How to get remote access to a private docker-registry?
I'm trying to setup a private docker registry using the image taken from: https://github.com/docker/docker-registry
Just by running:
docker run -p 5000:5000 registry
I can pull/push from/to this repository only from localhost, but if i try to access it from another machine (using a private address on the same LAN) it fails with an error message:
*2014/11/03 09:49:04 Error: Invalid registry endpoint https ://10.0.0.26:5000/v1/':
Get https:// 10.0.0.26:5000/v1/_ping: Forbidden. If this private
registry supports only HTTP or HTTPS with an unknown CA certificate,
please add `--insecure-registry 10.0.0.26:5000` to the daemon's
arguments. In the case of HTTPS, if you have access to the registry's
CA certificate, no need for the flag; simply place the CA certificate
at /etc/docker/certs.d/10.0.0.26:5000/ca.crt*
What drives me crazy is that I can access it successfully using:
curl 10.0.0.26:5000
and/or curl 10.0.0.26:5000/v1/search
I also don't understand where and how I should pass the --insecure-registry flag.
Answer
OK - I found the solution to this - after a day of digging.
For docker below 1.12.1:
It turns out that the new client version refuses to work with a private registry without SSL.
To fix this - the daemon on the client machine should be launched with the insecure flag:
Just type:
sudo service docker stop # to stop the service
and then
sudo docker -d --insecure-registry 10.0.0.26:5000
(replace the 10.0.0.26 with your own ip address).
I would expect the docker guys to add this option to the pull/push command line...
Edit - altenantively - you can add the flag to DOCKER_OPTS env variable inside /etc/default/docker...
and then sudo service docker restart
Edit again - It seems that the docker guys are on it - and a fix will come soon: https://github.com/docker/docker/pull/8935
For docker 1.12.1:
Please follow below the answer of vikas027 (valid for centos)