Login/Register
Add Insecure Registry to Docker
Asked Answered
dockerdocker-registry
C

12

174

I have a docker 1.12 running on CentOS. I am trying to add insecure registry to it and things mentioned in documentation just don't work. The system uses systemd so I created a /etc/systemd/system/docker.service.d/50-insecure-registry.conf file.

$ cat /etc/systemd/system/docker.service.d/50-insecure-registry.conf
[Service]
Environment='DOCKER_OPTS=--insecure-registry="hostname.cloudapp.net:5000"'

After loading daemon and restarting docker service, systemd shows that the environment variable is there

$ sudo systemctl show docker | grep Env
Environment=DOCKER_OPTS=--insecure-registry="hostname.cloudapp.net:5000"

But when I run docker info I don't see that insecure registry added

$ docker info
........
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
    127.0.0.0/8

Pushing images to hostname.cloudapp.net fails with

Pushing application     (hostname.cloudapp.net:5000/application:latest)...
The push refers to a repository     [hostname.cloudapp.net:5000/mozart_application]
ERROR: Get https://hostname.cloudapp.net:5000/v1/_ping: http: server gave HTTP response to HTTPS client

Is there something that could be done ? Am I missing something ?

UPDATE

Resolved the issue by adding a file /etc/docker/daemon.json with following content

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

And then restart docker

sudo systemctl daemon-reload
sudo systemctl restart docker

After that insecure registry hostname.cloudapp.net:5000 works.

Chinoiserie answered 13/2, 2017 at 18:51 Comment(4)
While someone beat you to it in this case (after giving you a generous grace period), this would've been an excellent case for a self-answer.Maihem
excellent! I had this error message while "oc cluster up" with Openshift javamonamour.org/2017/12/docker-insecure-registry.html and your fix solved it!Diencephalon
I know you explicitly asked for this in relation to CentOS in your question, but to anyone who lands here looking for an macOS solution like I did, it can be done through the GUI now, as mentioned in the answer on this question.Secretin
hostaneme is likely a typo.Prole
S
219

(Copying answer from question)

To add an insecure docker registry, add the file /etc/docker/daemon.json with the following content:

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

and then restart docker.

Seals answered 18/4, 2017 at 21:5 Comment(6)
I believe that's the right solution on debian-likes. On Red Hat likes you want to add it to /etc/sysconfig/docker as one of the options, e.g. from an Openshift installation: OPTIONS='--insecure-registry=172.30.0.0/16 --others [...]' On Suse-likes I don't know.Gaskin
On DigitalOcean, the 1 click Docker image still thinks use use DOCKER_OPTS versus the daemon.json file version. Thanks!Pentstemon
@erikbwork On Fedora 28 with Docker 1.13.1 from the default package repos, the approach with /etc/docker/daemon.json works fine.Aluino
cannot restart docker after creating this daemon.json, showing error: Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details. @mattAllodial
Thanks, It works. In may case without port because se port 80 { "insecure-registries" : [ "hostname.cloudapp.net" ] }Volumeter
It worked for me. I'm using Docker version 24.0.7, build afdd53b and Ubuntu 22.04.2 LTS via WSL2Grindelia
D
31

Creating /etc/docker/daemon.json file and adding the below content and then doing a docker restart on CentOS 7 resolved the issue.

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}
Dodds answered 8/6, 2018 at 3:5 Comment(0)
U
25

The solution with the /etc/docker/daemon.json file didn't work for me on Ubuntu.

I was able to configure Docker insecure registries on Ubuntu by providing command line options to the Docker daemon in /etc/default/docker file, e.g.:

# /etc/default/docker    
DOCKER_OPTS="--insecure-registry=a.example.com --insecure-registry=b.example.com"

The same way can be used to configure custom directory for docker images and volumes storage, default DNS servers, etc..

Now, after the Docker daemon has restarted (after executing sudo service docker restart), running docker info will show:

Insecure Registries:
  a.example.com
  b.example.com
  127.0.0.0/8
Upshot answered 4/4, 2019 at 9:58 Comment(0)
N
7

For Mac

From MacOS desktop

  • click the Docker "whale" icon on the menubar at the top
  • select "Preferences..." to bring up the Docker Desktop setting window
  • Then select the "Docker Engine"
  • From here it should display a JSON excerpt of what is currently in your daemon.json file.
  • Add a line in the outermost level of the JSON object for insecure-registries and provide ip.address.for.registry:port as the corresponding value
  • click Apply and Restart

Here is visual of that process:

Docker Desktop Settings window from Docker Engine section

You should now be able to run commands such as:

