Private registry push fail: server gave HTTP response to HTTPS client - docker

I was using docker in linux machine where I was pulling images from my local docker repo over http authentication. Now I need to use the same thing on windows setup. Issue is when I am trying to pull image using command
docker pull <IP>:port/abc/xyz
it gives me error Private registry push fail: server gave HTTP response to HTTPS client
I have modified the daemon.json file to
{"registry-mirrors":[],"insecure-registries":["<IP>:port"], "debug":true, "experimental": false}
even after this its not getting started. And showing me the same error.

I have faced the same issue. What you have to do is just give the insecure-registries, and remove all other configurations. Just copy paste the below json inside daemon.json file ( available in "C:\Users{user-name}.docker\daemon.json" or "/etc/docker/daemon.json")
{
"insecure-registries" :["<IP>:port"]
}

Related

How do you add a private registry to docker?

I'm new to Docker. I have installed Docker version : 20.10.15 and am trying to download images from one of our vendor sites.
While I was able to download images earlier, now I get the below error :
----------------------------------------------------------------------------------
cmd : **docker pull containers.XXX.com/bmc/lpade:kubectl-latest**
Error response from daemon: Head "https://containers.XXX.com/v2/bmc/lpade/manifests/kubectl-latest": unauthorized: unable to get identity token from basic auth credentials: invalid grant: invalid authentication credentials given
----------------------------------------------------------------------------------
May I know what is causing this error? Also I would like to know how this repo was working earlier , (as this is not a docker hub repo) how does docker knows that there is a private registry?

unable to docker push images in artifactory

I'm having problems pushing images to my docker repo in Artifactory. Pulling the images works as expected, but pushing them gives me an error. I can see the progress bar pushing the image, but somehow it times out w/ a "I/O Timeout"
My setup consists of an Artifactory instance running in my k8 cluster and I have a F5 in front of it for SSL offloading. I followed these instruction for using the repository path method.
On the http settings I've tried using the nginx/http reverse proxy or just using the embedded tomcat. I either the the "I/O timeout" or a "503 Service Unavailable" (when using the embedded).
I know network wise everything is ok, since I can push other items. i.e, files, npm etc... It's a bit frustrating that I'm able to pull but not push. Has anyone seen this before??
Do the docker push command again with artifactory UI open ( Admin -> System logs -> Request log )
You should see a few requests coming in with '/api/docker' in the path. What's the return code and full path shows in request log?
The docker registry push would require docker login. You may need to get credentials for the docker registry so that you push. Say if you have saved password in a file
docker login --username=yourhubusername --email=youremail#company.com
And then try push.

docker login fails: tls: server selected unsupported protocol version 301

I am using docker version 18.09.0, build 4d60db4 in a Windows machine and I am trying to login to Artifactory using the following command,
docker login docker-registery.company.net
It prompts for username and password and I am providing them, however I am not able to login. It gives me the following error:
Error response from daemon: Get https://docker-registery.company.net/v2/: tls: server selected unsupported protocol version 301
Note: I am able to login to the Artifactory Repo Browser through my web browser by using the same username and password.
What is causing this issue when I try to login from the command-line? Is it some kind of proxy or certificate issue?
protocol version 301 = TLS 1.0 - that is insecure TLS version, which has been selected by the server (in theory by Artifactory, but there can be reverse proxy, Tomcat, etc. where TLS can be configured as well).
Configure properly TLS on the server side (enable support for TLS 1.1+) and your docker client will be able to establish a secure TLS connection. "insecure registry" is just insecure workaround.
We have the same issue after some of Windows update
You can manually change the default TLS version in windows by editing register
Change needed values in regedit.exe or store this code as .reg file and execute it.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
Hope, it will solve your problem
Try this,
docker login --username=yourUserName --email=abc#company.net dockerregistry.company.net:5000
Obviously, if you are using a port other than 5000 specify it after the colon.
Once you log in, you can do something like
docker push dockerregistry.company.net:5000/ubuntu
or
docker pull dockerregistry.company.net:5000/ubuntu
None of the above answers actually worked for me.
However, I manged to find a fix for it. Keep in mind that, this is not a perfect solution but a work around.
Here it goes...
I added my Artifactory registry as an insecure registry. Here's how to do it: https://docs.docker.com/registry/insecure/
Therefore, by passing the TLS handshake.

How can I talk https to my local docker registry (sonatype nexus)

From the documentation found here: https://books.sonatype.com/nexus-book/3.0/reference/docker.html
I can conclude that I cannot create a private docker registry unless I expose it through https.
Docker relies on secure connections using SSL to connect to the repositories. You are therefore required to expose the repository manager to your client tools via HTTPS. This can be configured via an external proxy server or directly with the repository manager. Further details can be found in Section 5.9.4, “Inbound SSL - Configuring to Serve Content via HTTPS”.
I have done all these steps (using reverse-proxy on https://localhost:5001 forwarding to nexus proxy registry with http connector). However now that I want to start pulling from my local registry, I cannot find a way to access it through https.
The following command which is describe here: https://docs.docker.com/engine/reference/commandline/pull/#pull-from-a-different-registry
docker pull localhost:5001/hello-world
returns:
Error response from daemon: error parsing HTTP 400 response body: invalid character '<' looking for beginning of value: "\n\n400 Bad Request\n\nBad Request\nYour browser sent a request that this server could not understand.\nReason: You're speaking plain HTTP to an SSL-enabled server port.\n Instead use the HTTPS scheme to access this URL, please.\n\n\n"
and when I try this:
docker pull https://localhost:5001/hello-world
I get:
invalid reference format
The solution to this is:
either having a valid SSL certificate for the proxy you re accessing the repository through
or
creating a self-signed certificate and manually inserting it in the Windows Trusted root authorities certificates
of the computer you want to access the registry from.
This should resolve any issues and relevant messages. Try accessing https://proxyUrl:5000/v2 and you should now be getting a different message than before as well as be able to pull and push to the registry.

Docker private registry - Method not allowed 405

I'm trying to create private registry for docker and I'm relying on instructions given on the docker site. I have a seperate linux box where this registry is installed, then I'm trying to push my images from local(osx box with docker toolbox). I keep on getting 405 from registry server. I'm quite new to docker. I was hoping the default basic configuration to work without much trouble.
configuration
Latest docker toolbox.
Latest registry installation.
I only changes the TLS configuration to post the request over http.
Error
The push refers to a repository [192.168.1.98:5000/complete] (len: 1)
Sending image list
Error: Status 405 trying to push repository complete: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>405 Method Not Allowed</title>\n</head><body>\n<h1>Method Not Allowed</h1>\n<p>The requested method PUT is not allowed for the URL /v1/repositories/complete/.</p>\n</body></html>\n"
The doc mentions
405 Method Not Allowed
Manifest put is not allowed because the registry is configured as a pull-through cache or for some other reason
(like a read-only mode)
UNSUPPORTED: The operation was unsupported due to a missing implementation or invalid set of parameters.
The same doc uses urls which include /v2, not like the one used in the question (/v1/repositories/complete)
The instructions include:
Getting the headers correct is very important. For all responses to any request under the “/v2/” url space, the Docker-Distribution-API-Version header should be set to the value “registry/2.0”, even for a 4xx response
Make sure you are running a v2 registry image (which is now docker distribution)
The OP Charith actually found in the comments:
mistake in port forwarding on the registry host: The 5000 port was servicing from another server.
I've switched to an available port and everything started working.

Resources