Error: v1 ping attempt failed with error

[cyberco]

I've spent quite a while trying to get the 'Quick start' from the README to work, but using this command:

docker run -d \
         -e SETTINGS_FLAVOR=s3 \
         -e AWS_BUCKET=mybucket \
         -e STORAGE_PATH=/registry \
         -e AWS_KEY=whateffa \
         -e AWS_SECRET=verysecret \
         -e SEARCH_BACKEND=sqlalchemy \
     -e AWS_REGION=eu-west-1 \
     -e STORAGE_REDIRECT=true \
         -p 443:5000 \
         registry

...I constantly run into this error when trying to push an image:

FATA[0004] Error: v1 ping attempt failed with error: Get https://site.com:443/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry site.com:443` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/site.com:443/ca.crt

The server has port 442 open for https and I can ping the server perfectly fine. I've also tried port 80, but that resulted in the same error. But on port 80 I could do a curl get and get a response from the repository.

[dmp42]

Did you add --insecure-registry site.com:443 to your daemon as pointed out?

[cyberco]

I found that I had to edit /etc/default docker. Now that reads:

cat /etc/default/docker
DOCKER_OPTS="$DOCKER_OPTS --insecure-registry=site.com:443"

Now the error is:

FATA[0014] Error: v1 ping attempt failed with error: Get https://site.com:443/v1/_ping: dial tcp 1.2.3.4:443: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry site.com:443` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/site.com:443/ca.crt

An i/o timeout, which I don't understand since the server is up with HTTPS and can be pinged.

[dmp42]

dial tcp 1.2.3.4:443: i/o timeout

Can you:

• curl https://1.2.3.4:443/v1/_ping
• dig site.com
• check that your registry is started and does listen on 1.2.3.4?

[cyberco]

The registry has started and is listening, but doing:

OpenSSL s_client -connect site.com:443/v1/_ping -prexit -debug

...gives me:

CONNECTED(00000003)
write to 0x7f906b700000 [0x7f906d001000] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 39 00 00   ......W... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 9a 00 00 99 00   ..3..2../.......
0030 - 00 96 03 00 80 00 00 05-00 00 04 01 00 80 00 00   ................
0040 - 15 00 00 12 00 00 09 06-00 40 00 00 14 00 00 11   .........@......
0050 - 00 00 08 00 00 06 04 00-80 00 00 03 02 00 80 00   ................
0060 - 00 ff fe c8 6e d6 d0 17-f7 e9 6c b2 2f ee 09 83   ....n.....l./...
0070 - e4 c0 71 11 be 86 77 5d-b9 9b 9f 54 c9 07 a6 fa   ..q...w]...T....
0080 - e2 ef                                             ..
read from 0x7f906b700000 [0x7f906d006600] (7 bytes => 0 (0x0))
9308:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.10.1/src/ssl/s23_lib.c:185:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 130 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

I'm too much a newbie to really understand what's going wrong here.

[cyberco]

OK, found it. It turns out that you have to run the LOCAL docker daemon with the '--insecure-registry' option, not the docker daemon of the remote docker registry.

I somehow missed that from all the blogs and discussions...

[mkrcah]

If you use docker-machine 0.3.0, you can pass this parameter with --engine-insecure-registry

[ryanhanks-wf]

Myself and another individual in our organization both hit this error on our machines (we're both on OS X). In our situation we were able to resolve the issue by killing and restarting the docker VM.