I stopped the docker service on my Linux Lubuntu 16.04 and restarted it in debug mode:
sudo service docker stop
Edited the /etc/init.d/docker file to have DOCKER_OPTS="--debug"
sudo service docker start
I launched my registry with the commands:
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ ll
total 20K
-rw-rw-r-- 1 stephane 962 Oct 22 20:34 certificates.txt
drwxr-xr-x 3 root 4.0K Oct 22 20:46 home/
-rw-rw-r-- 1 stephane 316 Oct 22 20:57 registry-start.sh
-rw-r--r-- 1 root 1.8K Oct 22 20:44 thalasoft.com.crt
-rw-r--r-- 1 root 1.7K Oct 22 20:44 thalasoft.com.key
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ sudo docker run -d \
> --restart=always \
> --name registry \
> -v `pwd`:/certs \
> -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
> -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/thalasoft.com.crt \
> -e REGISTRY_HTTP_TLS_KEY=/certs/thalasoft.com.key \
> -p 443:443 \
> registry:2
e9ac1a734212779dec14674957efd8daaa034fcd7972c9c0ae9ad6fd8ef89efb
Then I try to push an image into it but it fails as the connection is refused:
stephane@ubuntu-512mb-fra1-01:~/dev/certificates$ sudo docker push localhost:5000/alpine
The push refers to a repository [localhost:5000/alpine]
Get http://localhost:5000/v2/: dial tcp 127.0.0.1:5000: getsockopt: connection refused
The docker deamon log has this to say:
Oct 23 20:23:39 ubuntu-512mb-fra1-01 systemd[1]: Started Docker Application Container Engine.
Oct 23 20:23:39 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:39.253867742Z" level=info msg="API listen on /var/run/docker.soc
Oct 23 20:23:44 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:44.918635986Z" level=info msg="Attempting next endpoint for push
Oct 23 20:23:44 ubuntu-512mb-fra1-01 dockerd[23449]: time="2017-10-23T20:23:44.919271470Z" level=info msg="Attempting next endpoint for push
The registry container log says:
time="2017-10-23T20:23:39Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="redis not configured" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="Starting upload purge in 35m0s" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
time="2017-10-23T20:23:39Z" level=info msg="listening on [::]:443, tls" go.version=go1.7.6 instance.id=af32ad34-7fb5-419a-ad0c-66ef04471caa version=v2.6.2
My docker version is:
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:42:18 2017
OS/Arch: linux/amd64
Server:
Version: 17.09.0-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:40:56 2017
OS/Arch: linux/amd64
Experimental: false
The docker info says:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 2
Server Version: 17.09.0-ce
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 8
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-93-generic
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 488.3MiB
Name: ubuntu-512mb-fra1-01
ID: FTOG:OZBQ:SDIQ:VDF6:Z4UW:7LCA:BOY2:E532:V44N:KECN:TQDR:TUIJ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
The registry version is:
registry github.com/docker/distribution v2.6.2
I had created the certificate and key with letsencrypt.org
You run registry container with -p 443:443 and then try to access it on localhost:5000. You should use port 443 and full domain name for which you have certificate (assuming that DNS points to this server). Without using full domain name there is no sense in setting up SSL in first place.