Description
My private registry worked well based on docker 1.10.3, but it can't pull/push images after docker updated to 1.12.0.
I had modified the /etc/sysconfig/docker as:
OPTIONS='--selinux-enabled=true --insecure-registry=myip:5000'
or
OPTIONS='--selinux-enabled=true --insecure-registry myip:5000'
but when I exec pull/push,I got this error:
$ docker pull myip:5000/cadvisor
Using default tag: latest
Error response from daemon: Get https://myip:5000/v1/_ping: http: server gave HTTP response to HTTPS client
when I change back docker to 1.10.3, it still work well as below:
$ docker pull myip:5000/cadvisor
Using default tag: latest
Trying to pull repository myip:5000/cadvisor ...
latest: Pulling from myip:5000/cadvisor
09d0220f4043: Pull complete
a3ed95caeb02: Pull complete
151807d34af9: Pull complete
14cd28dce332: Pull complete
Digest:
sha256:33b6475cd5b7646b3748097af1224de3eee3ba7cf5105524d95c0cf135f59b47
Status: Downloaded newer image for myip:5000/cadvisor:latest
As suggested by RichardScothern, some relative informations are listed below:
docker version
Client:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built:
OS/Arch: linux/amd64
Server:
Version: 1.12.0
API version: 1.24
Go version: go1.6.3
Git commit: 8eab29e
Built:
OS/Arch: linux/amd64
docker info
Containers: 4
Running: 1
Paused: 0
Stopped: 3
Images: 241
Server Version: 1.12.0
Storage Driver: devicemapper
Pool Name: docker-253:0-6809-pool
Pool Blocksize: 65.54 kB
Base Device Size: 107.4 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 5.459 GB
Data Space Total: 107.4 GB
Data Space Available: 34.74 GB
Metadata Space Used: 9.912 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.138 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use '--storage-opt dm.thinpooldev' to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2016-06-09)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: host overlay null bridge
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-229.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 24
Total Memory: 62.39 GiB
Name: server_3
ID: TITS:BL4B:M5FE:CIRO:5SW6:TVIV:HW36:J7OS:WLHF:46T6:2RBA:WCNV
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 21
Goroutines: 32
System Time: 2016-08-02T10:33:06.414048675+08:00
EventsListeners: 0
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
127.0.0.0/8
docker exec <registry-container> registry -version
registry github.com/docker/distribution v2.2.1
After I restart the docker daemon in debug mode, the daemon logs when reproducing my problem are listed below:
DEBU[0794] Calling POST /v1.24/images/create?fromImage=10.10.10.40%3A5000%2Fcadvisor&tag=latest
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000
DEBU[0794] Trying to pull 10.10.10.40:5000/cadvisor from https://10.10.10.40:5000 v2
WARN[0794] Error getting v2 registry: Get https://10.10.10.40:5000/v2/: http: server gave HTTP response to HTTPS client
ERRO[0794] Attempting next endpoint for pull after error: Get https://10.10.10.40:5000/v2/: http: server gave HTTP response to HTTPS client
DEBU[0794] Trying to pull 10.10.10.40:5000/cadvisor from https://10.10.10.40:5000 v1
DEBU[0794] hostDir: /etc/docker/certs.d/10.10.10.40:5000
DEBU[0794] attempting v1 ping for registry endpoint https://10.10.10.40:5000/v1/
DEBU[0794] Fallback from error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client
ERRO[0794] Attempting next endpoint for pull after error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client
ERRO[0794] Handler for POST /v1.24/images/create returned error: Get https://10.10.10.40:5000/v1/_ping: http: server gave HTTP response to HTTPS client
DEBU[1201] clean 2 unused exec commands
What's more, I just run a simple command to launch the private registry for test, anything else is by default:
docker run -d -p 5000:5000 --restart=always --name registry -v 'pwd'/data:/var/lib/registry registry:2
Neither nginx nor proxy is configured. In summary, it is only a quiet sample environment for test.
Hope you guys giving me some suggestions ,thank you!
Metadata
Metadata
Assignees
Labels
Type
Projects
Milestone
Relationships
Development
Participants
Activity
RichardScothern commentedon Aug 1, 2016
Please follow these instructions to help us diagnose your issue
docker versiondocker infodocker exec <registry-container> registry -version-Dto the daemon launch arguments)yuqian0218 commentedon Aug 2, 2016
@RichardScothern ,thank you for your comment and I will modify the issue with your suggestions.
[-]can't pull/push images after updating docker to 1.12[/-][+]Private registry push fail: server gave HTTP response to HTTPS client[/+]RichardScothern commentedon Aug 2, 2016
Can we see your config @wudiapo135 ? Do you have tls configured?
dmcgowan commentedon Aug 2, 2016
Looks like a docker configuration issue. The
--insecure-registry=myip:5000flag is not getting set on the daemon, causing this error. Try running the daemon manually with your desired options and see if you get the same issue.yuqian0218 commentedon Aug 3, 2016
I get helped from [http://stackoverflow.com/questions/38695515/can-not-pull-push-images-after-update-docker-to-1-12], two steps in total to solve this issue:
{ "insecure-registries":["myregistry.example.com:5000"] }sudo service docker restartI agree with @dmcgowan
but I have no idea about why it only occurred under docker version 1.12. I will keep this issue open in next three days, any comments are welcome.
yuqian0218 commentedon Aug 3, 2016
I had never change the config for tls, so tls config is setting by default.
daniloascione commentedon Sep 20, 2016
Same problem here but with Docker for Mac Version 1.12.1-beta26.1 (build: 12100).
Solved adding the insecure registry in Docker Mac App preferences.
Why this issue is closed?
RichardScothern commentedon Sep 20, 2016
@daniloascione the OP closed this issue because he fixed the cause of the error by correctly setting the
--insecure-registryflag. If you are having a similar issue and this is not helping you then open another issue describing your problem.daniloascione commentedon Sep 21, 2016
@RichardScothern I see... so the correct way to set the
insecure-registryflag is modifying /etc/docker/daemon.json, and the--insecure-registry=myip:5000flag is not getting set on the daemon, as reported before. Thank you.raof01 commentedon Oct 25, 2016
@wudiapo135, I did the same per your comments, but still got the same error: Private registry push fail: server gave HTTP response to HTTPS client
My docker version: Docker version 1.12.2, build bb80604
Krzysztof-Bednarczyk commentedon Oct 25, 2016
I also have the same problem with this docker version for Mac.
Docker version 1.12.2, build bb80604
registry added to insecure registries in preferences but no luck. Worked in 1.12.1.
orlade commentedon Nov 7, 2016
With Docker For Mac, the registries setting doesn't seems to be very sticky. I originally added my registry as
https://and got this error. I changed the address tohttpand restarted Docker, but the error persisted.After removing the setting altogether, restarting Docker, then adding the setting back and restarting again it stuck and started working. YMMV.
44 remaining items