I want to set up my own private docker hub from where I can pull docker images on docker clients.
Taking this link as reference, I executed following commands on one machine:
docker pull registry
docker run -d -p 5000:5000 --name localregistry registry
docker ps
docker pull alpine
docker tag alpine:latest localhost:5000/alpine:latest
docker push localhost:5000/alpine:latest
I want to pull this image on some other machine which is reachable to/from this machine.
$ docker pull <ip_of_machine>:5000/alpine
Using default tag: latest
Error response from daemon: Get https://<ip_of_machine>:5000/v1/_ping: http: server gave HTTP response to HTTPS client
Is it possible to pull docker image from one machine which acts as a docker hub to another machine which is reachable?
Adding below line in docker client machine's /etc/sysconfig/docker file resolved the issue:
INSECURE_REGISTRY='--insecure-registry <ip>:5000'
Assuming by the tags you are using boot2docker or DockerToolbox:
You must open VirtualBox Manager
Select the default machine
Network
NAT
Port forwarding
Add an entry for the 5000 port
Regards
Related
I have 2 VM in local network with Ubuntu OS. On one of them is installed Docker registry container with basic authentication (htpasswd) but without any certificates. Normally I'm accessing registry from other "client" machine and can pull the images. However, when I try to install watchtower on client machine it is immediately exiting
root#ubnt-dckr:~# docker run --name watchtower -e DOCKER_HOST="tcp://192.168.88.12:5000" -e REPO_USER="myUser" -e REPO_PASS="myPass" v2tec/watchtower
time="2019-01-16T08:11:18Z" level=fatal msg="Error response from daemon: 404 page not found"
The default docker host ports are actually 2375 and 2376.
Which is likely, why it's not working. Do not though, that DOCKER_HOST is not supposed to be used for the docker registry but rather a remote docker engine.
For private registries, see the second part of this page in the docs:
https://containrrr.github.io/watchtower/usage-overview/
I am doing a very simple job of creating a registry in one vm pushing hello-world with my tag, mentioned first vm's ip:5000 as insecure registry in next vm and trying to pull from my first vm registry.
It is giving me error invalid reference format
don't understand what is wrong here, my commands are below
on first vm
docker pull hello-world
docker run -d -p 5000:5000 --name registry registry
docker tag hello-world localhost:5000/my-hello
docker push localhost:5000/my-hello
on second vm (used --engine-insecure-registry 192.168.99.100:5000 while creating)
docker pull 192.168.99.100:5000/my-hello
this gives me error
Note: I am able to curl to docker registry with below urls successfully
curl http://192.168.99.100:5000/v2/_catalog
{"repositories":["my-hello"]}
curl http://192.168.99.100:5000/v2/my-hello/manifests/latest
this gives me json response
Note: I am running all this behind proxy but I am able to pull from docker hub on both vms. Also in second vm when I do docker info, I get below result in the end
Insecure Registries:
192.168.99.100:5000
127.0.0.0/8
I did some workaround and was able to solve my issue, mentioning it as answer to my own question cos that might help others.
I did port forwarding in virtualbox from my host and used my host ip as registry server. This not only did the trick to solve my issue but also helped me accessing my registry from other systems.
Cannot pull image from local docker insecured registry repository inside Minikube.
I'm running Docker-toolbox v1.12.2 using Linux VM (Upstart) installed on Oracle VirtualBox 5.1.6 under Windows 7.
I've created a docker image and push (tag and then push) it into a local insecured docker-registry v2 that running on 192.168.99.100:5000/image/name.
docker run -d -p 5000:5000 --restart=always --name registry registry:2
and inside the VM, on /var/lib/boot2docker/profile I've add to the EXTRA_ARGS the flag --insecure-registry 192.168.99.100:5000 .
docker push & docker pull from localhost:5000/image/name are working fine within Docker(VM).
_catalog is reachable from Postman :GET http:192.168.99.100:5000/v2/_catalog and I'm able to get the images inside the registry.
I'm starting my Minikube v0.15.0 VM with the command:
minikube start --insecure-registry=192.168.99.100:5000
I'm under company PROXY so I've added the proxy in the command line (CMD):
set HTTP/HTTPS_PROXY=my.company.proxy:8080 and set NO_PROXY={minikube ip}.
Then Kubernetes dashboard started to work for me.
