Open kinghuang opened 5 years ago
Hi @kinghuang , thank you for filling this issue! I think it might be related with #413 . Can you check if this comment helps you? I will then close this issue and track the fix on #413.
@silvin-lubecki I read through #413 before posting this issue, but I don't think it's the same thing. My registry (registry-dev.transzap.com) has a valid certificate chain, and doesn't use a self-signed certificate. docker-app works with it when I run it inside a container from the docker image, but not as a binary on my Mac. The docker
CLI has no issues logging in and working with the registry.
Just to be sure, I've tried going to https://knowledge.digicert.com/solution/SO5761.html, downloading the GeoTrust Global CA and GeoTrust Primary Certification Authority – G3 certificates, and placing them in /usr/local/share/ca-certificates on my Mac. docker-app still reports TLS handshake timeout.
▸ docker-app git:(master) ls -al /usr/local/share/ca-certificates
total 16
drwxr-xr-x 4 king.huang admin 128 9 Nov 09:58 .
drwxrwxr-x 30 king.huang admin 960 9 Nov 09:50 ..
-rw-r--r--@ 1 king.huang TRANSZAP\Domain Users 1234 9 Nov 09:51 GeoTrust_Global_CA.pem
-rw-r--r--@ 1 king.huang TRANSZAP\Domain Users 1466 9 Nov 09:57 Geotrust_PCA_G3_Root.pem
▸ docker-app git:(master) docker-app push --namespace registry-dev.transzap.com/devops/templates/docker-app --repo app --tag test
Error: Get https://registry-dev.transzap.com/v2/: net/http: TLS handshake timeout
Is there a debug mode that can show more details about how docker-app is establishing the TLS connection?
The push/pull story is being reworked as part as moving to the CNAB runtime. I have no idea if/when it will fix the issue, but that is the reason we did not report back sooner on this. Sorry!
The push/pull story is being reworked as part as moving to the CNAB runtime. I have no idea if/when it will fix the issue, but that is the reason we did not report back sooner on this. Sorry!
Any update ?
@kinghuang do you still have this issue with the latest release https://github.com/docker/app/releases/tag/v0.8.0 ?
I have not run into this issue with Docker App 0.8.0.
I am having a very similar issue. My registry has a valid certificate that is working nicely with docker image push.
However, with docker app push, I am getting "x509: certificate signed by unknown authority" :
$ docker app push hello --tag my.registry.com/hello:0.1.0
my.registry.com/hello:0.1.0-invoc
fixing up "my.registry.com/hello:0.1.0" for push: failed to resolve "my.registry.com/hello:0.1.0-invoc", push the image to the registry before pushing the bundle: failed to do request: Head https://my.registry.com/v2/hello/manifests/0.1.0-invoc: x509: certificate signed by unknown authority
$ docker app version
Version: v0.8.0
Git commit: 7eea32b7
Built: Tue Jun 11 20:53:26 2019
OS/Arch: darwin/amd64
Experimental: off
Renderers: none
Invocation Base Image: docker/cnab-app-base:v0.8.0
@simonferquel Shall I open a different issue ?
Description
Just getting back to Docker App after a long break. With 0.6.0, I'm unable to use
docker-app push
to push to my registry. Docker App just says TLS handshake timeout.The registry's certificate is signed by GeoTrust. I can login to it using
docker login …
, and I can push and pull images with thedocker
CLI. But,docker-app
doesn't work.Steps to reproduce the issue:
Describe the results you received:
Describe the results you expected:
The app image should be pushed to the registry.
Additional information you deem important (e.g. issue happens only occasionally):
Using macOS 10.13.6. Running docker-app from within a container extending the
docker
image works.Output of
docker version
:Output of
docker-app version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):