2

I have just run a docker registry by:

$ docker run -d   --name registry  --restart always   -p 5961:5000   registry:2.7.1

Now I can push to it by:

$ docker tag ubuntu:v2 localhost:5961/ubuntu:v2
$ docker push localhost:5961/ubuntu:v2

But not from outside. For example I can not push to it from another machine on the same network by executing:

$ docker tag ubuntu:v2 192.168.1.122:5961/ubuntu:v2
$ docker push 192.168.1.122:5961/ubuntu:v2

The error is:

The push refers to repository [192.168.1.122:5961/ubuntu]
Get https://192.168.1.122:5961/v2/: http: server gave HTTP response to HTTPS client

Why? Also I don't know how to pull this image (192.168.1.122:5961/ubuntu:v2) from outside world. For example by:

$ docker pull <public-ip>:5961/ubuntu:v2

Note that I can port forward the port 5961 of the machine 192.168.1.122 to the same port of <public-ip>.

ofirule
  • 4,233
  • 2
  • 26
  • 40
Mohsen Abasi
  • 2,050
  • 28
  • 30

1 Answers1

2

1 Regarding local network:

Your docker registry is insecure and is using HTTP, not HTTPS. So you need to define an insecure registry for the client daemon, by updating the /etc/docker/daemon.json file like so:

{
  "insecure-registries" : ["192.168.1.122:5961"]
}

See: docs

2 Regarding pulling the image from the outside world:

It should work the way you described it docker pull <public-ip>:5961/ubuntu:v2 (as long as all clients defines the registry as insecure if it is)

But please DO NOT use an insecure registry open to the outside world, and unless you want everyone in the world to be able to pull your images, add some authentication mechanism in front of your registry service

ofirule
  • 4,233
  • 2
  • 26
  • 40
  • Thanks for you good answer on insecure registry. If I push an image tagged "192.168.1.122:5961/ubuntu:v2", can I pull it from outside world by: "docker pull :5961/ubuntu:5961" after port forward "192.168.1.122:5961" to ":5961" in my router settings? – Mohsen Abasi Jul 08 '20 at 09:15
  • this line `docker pull :5961/ubuntu:v2` should work if the forwarding is done correctly. and the docker client pulling the image is configured correctly – ofirule Jul 08 '20 at 09:24
  • How to make the registry secure? Have I to use only: docker trusted registry? – Mohsen Abasi Jul 08 '20 at 09:26
  • you can configure all sorts of security mechanisms with the registry. See docs: https://docs.docker.com/registry/configuration/. The minimum is to configure the `tls` so that the registry will use HTTPS, you can also use client side certs or some other auth method, but all of them will require to configure the docker clients accordingly – ofirule Jul 08 '20 at 09:33
  • Is my question bad? If not, would you please vote it up? Besides I will test your answers and then award my bounty to your answer... – Mohsen Abasi Jul 08 '20 at 09:38
  • Your question is fine, I think some down voters thought that it's better suited for an other forum, but I can't speak for other people – ofirule Jul 08 '20 at 09:48
  • Please note that file daemon.json must be defined as docker client's config file. please see answer: https://stackoverflow.com/a/59015641/659077 – Mohsen Abasi Jul 09 '20 at 10:11