$ docker build -t mysimpleapp .
$ docker tag mysimpleapp 172.16.0.65:30350/simple
$ docker push 172.160.65:30350/simple
> Using default tag: latest
The push refers to repository [172.16.0.65:30350/simple]
f5d693d2f2fe: Pushed 
66d5de1853fa: Pushed 
f317cd97a2b5: Pushed 
d517aeda4ce5: Pushed 
199d178b1757: Pushed 
latest: digest: sha256:edde4d73130ef9c88d3d273ab4a727e0f8762f0d65802afb01f46eb6877d087c size: 2425
Niko answered 19/12, 2022 at 22:24 Comment(0)
S
3

For me in Ubuntu 20.04 better way is edit systemd service

/lib/systemd/system/docker.service

and add here line after [Service]

Environment=DOCKER_OPTS=--insecure-registry=10.0.0.10:6000

or it can be done automatically by 2 commands using sed, it will add the line after [Service]

sed 's/\[Service\]/\[Service\] \nEnvironment=DOCKER_OPTS=--insecure-registry=10.0.0.10:6000/' /lib/systemd/system/docker.service > /lib/systemd/system/docker.service.tmp
mv /lib/systemd/system/docker.service.tmp /lib/systemd/system/docker.service
Senarmontite answered 4/3, 2021 at 9:19 Comment(0)
S
2

On Mac. source

  1. Goto ~/Library/Containers/com.docker.docker/Data/database
  2. There is an .git repository (.git)
  3. Reset to HEAD git reset --hard
  4. now you have com.docker.driver.amd64-linux folder
  5. Go into ~/Library/Containers/com.docker.docker/Data/database/com.docker.driver.amd64-linux/etc/docker
  6. there is your daemon.json file
Secrecy answered 9/6, 2021 at 11:15 Comment(1)
I suggest using Docker Desktop to update daemon.json if you're using Docker Desktop on the Mac https://mcmap.net/q/142519/-add-insecure-registry-to-dockerNiko
T
1

Anyone looking to add insecure registry on amazon linux 2: You will have to change the setting under /etc/sysconfig/docker and then restart docker daemon: here's how my /etc/sysconfig/docker looks like

# The max number of open files for the daemon itself, and all
# running containers.  The default value of 1048576 mirrors the value
# used by the systemd service unit.
DAEMON_MAXFILES=1048576

# Additional startup options for the Docker daemon, for example:
# OPTIONS="--ip-forward=true --iptables=true"
# By default we limit the number of open files per container
OPTIONS="--default-ulimit nofile=1024:4096 --insecure-registry yourinsecureregistryhostname:port"

# How many seconds the sysvinit script waits for the pidfile to appear
# when starting the daemon.
DAEMON_PIDFILE_TIMEOUT=10
Telescopic answered 22/1, 2021 at 15:47 Comment(0)
T
1

I had some trouble getting this to work on raspbian/raspberry pi with docker installed via the official docker script ("convenience script"). For some reason the config has to exist in /home/pi/.config/docker/daemon.json. Why/Where it is configured like that I have no idea

This is instead of the /etc/docker/daemon.json mentioned everywhere else

Toboggan answered 18/1, 2023 at 16:35 Comment(0)
B
0

For me the solution was to add the registry to here:

/etc/sysconfig/docker-registries

DOCKER_REGISTRIES=''
DOCKER_EXTRA_REGISTRIES='--insecure-registry  b.example.com'
Buryat answered 11/11, 2019 at 8:12 Comment(0)
M
0

I happened to encounter a similar kind of issue after setting up local internal JFrog Docker Private Registry on Amazon Linux.

THE followings I did to solve the issue:

Added "--insecure-registry xx.xx.xx.xx:8081" by modifying the OPTIONS variable in the /etc/sysconfig/docker file:

OPTIONS="--default-ulimit nofile=1024:40961 --insecure-registry hostname:8081"

Then restarted the docker.

I was then able to login to the local docker registry using:

docker login -u admin -p password hostname:8081
Meyerhof answered 19/8, 2020 at 0:19 Comment(0)
R
-1

If you already have a config.json file, the final file should look something like this. Here registry.myprivate.com is the one which was giving me problems.

{
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "xxxxxxxxxxxxxxxxxxxx=="
                },
                "registry.myprivate.com": {
                        "auth": "xxxxxxxxxxxxxxxxxxxx="
                }
        },
        "HttpHeaders": {
                "User-Agent": "Docker-Client/19.03.8 (linux)"
        },
        "insecure-registries" : ["registry.myprivate.com"]
}
Rope answered 20/5, 2020 at 12:29 Comment(1)
not sure if there are other steps not mentioned here, but this is not working for meNiko
B
-3

Create /etc/docker/daemon.json file where you want to pull docker images and add the following content to that file

{
    "insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}

Refer to my blog article for an in-depth explanation of creating a private docker registry: https://geekdosage.com/how-to-create-a-private-docker-registry-in-ubuntu-20-04/

Baptistry answered 1/1, 2021 at 12:40 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.