Open dschulten opened 9 hours ago
@dschulten I set up a private registry locally with a self-signed certificate, and here is the registries.conf
file I used:
[[registry]]
location = "localhost:5000"
insecure = true
To log in, I used:
root@zaasvmd:~/private-registry-certs# podman login localhost:5000
Username: testuser
Password:
Login Succeeded!
Does this match your setup, or do you have a different configuration?
Issue Description
I need to access a corporate registry that uses a self-signed certificate. I am using a rootful podman engine with user-mode networking in Windows 10 with a corporate proxy and proxy settings that have NO_PROXY settings containing .registry.example.com as proxy exception.
I had to go rootful with --user-mode-networking because of:
I am able to execute the test container:
Login into the corporate registry fails:
I have added the registry's PEM file to /etc/pki/ca-trust/source/anchors/gitlab-registry-example-com.pem using vi after establishing a root session using podman machine ssh. Then I have executed
update-ca-trust
, which gives me no output, normally a sign that it worked. When I inspect the PEM file, it tells me that issuer and owner have the same DN, namely gitlab.registry.example.com.In addition to adding the self-signed certificate as a trusted certificate, I also tried to mark the registry as insecure by adding the following entry to /etc/containers/registries.conf:
That makes no difference.
Pulling and running images from the registry also fails:
However, the service is not unavailable - login and pulling images in docker desktop works just fine (when I shut down the podman machine and run docker desktop instead)
I have also tried to use the Podman Desktop UI to add registries with self-signed certificates - after a lengthy period, the UI shows the following error message:
Steps to reproduce the issue
Steps to reproduce the issue
Describe the results you received
Login failure, certificate signed by unknown authority
Describe the results you expected
Login should work
podman info output
Podman in a container
No
Privileged Or Rootless
Privileged
Upstream Latest Release
Yes
Additional environment details
no environment details
Additional information
no additional information