Now for the real problem, when running the command:
kubectl run image-name --image=192.168.99.100:5000/image/name --port=9999
to pull image from my local docker registry into Kubernetes its saying
deployment "image-name" created
But inside Kubernetes > Deployments I'm getting the following error:
Failed to pull image "192.168.99.109:5000/image/name": image pull failed for 192.168.99.100:5000/image/name:latest, this may be because there are no credentials on this request. details: (Error response from daemon: Get https://192.168.99.100:5000/v1/_ping: Tunnel or SSL Forbidden)
Can anyone help here with that Tunnel or SSL Forbidden error, it's driving me crazy, and I've tried so many solutions to configure --insecrue-registery inside docker, inside Kubernetes or when running the dokcer-registry.
BTW why it's refering to v1/_ping? i'm using the docker registry v2.
Seems like minikube cannot see the same network that your registry is running. Can you try running minikube ssh then run your curl for the catalog?
Also, as an alternative, you could run eval(minikube docker-env) which then will set your local docker client to use the docker server inside minikube.
So for example if you built an image tagged with myimage/foo it would build and put that image on the minikube docker host, so when you deployed the image, it wouldn't need to be pulled.
I have a Docker image I want to push to my registry (hosted on localhost). I do:
docker push localhost:5000/my_image
and works properly. However, if I tag the image and push it by:
docker push 172.20.20.20:5000/my_image
I get an error.
The push refers to a repository [172.20.20.20:5000/my_tomcat] (len: 1)
unable to ping registry endpoint https://172.20.20.20:5000/v0/ v2
ping attempt failed with error:
Get https://172.20.20.20:5000/v2/: Gateway Time-out
Can't I refer to registry by IP? If so, how could I push an image from another host that it is not localhost?
EDIT
I'm running the registry this way:
docker run -d -p 5000:5000 --restart=always --name registry registry:2
As mentioned in "IPs for all the Things" (by Jess Frazelle), you should be able, with docker 1.10, to run your registry with a fixed IP address.
It uses the --net= --ip= options of docker run.
# create a new bridge network with your subnet and gateway for your ip block
$ docker network create --subnet 203.0.113.0/24 --gateway 203.0.113.254 iptastic
# run a nginx container with a specific ip in that block
$ docker run --rm -it --net iptastic --ip 203.0.113.2 nginx
# curl the ip from any other place (assuming this is a public ip block duh)
$ curl 203.0.113.2
You can adapt this example to your registry docker run parameters.
First of all please check whether you are able to connect the registry on the port 5000. In Linux/windows you can do this using telnet. below is the command.
$ telnet 172.20.20.20 5000
If the connectivity check is failed then please check your firewall settings.
I am not sure whether you are running your running registry with login functionality. But from the question i can assume that you are not using it. In this case please add your registry as an insecure registry in the docker daemon from which you are trying to access the registry. The process is described here - https://docs.docker.com/registry/insecure/
Please let me know if are successful.
Background
There is a private docker registry I have no control of. This registry is not accessible from my computer but is accessible from a remote server I have access to.
This is my current (quite inefficient) workflow:
# On my machine
$ docker save IMAGE > FILE
$ scp FILE SERVER
$ ssh SERVER
# On the server
$ docker load < FILE
$ docker tag -f IMAGE REGISTRY:5000/IMAGE
$ docker push REGISTRY:5000/IMAGE
Problem
It takes forever to push the image as I need to save, upload and load the whole tarball even if there are no changes in most of the docker layers.
I tried to use ssh to forward the docker registry port (5000) to a port on my machine:
$ ssh -L 5042:REGISTRY:5000 SERVER
Now I can communicate with the registry from my machine:
$ curl localhost:5042/v2/
{}
But the docker wont push images to it:
$ docker tag IMAGE localhost:5042/IMAGE
$ docker push localhost:5042/IMAGE
The push refers to a repository [localhost:5042/IMAGE] (len: 1)
Sending image list
FATA[0000] Put http://localhost:5042/v1/repositories/IMAGE/: dial tcp 127.0.0.1:5042: connection refused
I have a feeling that the problem is in different name/tag of the image. On the server I need to tag it as REGISTRY:5000/IMAGE but on localhost it would make no sense as the REGISTRY url is not accessible from my computer.
Or the problem may be caused by the fact that I am running docker through docker-machine.
Question
Can I somehow push to a private docker registry that is port-forwarded to a local port?
There need to be two ssh tunnels. One from the local machine (this one is used by the docker client) and one from the docker-machine (this one is used by docker daemon).
docker-machine ssh
ssh -L 5042:REGISTRY:5000 SERVER