I am trying to use Jenkins to build and push docker images to private registry. However, while trying docker login command, I am getting this error:
http: server gave HTTP response to HTTPS client
I know that this might be happening because the private registry is not added as an insecure registry. But, how I can resolve this in CI pipeline?
Jenkins is set up on a Kubernetes cluster and I am trying to automate the deployment of an application on the cluster.
This has nothing to do with the Jenkins CI pipeline or Kubernetes. Jenkins will not be able to push your images until configure follow either of the below steps
You have two options here
1) Configure your docker client to use the secure registry over HTTPS. This will include setting up self signed certificates or getting certificates from your local certificate authority.
2) Second solution is to use your registry over an unencrypted HTTP connection.
So if you are running docker on kubernetes. You will have to configure the daemon.json file in /etc/docker/daemon.json.
PS: This file might not exist. You will have to create it.
Then add in the below content. Make sure you change the url to match your docker registry
{
"insecure-registries" : ["myregistrydomain.com:5000"]
}
Then restart docker using systemctl restart docker or etc/init.d/docker restart depending on the version of linux distro installed on your cluster
Let me know if you have any questions
Related
I've followed this docs manual to create a self-signed private registry on some VM. It works fine when I pull images from another host.
I now try to understand how I configure a Service Connection in Azure DevOps of type Docker Registry to use this registry.
This is my current setup:
And this is the log:
We could go to the Docker's Settings > Network and change DNS Server radio button to Fixed
In addition, I found a sample issue, you could also check this.
I'm messing around with Artifactory and have used the artififactory-pro docker container to get me up and running on an azure vm. I'm now trying to push a docker image to the docker-local repository within Artifactory. This is working locally but I had to change my local docker options to include the insecure-registry I set up.
To continue my POC further I want to be able to push to the artifactory docker repo using the MS hosted 'ubuntu-latest' agent with Azure pipelines but I believe I need to set the docker options on the agent to again allow the insecure regsitry as it's currently throwing the error:
[Error] Docker login failed for: http:/, http:.
How do I set the docker options on the MS hosted agent within my pipeline? I'm having to install .net-core 3.1 sdk during the pipeline so i'd like to think it is possible.
Thanks
As far as I know, you cannot set docker options to allow insecure regsitry on MS hosted agent. To set insecure registry, you have to modify some docker config file. But we are restricted to modify the system files of MS hosted agent for security reason, you will get access denied error if you try to do so.
The workaround is to create your own self-hosted agent on your local machine. So that you can set the insecure registry for docker daemon on local machine.
However you can also submit a feature request(click suggest a feature and choose azure devops) to Microsoft Development team. Hope they will consider implementing a feature to enable seting docker options on MS hosted agent.
I use this docker-compose file to create a GitLab installation along with the GitLab Container Registry enabled.
All containers start nicely, but when I try to access the container registry via a new GitLab project, I get a 500 error.
From Kitematic, in the registry container logs I see this
http: TLS handshake error from 192.168.99.1:54873: tls: first record does not look like a TLS handshake
I am not an expert in security, but from my research I think it has to do with the self-signed certificate that GitLab expects.
Is this the problem? How should I proceed?
I installed NexusOSS using docker-nexus on AWS, to use it as a docker private repository. After installation, I realized that docker private repo is enabled only if its inbound SSL is configured. Per documentation it can be done in two ways. I am trying to see how embedded jetty can be enabled for SSL.
I used an nginx reverse proxy in front of nexus to get SSL connections to docker repo. I am running nexus and nginx in docker containers. I have a hosted and proxy docker repo and a group docker repo including the hosted and proxy one. The HTTP port for the group repo is 5000 (which is used to access all docker registry via nginx.conf)
Here is my approach with steps in README.md:
https://github.com/akailash/nginx_nexus
I tried to set up artifactory as docker registry as shown in this video: http://www.jfrog.com/video/artifactory-docker-integration/
However, I don't have SSL installed in artifactory so I'm using the --insecure-registry flag. (as shown in error in docker build publish plugin and Remote access to a private docker-registry)
Anyway, I don't know how to figure out the artifactory as docker registry url so I can do this:
curl -k -uusername:password "http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/api/docker/docker-images"
This page, http://www.jfrog.com/confluence/display/RTF/Docker+Repositories, shows at the bottom that something called a reverse proxy might be needed? Is this true and if so how do I install such a thing?
The reason behind requiring a reverse proxy in front of Artifactory is related to a Docker client limitation - you cannot use a context path when providing the registry path, e.g sdpvvrwm812.ib.tor.company.com:8081/artifactory/api/docker/docker-images is not valid.The Docker client assumes you are working with one big registry for all images, while Artifactory allows you to manage multiple registries (repositories) on the same server.
To overcome this issue you should setup a reverse proxy which will allow the Docker client to send requests to the root context and forward those requests to the correct repository path in Artifactory. For example, forwarding requests from sdpvvrwm812.ib.tor.company.com:8888/ to sdpvvrwm812.ib.tor.company.com:8081/artifactory/api/docker/docker-images
The Artifactory documentation contains configuration examples for NginX, Apache and HAProxy.
Notice that there are different configurations for Docker registry API v1 and v2.
After setting up the reverse proxy, the Docker client should use the proxy in order to access Artifactory.
If you are using the --insecure-registry flag there is no need to configure an SSL certificate. With older versions of Docker, before this flag was introduced (Docker 1.3.2) it was a mandatory requirement.