I want to pull a docker image from someone else private registry[containerregistry.us.xxxxx.com:8088]. When I am pulling a docker image I am getting this error
[root@bmcapp ~]# docker pull containerregistry.us.xxxxx.com:8088/kafk-server:1
Error response from daemon: Get https://containerregistry.us.xxxxx.com:8088/v1/_ping: x509: certificate signed by unknown authority
1) I tried adding ca.crt certificate given by them at this folder /etc/docker/certs.d/containerregistry.us.xxxxx.com:8088
.
2) Then in docker.service
file at /usr/lib/systemd/system/
, I tried adding
--insecure-registry containerregistry.us.xxxxx.com:8088
at this line in docker.service like this
ExecStart=/usr/bin/dockerd
TO
ExecStart=/usr/bin/dockerd --insecure-registry containerregistry.us.xxxxx.com:8088
Then I restarted docker and daemon
[root@bmcapp ~]#systemctl daemon-reload
[root@bmcapp ~]#systemctl restart docker
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.`
CONFIGURATION:
[root@bm ~]# docker info
Containers: 113
Running: 29
Paused: 0
Stopped: 84
Images: 50
Server Version: 1.13.1
Storage Driver: overlay2
Kernel Version: 4.1.12-61.1.28.el7uek.x86_64
Operating System: Oracle Linux Server 7.3
OSType: linux
Architecture: x86_64
CPUs: 4
Another way is to set the environment variable DOCKER_OPTS
with the insecure registry, and restart the Docker daemon again.
export DOCKER_OPTS="--insecure-registry containerregistry.us.xxxxx.com:8088"
Then, try login to the registry.
docker login containerregistry.us.xxxxx.com:8088
If you want the environment variable to stick, put it in your bashrc
/ bash_profile
A better way to do this is just use LetsEncrypt to generate a valid SSL cert.