$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27e79f6a504c registry:2 "/bin/registry serve " About an hour ago Restarting (2) 36 minutes ago 0.0.0.0:5000->5000/tcp registry
So registry is running and listening on port 5000.
By other hand, I set up a coreOS instance and according to this documentation I've added a .docker/config.json with authentication on docker user home with this content:
Error response from daemon: invalid registry endpoint https://x.x.x.x:5000/v0/: unable to ping registry endpoint https://x.x.x.x:5000/v0/
v2 ping attempt failed with error: Get https://x.x.x.x:5000/v2/: EOF
v1 ping attempt failed with error: Get https://x.x.x.x:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry x.x.x.x:5000 to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/x.x.x.x:5000/ca.crt
I've also tried to get the connection directly with openssl:
Issue Report
I've created a private docker registry with TLS and authorization: I perform this container in order to start it:
Everything seems to be right:
So registry is running and listening on port 5000.
By other hand, I set up a coreOS instance and according to this documentation I've added a
.docker/config.json
with authentication ondocker
user home with this content:I've already added the certificate (
ca.crt
) in/etc/ssl/certs
and in/etc/docker/certs.d/x.x.x.x:5000/
.From this CoreOS instance, I'm trying to perform that:
And it tells me:
I've also tried to get the connection directly with
openssl
:openssl s_client -connect x.x.x.x:5000
The output is:
CONNECTED(00000003) 140180300502672:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 308 bytes
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1467812448 Timeout : 300 (sec) Verify return code: 0 (ok)
CoreOS Version
Environment
VM machine provided on VirtualBox by Vagrant.