Docker repository server gave HTTP response to HTTPS client
WindowsDockerDocker ToolboxWindows Problem Overview
I use Docker toolbox for windows and i`m trying run private docker registry from this documentation https://docs.docker.com/registry/deploying/
But it`s not work for me. Error after this:
$ docker pull 192.168.99.100:5000/my-ubuntu
Error
$ docker pull 192.168.99.100:5000/image
Using default tag: latest
Error response from daemon: Get https://192.168.99.100:5000/v2/: http: server gave HTTP response to HTTPS client
I`m thinking that error is something in my docker client.
For information this is my docker info
Containers: 6
Running: 4
Paused: 0
Stopped: 2
Images: 19
Server Version: 17.06.0-ce
Storage Driver: aufs
Root Dir: /mnt/sda1/var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 144
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfb82a876ecc11b5ca0977d1733adbe58599088a
runc version: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 4.4.74-boot2docker
Operating System: Boot2Docker 17.06.0-ce (TCL 7.2); HEAD : 0672754 - Thu Jun 29 00:06:31 UTC 2017
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 995.8MiB
Name: default
ID: ZMCX:NXC7:3BSV:ZNWV:MDZO:FW26:6MX5:UWI6:NVRL:XP56:AKGC:Z3TW
Docker Root Dir: /mnt/sda1/var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 47
Goroutines: 56
System Time: 2018-04-05T13:43:42.856720067Z
EventsListeners: 0
Username: kacalek
Registry: https://index.docker.io/v1/
Labels:
provider=virtualbox
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
If i try on mac so everythink is perfect.
Do you know how this error to solve?
Thank you so much for every answers!
Windows Solutions
Solution 1 - Windows
Looks like you haven't set the Docker Daemon right. Notice these few lines:
Insecure Registries:
127.0.0.0/8
Try to add this line to Docker's daemon.json file and restart the Docker Daemon:
"insecure-registries":["192.168.99.100:5000"]
Solution 2 - Windows
On CentOS 7.2.1511, I had to create a new file
/etc/docker/daemon.json
with the contents
{ "insecure-registries":["host:port"] }
(The host is the hostname of the server hosting my docker registry and port is the port where the docker registry is available. In my case, those are 192.168.99.1:50000)
and then restart docker daemon by doing:
$ sudo service docker restart
Solution 3 - Windows
Hopefully this will help anyone having issues getting the insecure-registries fix to work.
Adding
{ "insecure-registries":["host:port"] }
to
/etc/docker/daemon.json
did not work for me until I created the file
/etc/default/docker
and put the line
DOCKER_OPTS="--config-file=/etc/docker/daemon.json"
in it and then restarted the docker daemon with
sudo systemctl stop docker and sudo systemctl start docker.
For some reason just doing a sudo systemctl restart docker did not work. It threw an error about trying to restart the service to quickly.
Also for ["host:port"] I used the IP of my Docker registry as opposed to the hostname as I did not have DNS or a hosts file setup to be able to find the registry by hostname.
This drove me absolutely nuts until I stumbled upon the /etc/default/docker bit here.
I am new to Docker and so I don't know if this is new requirement since this initial post was answered or if there was something else I missed when I first setup my registry. Though all I did was to follow the current docs on the Docker site itself.
Solution 4 - Windows
If you use windows:
- in startup menu, right clic on docker desktop one, and select settings
- select "docker engine" tab, and change as in picture
"insecure-registries": [],by"insecure-registries": ["192.168.99.1:5000"],
- Click apply and restart button
- After docker restart, to check that modification was applied, open cmd console and execute this command:
docker system infothen check that 192.168.99.1:5000 exists in "insecure-registries" section
Solution 5 - Windows
If you are using Docker Desktop for Windows:
-
Click the docker whale icon in the task bar
-
A menu appears, click Settings
-
A popup appears, click Daemon
-
Entry your insecure registry in the "Insecure registries" text area
-
Click apply
Job done, no need to manually edit any files
Solution 6 - Windows
Maybe someone bumps into this as well again, @user674669 should also have mentioned that the sudo /etc/docker/daemon.json should be set on the client machine that wants to connect to the Docker registry in question.
This allows the client to connect to the server
Solution 7 - Windows
If you are using minikube in Windows machine along with minikube addons registry.
1.Find the registry IP. It will be same as minikube IP.
> minikube ip
2.Edit the file:
C:\Users\<username>\.minikube\machines\minikube\config.json
"InsecureRegistry": [
"10.96.0.0/12", // Add coma
"<minikube IP>:5000" //-> Add this line
],
3. Restart minikube
> minikube start
Solution 8 - Windows
necron9x11's answer worked for me. Note that if you're working with a Docker-in-Docker deployment such as containerized Jenkins (https://www.jenkins.io/doc/book/installing/docker/), you can add the "daemon.json" and "docker" files as part of your image build. This way both are included with your deployable dind image supporting the Jenkins image. Just create both files in the same directory with your Dockerfile:
Then the contents of the Dockerfile are:
FROM docker:dind
USER root
ADD docker /etc/default/docker
ADD daemon.json /etc/docker/daemon.json
Lastly build and deploy as usual:
docker build -f Dockerfile.dind -t dind-custom .
docker run ...
(name + env + volume + etc)
dind-custom
Now your dind container can access the insecure registries specified as ["host:port"] in daemon.json.
Solution 9 - Windows
Here is an official page explain for "Test an insecure registry". Solutions:
- Add "insecure-registries" (The major solution in this thread.)
- Use self-signed certificates
Solution 10 - Windows
If buildkit is enabled (in newer versions it seems to be enabled by default) and adding the insecurite-registries didn't fix it, you may need to either disable buildkit, or add the http:// to the hostnames in insecure-registries.
Disable Buildkit via environment variable:
DOCKER_BUILDKIT=0 docker build -t image_name .
Disable via docker daemon configuration file:
- On Docker Desktop go to
Settings > Docker Engine
** Be very careful of typos and missing commas as breaking this file will prevent docker desktop starting up.
{
...
"features": {
"buildkit": false << SET THIS TO FALSE
},
"insecure-registries": [
"hostname:18443",
"hostname:8083"
],
...
}
Configure URL as HTTP:
{
...
"features": {
"buildkit": true
},
"insecure-registries": [
"http://hostname:18443",
"http://hostname:8083"
],
...
}
Documentation of the known issue:
Solution 11 - Windows
I have to rm -Rf ~/.docker besides change the daemon.json.
credit: https://github.com/moby/moby/issues/28321#issuecomment-638307611
Solution 12 - Windows
I installed new version of Docker in Ubuntu and none of the approaches works, so I install older docker
sudo apt-get install docker-ce=5:19.03.12~3-0~ubuntu-focal
and works as normal
Solution 13 - Windows
I just spent hours trying to debug WSL. It turns out its a combination of having the insecure-registreis right, but also not having DOCKER_TLS_VERIFY set on the other side. Having that set to 0 or 1 broke it, so I had to unset the variable and it worked.
Solution 14 - Windows
I also faced the same issue. After hours of effort I figured out I need to define insecure registry as follows.
If the hosts file mapping is 192.168.0.xx docker.local then daemon.json should have the insecure registry (in etc/docker/daemon.json) key should be: ... "insecure-registries":["docker.local:5000"] ... Earlier it was like: ... "insecure-registries":["192.168.0.xx:5000"] ...