2

In ubuntu 18.04 VM

I am behind a proxy, I've set up docker configuration with the same proxy.

I created an azure container registry and when trying to docker pull from the registry it works.

But when trying to:

$docker run node:6

I get the error: "docker: Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority."

I've added the registry to /etc/docker/daemon.json:

{

"insecure-registries": ["registry-1.docker.io","myazureContainerRegistry.azurecr.io"]

}

By doing the above step, "$docker run myazureContainerRegistry.azurecr.io/myimage:tag" works but "$docker run node:6" still gives the certificate error.

I've added the certificate for "*.docker.io" to /etc/docker/certs.d/docker.io and also to /usr/local/share/ca-certificate (sudo apt update-ca-certificates), still it doesn't work.

I've also tried to:

  1. $curl -k https://registry-1.docker.io/

  2. $wget https://registry-1.docker.io/ --no-check-certificate

Both of these steps work but with docker (to run/pull node:6 ) I still get the certificate error.

The output of "$docker --version" is: "Docker version 18.09.2"

This is how my ~/.docker/config.json looks like:

config.json

I expect "docker run node:6" to pull the image successfully but it actually gives the error

Saumya Goyal
  • 21
  • 1
  • 5
  • You need to run the image with the registry server name or URI. For example, use the command `docker run registry-1.docker.io/node:6 `. But first, you should have the certificate already. – Charles Xu Apr 24 '19 at 09:05
  • @CharlesXu I tried the command you mentioned, but still it is giving the same certificate error – Saumya Goyal Apr 24 '19 at 09:22
  • It means you do not have the certificate in the file ~/.docker/config.json. – Charles Xu Apr 24 '19 at 09:29

1 Answers1

1

For your issue, first of all, you need to have the certificate in the ~/.docker/config.json. Then you can pull the image from the registry without login. Then you can execute the command without pulling the image before. for you, the command like this:

docker run registry-1.docker.io/node:6

In my side, the config.json will like this:

enter image description here

And I can execute the command like this:

enter image description here

The URI of registry in the docker hub is https://index.docker.io/v1/charlesjunqiang.

Update

If you use the certificate file to authenticate the Docker registry. Then you should do some steps to authenticate the Docker registry in the client machine.

One:

Add the certificate file in the directory /usr/local/share/ca-certificates/docker-dev-cert/ with the name yourname.crt. Then execute the commands:

sudo update-ca-certificates
sudo service docker restart

Secord:

Create a directory in the directory /etc/docker/certs.d with the same name as the registry, for example, myregistry.azurecr.io. Then add the certificate file in it with the name yourname.cert. Also, you should add the file as .key that automatic created when you create the certificate file.

Then you can log in the registry and run the command docker run registry-1.docker.io/node:6 as you want.

There are screenshots of the result in my side.

enter image description here enter image description here

Charles Xu
  • 29,862
  • 2
  • 22
  • 39