Docker: Issue with pulling from a private registry from another server - docker

I just started learning docker.
I have a private registry running on one server(server1), and can pull a test image from it on server1 by typing the following:
docker pull 127.0.0.1:5000/test
However, when I type the above command from another server, I get the error message below:
Error: Invalid Registry endpoint: Get http://127.0.0.1:5000/v1/_ping: dial tcp 127.0.0.1:5000: connection refused
Am I missing something in configuration?
Any help is appreciated.
Thanks!

The IP 127.0.0.1 refers always to the local machine. So when you call 'docker pull 127.0.0.1:5000/test' from another machine, you must use the real IP of the server, not 127.0.0.1.
Maybe try to ping the Server first by calling http://XXXXXXX:5000/v1/_ping from the other machine to make sure it is available and you use the correct IP.

Docker 1.3 added '--insecure-registry' parameter which allows you to pull from a remote private registry. Refer this: Setting up a remote private Docker registry

Related

From inside of a Docker container, how do I connect to the endpoint?

I have a cloudwatch agent installed in EC2 instance and also a docker image on the instance.
From the EC2 instance, I could successfully send out logs to endpoint(0.0.0.0:25888) to cloudwatch. But when I get into the docker image using docker exec -it <container id> bash, I tried to publish same logs from inside container but it failed with following error:
2861 2022-07-21 00:11:18,686 ERROR (10.0.1.124,1385:MainThread) aws_embedded_metrics.sinks.tcp_client: Failed to connect to the socket. [Errno 111] Connection refused
2862 2022-07-21 00:11:18,686 INFO (10.0.1.124,1385:MainThread) aws_embedded_metrics.sinks.agent_sink: Parsed agent endpoint (tcp) 0.0.0.0:25888
Wondering if anyone knows the root cause here or any debugging clue? Thanks in advance!
I run into this as well. My solution (workaround?) was to:
Make sure the cloudwatch agent is listening on udp://0.0.0.0:25888 and not 127.0.0.1 (the default). The CWAgent docs I have seen don't have any examples on how to achieve this.
Once inside the container, use the Docker host IP to send messages. For me this was export AWS_EMF_AGENT_ENDPOINT=udp://172.17.0.1:25888, as I was using aws-embedded-metrics-python. YMMV depending on the underlying library that you use.

Docker context defined with https resulting an error reaching out to port 80

I have setup a docker registry using docker-compose, largely following the recipe published by Docker here: https://docs.docker.com/registry/recipes/nginx/
Nginx and my registry start, and I am able to issue docker login from a different machine:
docker login https://myhost.mydomain.net
Once logged in I can push and pull images as expected.
Now I need a way to manage content in the remote registry. To that end, I defined a context:
docker context create myregistry-prod --docker "host=https://myhost.mydomain.net"
The command results in this message, which appears to arise during basic authentication:
error during connect: Post "http://myhost.mydomain.net/v1.24/auth": dial tcp 192.168.176.71:80: connectex: No connection could be made because the target machine actively refused it.
I assumed that a context using https would operate inside a TLS connection, so I'm surprised to see the client attempting to open port 80. By design, I have no program listening on port 80, hence the connection is refused.
Note that I am able to fetch the catalog using this URL in a browser, https://myhost.mydomain.net/v2/_catalog . The browser prompts for basic credentials, I supply them and get back the expected result. It appears that the Docker API working as expected passing through the Nginx container and being serviced by the registry container.
So, the question is, how do I go about diagnosing the issue? Did I make an error defining the context?
I'm quite sure I have a misunderstanding. This is my first attempt at docker compose and my first attempt at using nginx in front of Docker Registry. I will redact and post nginx.conf and docker-compose.yml if you need them but I am guessing it's a client-side problem. Any help you might offer will be greatly appreciated.

Can't push/pull from local docker registry

I have created a cluster of Kubernetes, and installed docker for each node.
When I try to pull or push an image to my local registry, using docker push local_registry_addr:port/image_id, I get the following response: Get local_registry_addr:port/v2: http: server gave HTTP response to HTTPS client.
This happens although I got the certificate from the registry server, and add it as a certificate on my docker server. If I try to wget local_registry_addr:port, I get 200 OK.
How can I fix it? Is there anything I need to configure perhaps?
The problem was that I wasn't suppose to add the port - using push local_registry_addr/image_id worked fine.

In virtual-machine Docker push to private registry failed under proxy

I want to push a Docker image to a private registry in the local machine.
The docker is running in a virtual-machine CentOS 7 and I'm working a in a network under a proxy.
What I did is to tag my Docker local image "test_bench_image" obtained from building a dockerfile:
docker tag test_bench_image localhost:5000/test_bench_image
and then I tried to push it:
docker push localhost:5000/test_bench_image
What I get is:
The push refers to a repository [localhost:5000/test_bench_image]
Put http://localhost:5000/v1/repositories/test_bench_image/: dial tcp 127.0.0.1:5000: getsockopt: connection refused
I understood that /etc/sysconfig/docker should include the variable no_proxy to allow pushing to private Docker registry under a proxy. So I included in the file:
...
http_proxy="http://myproxy.es:80"
https_proxy="http://myproxy.es:80"
no_proxy="127.0.0.1:5000"
But I get the same error message after reload the daemon and restart the docker service.
Any help will be really welcome.
Note: My original plan was to use the Docker local image in Jenkins. But the Docker plugin cannot pull the local image since it is not publicly available. So I tried to create a private registry and force Jenkins to pull it from there.
Thanks.
I ran into a similar issue and I had to additionally uncomment and add my private registry's host IP in the section INSECURE_REGISTRY='XX.XXX.XXX.XXX:5000' in /etc/sysconfig/docker file.

docker private registry within local network

I've set up a private registry for docker, everything works greate from outside (i've a server with several VMs, one of these is the reposiotry).
From my pc I can do docker login -u USER -p PASS repo.mydomain.com and it works great.
Now, from inside another VMs if i do the same i get back Error response from daemon: Get https://repo.mydomain.com/v1/users/: dial tcp 10.236.8.111:443: getsockopt: connection refused
It seems that the repo.mydomain.com is resolved at the local (intramachine) IP, and then the repository hangsup or does not allow the connection to pass by. Or other reasons which I don't know now.
How can I make it working?
So, the workaround is to use it as insecure docker repository, since intercomunication is within the local network. to do so:
edit /etc/docker/daemon.json adding { "insecure-registries":["repo.mydomain.com:5000"] }
restart docker service docker restart
do the login using the port 5000 docker login -u USER -p PASS repo.mydomain.com:5000
now it says login successfully. Wondering if there's a better (cleaner) way to do it.
PS: to pull the data you have to use repo.mydomain.com:5000/image

Resources