generated the certificat on my "server" VM (the kali one), and send it by scp to my client VM. I make the centOS vm trust the certificate thanks to this commands :

yum install ca-certificates 
update-ca-trust force-enable 
cp cert.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

I restart the service docker on the client VM. And launch the docker registry and the nginx proxy with "docker-compose up" on my kali VM.

I tag and try to push an ubuntu on the registry :

docker tag ubuntu myregistryexemple/ubuntu
docker push myregistryexemple/ubuntu

But I get this error :

The push refers to a repository [docker.io/myregistryexemple/ubuntu]
56827159aa8b: Preparing 
440e02c3dcde: Preparing 
29660d0e5bb2: Preparing 
85782553e37a: Preparing 
745f5be9952c: Preparing 
denied: requested access to the resource is denied

Then I try to push to localhost directly :

docker tag ubuntu localhost:5000/ubuntu & docker push localhost:5000/ubuntu 

then I docker login on the domain from the client VM, it worked, but when i tried to pull from my domain registry on the client VM, docker cannot find on the registry the docker images i tried to push.

Do someone has any idea why and knows how to help me ?

Answer 1

Ok so i found a way to make it work.

It is quite simple : Juste follow the complete tutorial I quote on the question ( https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04#step-5-%E2%80%94-setting-up-ssl )

After you created the repository, and before you push/pull a docker image.

You need to go, in both client and server VM, on /etc/hosts .

Add the line : domainChosen serverVmIp

Save and quit it.

Now we need the client to trust the certificate generated. In order to do that, you can use this tutorial : http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html .

Then restart your registry and your docker deamon. And you normaly can use your domain name to push/pull in your registry in https.