Cli: docker push fails to private docker IP but not to localhost

Created on 17 Jan 2020  路  7Comments  路  Source: docker/cli

I created a private docker registry as follows:
docker run -d -p 5007:5000 --restart=always --name registry registry:2

I then tried the commands found here:

docker push localhost:5007/my-ubuntu

succeeds. However docker
push docker push 10.93.97.131:5007/my-ubuntua
fails

The tag and push for each is seen below.
image

The message log (/var/log/messages) is seen here:
image

I am behind a corporate proxy. However I think I've properly configured for that.
image

image

image

It would seem that the proxy is getting in the way.. note the proxy address seems to align with the last error message in /var/log/messages

image

image

What is the proper way to ensure that the docker cli does not use the proxy?

aredistribution kinquestion
Source
picture davesargrad

All 7 comments

By default, registries should have TLS enabled. An exception is made for localhost (and 127.0.x.x IP addresses), because those are a common case for local testing; see the output of docker info, which shows what registries are configured as "insecure";

Insecure Registries:
  127.0.0.0/8

When pushing to an insecure registry, docker will first attempt to push with a TLS connection (https://), but falls back to non-TLS, as well as allows the use of self-signed certificates.

For other IP-addresses, this is not the case, and docker will fail (as having a public registry without TLS is a security risk).

You can find some information about configuring a registry in the docs: https://docs.docker.com/registry/configuration/

And (for testing purposes) how to configure the daemon to mark a registry as "insecure"; https://docs.docker.com/registry/insecure/

thaJeztah picture thaJeztah on 17 Jan 2020
👍1

Hi @thaJeztah

Thanks for your response.

I have configured my registry as insecure. I first learned to do this over a year ago when i started using docker. In the following you will see that 10.93.97.131:5007 is marked insecure

image

davesargrad picture davesargrad on 17 Jan 2020

Oddly I just noticed that No Proxy isnt set, even though
systemctl show --property=Environment docker

seems to suggest it is.

This may be my problem. How is it that these are out of sync?

davesargrad picture davesargrad on 17 Jan 2020

Does it work if you specify them on separate Environment options?

Environment="HTTP_PROXY=........"
Environment="NO_PROXY=.........."
thaJeztah picture thaJeztah on 17 Jan 2020
👍1

Turns out a reboot resulted in no_proxy being handled correctly. I dont know why there seemed to be a disconnect between
docker info
and
systemctl show --property=Environment docker

davesargrad picture davesargrad on 17 Jan 2020

Hi again @thaJeztah

I will close this issue. Your input did help me. Even though it wasn't the insecure registry, it did help me to realize how easy it is to see the current configuration that docker is working with.

I would like to know why docker info and systemctl show ... provided seemingly conflicting information.

If you have some thoughts on this, I'd appreciate them

Regardless, thank you for your fast response. It helped.

davesargrad picture davesargrad on 17 Jan 2020

No idea why it would show different information in your case; are you using the live-restore feature perhaps? systemd would set the environment variables, and the docker daemon directly reads those variables when starting the daemon.

Let me close this issue, but feel free to continue the conversation

thaJeztah picture thaJeztah on 20 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nanomosfet picture nanomosfet  路  4Comments
zopyx picture zopyx  路  4Comments
Ingosmar89219 picture Ingosmar89219  路  3Comments
thaJeztah picture thaJeztah  路  5Comments
thaJeztah picture thaJeztah  路  3Comments