162

I have a docker 1.12 running on CentOS. I am trying to add insecure registry to it and things mentioned in documentation just don't work. The system uses systemd so I created a /etc/systemd/system/docker.service.d/50-insecure-registry.conf file.

$ cat /etc/systemd/system/docker.service.d/50-insecure-registry.conf
[Service]
Environment='DOCKER_OPTS=--insecure-registry="hostname.cloudapp.net:5000"'

After loading daemon and restarting docker service, systemd shows that the environment variable is there

$ sudo systemctl show docker | grep Env
Environment=DOCKER_OPTS=--insecure-registry="hostname.cloudapp.net:5000"

But when I run docker info I don't see that insecure registry added

$ docker info
........
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
    127.0.0.0/8

Pushing images to hostname.cloudapp.net fails with

Pushing application     (hostname.cloudapp.net:5000/application:latest)...
The push refers to a repository     [hostname.cloudapp.net:5000/mozart_application]
ERROR: Get https://hostname.cloudapp.net:5000/v1/_ping: http: server gave HTTP response to HTTPS client

Is there something that could be done ? Am I missing something ?

UPDATE

Resolved the issue by adding a file /etc/docker/daemon.json with following content

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

And then restart docker

sudo systemctl daemon-reload
sudo systemctl restart docker

After that insecure registry hostname.cloudapp.net:5000 works.

Nejc Galof
  • 2,538
  • 3
  • 31
  • 70
EvgeniySharapov
  • 3,078
  • 3
  • 27
  • 38
  • 4
    While someone beat you to it in this case (after giving you a generous grace period), this would've been an excellent case for a self-answer. – BlackVegetable Jul 12 '17 at 16:06
  • 2
    excellent! I had this error message while "oc cluster up" with Openshift http://www.javamonamour.org/2017/12/docker-insecure-registry.html and your fix solved it! – Pierluigi Vernetto Dec 21 '17 at 03:39
  • 3
    I know you _explicitly_ asked for this in relation to CentOS in your question, but to anyone who lands here looking for an macOS solution like I did, it can be done through the GUI now, as mentioned in [the answer on this question](https://stackoverflow.com/a/39492340/1474421). – anotherdave Nov 28 '18 at 09:20
  • 1
    `hostaneme` is likely a typo. – Wyck Oct 13 '22 at 13:58

12 Answers12

198

(Copying answer from question)

To add an insecure docker registry, add the file /etc/docker/daemon.json with the following content:

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

and then restart docker.

Matt Hulse
  • 5,496
  • 4
  • 29
  • 37
  • 4
    I believe that's the right solution on debian-likes. On Red Hat likes you want to add it to `/etc/sysconfig/docker` as one of the options, e.g. from an Openshift installation: `OPTIONS='--insecure-registry=172.30.0.0/16 --others [...]'` On Suse-likes I don't know. – erikbstack Nov 06 '17 at 19:33
  • On DigitalOcean, the 1 click Docker image still thinks use use DOCKER_OPTS versus the `daemon.json` file version. Thanks! – Eric Pugh Jan 03 '18 at 13:34
  • @erikbwork On Fedora 28 with Docker 1.13.1 from the default package repos, the approach with `/etc/docker/daemon.json` works fine. – anothernode May 24 '18 at 11:58
  • 11
    cannot restart docker after creating this daemon.json, **showing error:** `Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.` @matt – AATHITH RAJENDRAN Feb 13 '19 at 06:08
  • Thanks, It works. In may case without port because se port 80 { "insecure-registries" : [ "hostname.cloudapp.net" ] } – Hernaldo Gonzalez Jun 16 '20 at 01:37
27

Creating /etc/docker/daemon.json file and adding the below content and then doing a docker restart on CentOS 7 resolved the issue.

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}
dejanualex
  • 3,872
  • 6
  • 22
  • 37
Sunny
  • 279
  • 3
  • 2
22

The solution with the /etc/docker/daemon.json file didn't work for me on Ubuntu.

I was able to configure Docker insecure registries on Ubuntu by providing command line options to the Docker daemon in /etc/default/docker file, e.g.:

# /etc/default/docker    
DOCKER_OPTS="--insecure-registry=a.example.com --insecure-registry=b.example.com"

The same way can be used to configure custom directory for docker images and volumes storage, default DNS servers, etc..

Now, after the Docker daemon has restarted (after executing sudo service docker restart), running docker info will show:

Insecure Registries:
  a.example.com
  b.example.com
  127.0.0.0/8
Nikita
  • 6,101
  • 2
  • 26
  • 44
4

For Mac

From MacOS desktop

  • click the Docker "whale" icon on the menubar at the top
  • select "Preferences..." to bring up the Docker Desktop setting window
  • Then select the "Docker Engine"
  • From here it should display a JSON excerpt of what is currently in your daemon.json file.
  • Add a line in the outermost level of the JSON object for insecure-registries and provide ip.address.for.registry:port as the corresponding value
  • click Apply and Restart

Here is visual of that process:

Docker Desktop Settings window from Docker Engine section

You should now be able to run commands such as:

$ docker build -t mysimpleapp .
$ docker tag mysimpleapp 172.16.0.65:30350/simple
$ docker push 172.160.65:30350/simple
> Using default tag: latest
The push refers to repository [172.16.0.65:30350/simple]
f5d693d2f2fe: Pushed 
66d5de1853fa: Pushed 
f317cd97a2b5: Pushed 
d517aeda4ce5: Pushed 
199d178b1757: Pushed 
latest: digest: sha256:edde4d73130ef9c88d3d273ab4a727e0f8762f0d65802afb01f46eb6877d087c size: 2425
Marc
  • 4,820
  • 3
  • 38
  • 36
2

For me in Ubuntu 20.04 better way is edit systemd service

/lib/systemd/system/docker.service

and add here line after [Service]

Environment=DOCKER_OPTS=--insecure-registry=10.0.0.10:6000

or it can be done automatically by 2 commands using sed, it will add the line after [Service]

sed 's/\[Service\]/\[Service\] \nEnvironment=DOCKER_OPTS=--insecure-registry=10.0.0.10:6000/' /lib/systemd/system/docker.service > /lib/systemd/system/docker.service.tmp
mv /lib/systemd/system/docker.service.tmp /lib/systemd/system/docker.service
Grygorii Vydria
  • 21
  • 1
2

On Mac. source

  1. Goto ~/Library/Containers/com.docker.docker/Data/database
  2. There is an .git repository (.git)
  3. Reset to HEAD git reset --hard
  4. now you have com.docker.driver.amd64-linux folder
  5. Go into ~/Library/Containers/com.docker.docker/Data/database/com.docker.driver.amd64-linux/etc/docker
  6. there is your daemon.json file
Muriithi Derrick
  • 316
  • 2
  • 7
  • 1
    I suggest using Docker Desktop to update `daemon.json` if you're using Docker Desktop on the Mac https://stackoverflow.com/a/74856653/2128265 – Marc Dec 19 '22 at 22:26
1

Anyone looking to add insecure registry on amazon linux 2: You will have to change the setting under /etc/sysconfig/docker and then restart docker daemon: here's how my /etc/sysconfig/docker looks like

# The max number of open files for the daemon itself, and all
# running containers.  The default value of 1048576 mirrors the value
# used by the systemd service unit.
DAEMON_MAXFILES=1048576

# Additional startup options for the Docker daemon, for example:
# OPTIONS="--ip-forward=true --iptables=true"
# By default we limit the number of open files per container
OPTIONS="--default-ulimit nofile=1024:4096 --insecure-registry yourinsecureregistryhostname:port"

# How many seconds the sysvinit script waits for the pidfile to appear
# when starting the daemon.
DAEMON_PIDFILE_TIMEOUT=10
armourbear
  • 529
  • 1
  • 4
  • 11
1

I had some trouble getting this to work on raspbian/raspberry pi with docker installed via the official docker script ("convenience script"). For some reason the config has to exist in /home/pi/.config/docker/daemon.json. Why/Where it is configured like that I have no idea

This is instead of the /etc/docker/daemon.json mentioned everywhere else

AdrianLoer
  • 624
  • 3
  • 11
0

For me the solution was to add the registry to here:

/etc/sysconfig/docker-registries

DOCKER_REGISTRIES=''
DOCKER_EXTRA_REGISTRIES='--insecure-registry  b.example.com'
user3598726
  • 951
  • 2
  • 11
  • 27
-1

If you already have a config.json file then the final file should look something like this... Here registry.myprivate.com is the one which was giving me problems.

 {
    "auths": {
            "https://index.docker.io/v1/": {
                    "auth": "xxxxxxxxxxxxxxxxxxxx=="
            },
            "registry.myprivate.com": {
                    "auth": "xxxxxxxxxxxxxxxxxxxx="
            }
    },
    "HttpHeaders": {
            "User-Agent": "Docker-Client/19.03.8 (linux)"
    },
    "insecure-registries" : ["registry.myprivate.com"]
}
Jasper
  • 11,590
  • 6
  • 38
  • 55
Gajendra D Ambi
  • 3,832
  • 26
  • 30
  • 1
    not sure if there are other steps not mentioned here, but this is not working for me – Marc Dec 19 '22 at 22:25
-1

I happened to encounter a similar kind of issue after setting up local internal JFrog Docker Private Registry on Amazon Linux.

THE followings I did to solve the issue:

Added "--insecure-registry xx.xx.xx.xx:8081" by modifying the OPTIONS variable in the /etc/sysconfig/docker file:

OPTIONS="--default-ulimit nofile=1024:40961 --insecure-registry hostname:8081"

Then restarted the docker.

I was then able to login to the local docker registry using:

docker login -u admin -p password hostname:8081
Jared Forth
  • 1,577
  • 6
  • 17
  • 32
SK Singh
  • 119
  • 1
  • 4
-3

Create /etc/docker/daemon.json file where you want to pull docker images and add the following content to that file

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

Refer to my blog article for an in-depth explanation of creating a private docker registry: https://geekdosage.com/how-to-create-a-private-docker-registry-in-ubuntu-20-04/

Dileep Jayasundara
  • 196
  • 1
  • 4