Moby: http: TLS handshake error from .. EOF

Created on 11 Dec 2015  路  3Comments  路  Source: moby/moby

I want to create my own private docker registry using selfsigned certificates. I'm working on CentOS7 on AWS EC2. This are the steps I followed:

Creating the certificate

mkdir -p certs && openssl req \
  -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
  -x509 -days 365 -out certs/domain.crt

As cname I gave: ec2-xx-xx-xx-xx.compute.amazonaws.com (external hostname of ec2)
Give the right permissions:

chcon -Rt svirt_sandbox_file_t /home/centos/certs/

Creating and running my registry: 

docker run -d -p 5000:5000 --restart=always --name registry \
  -v `pwd`/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=certs/domain.key \
  registry:2

Now I'm tagging and pushing my image:
docker tag ubuntu ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/ubuntu
and pushing docker push ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/ubuntu

I got the following error:

unable to ping registry endpoint https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v0/
v2 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v2/: net/http: TLS handshake timeout
 v1 ping attempt failed with error: Get https://ec2-xx-xx-xx-xx.compute.amazonaws.com:5000/v1/_ping: net/http: TLS handshake timeout

And in my docker logs

2015/12/11 12:49:21 http: TLS handshake error from 10.0.x.x:54152: EOF
picture lvthillo

Most helpful comment

I have the same problem , anyone can help?

picture ghost on 6 Apr 2017
👍16

All 3 comments

Hi!

Please read this important information about creating issues.

If you are reporting a new issue, make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.

If you suspect your issue is a bug, please edit your issue description to include the BUG REPORT INFORMATION shown below. If you fail to provide this information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information.

This is an automated, informational response.

Thank you.

For more information about reporting issues, see https://github.com/docker/docker/blob/master/CONTRIBUTING.md#reporting-other-issues

BUG REPORT INFORMATION

Use the commands below to provide key information from your environment:

docker version:
docker info:
uname -a:

Provide additional environment details (AWS, VirtualBox, physical, etc.):

List the steps to reproduce the issue:
1.
2.
3.

Describe the results you received:

Describe the results you expected:

Provide additional info you think is important:

----------END REPORT ---------

ENEEDMOREINFO

GordonTheTurtle picture GordonTheTurtle on 11 Dec 2015

I see the same issue.

To repoduce:

1) create self assigned cert
2) create a registry with the following command:
docker run -d -p 5000:5000 --restart=always --name registry -v /home/.../data:/var/lib/registry -v /home/.../auth:/auth -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /home/.../certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/$CERT -e REGISTRY_HTTP_TLS_KEY=/certs/$KEY registry:2

Follow: https://docs.docker.com/registry/insecure/ to make docker work with a self assigned cert.

Result as follows:

time="2016-03-09T19:03:05Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.5.3 instance.id=fe73a5f8-5fcc-4c46-8488-7f1edba79266 version=v2.3.1
time="2016-03-09T19:03:05Z" level=info msg="redis not configured" go.version=go1.5.3 instance.id=fe73a5f8-5fcc-4c46-8488-7f1edba79266 version=v2.3.1
time="2016-03-09T19:03:05Z" level=info msg="Starting upload purge in 50m0s" go.version=go1.5.3 instance.id=fe73a5f8-5fcc-4c46-8488-7f1edba79266 version=v2.3.1
time="2016-03-09T19:03:05Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.5.3 instance.id=fe73a5f8-5fcc-4c46-8488-7f1edba79266 version=v2.3.1
time="2016-03-09T19:03:05Z" level=info msg="listening on [::]:5000, tls" go.version=go1.5.3 instance.id=fe73a5f8-5fcc-4c46-8488-7f1edba79266 version=v2.3.1
2016/03/09 19:03:33 http: TLS handshake error from xx.xx.xx.xx:53010: EOF
2016/03/09 19:03:43 http: TLS handshake error from xx.xx.xx.xx:53011: EOF
2016/03/09 19:04:00 http: TLS handshake error from xx.xx.xx.xx:53325: tls: first record does not look like a TLS handshake
2016/03/09 19:04:06 http: TLS handshake error from xx.xx.xx.xx:53327: tls: first record does not look like a TLS handshake
2016/03/09 19:04:09 http: TLS handshake error from xx.xx.xx.xx:53326: tls: first record does not look like a TLS handshake
2016/03/09 19:04:13 http: TLS handshake error from xx.xx.xx.xx:53328: tls: first record does not look like a TLS handshake
2016/03/09 19:04:24 http: TLS handshake error from xx.xx.xx.xx:53329: EOF
2016/03/09 19:04:35 http: TLS handshake error from xx.xx.xx.xx:53333: EOF
2016/03/09 19:04:35 http: TLS handshake error from xx.xx.xx.xx:53334: EOF

Lines that don't report the error are where I try connecting via a web browser.
I expected to be able to log in to the registry with

docker login myserver:5000

but it hangs after entering credentials, docker logs report the above

System info:
docker version
Client:
Version: 1.9.1
API version: 1.21
Go version: go1.4.2
Git commit: a34a1d5
Built: Fri Nov 20 13:12:04 UTC 2015
OS/Arch: linux/amd64

Server:
Version: 1.9.1
API version: 1.21
Go version: go1.4.2
Git commit: a34a1d5
Built: Fri Nov 20 13:12:04 UTC 2015
OS/Arch: linux/amd64

docker info
Containers: 34
Images: 230
Server Version: 1.9.1
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 298
Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 3.19.0-25-generic
Operating System: Ubuntu 14.04.3 LTS
CPUs: 4
Total Memory: 3.665 GiB
Name: coheatServer002
ID: 6OJI:T4AJ:TYV3:UC7E:SKW5:5V4V:74YJ:IY3H:4Q7I:T4EB:3SJL:NVIQ
WARNING: No swap limit support

uname -a
Linux coheatServer002 3.19.0-25-generic #26~14.04.1-Ubuntu SMP Fri Jul 24 21:16:20 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

brynmathias picture brynmathias on 9 Mar 2016

I have the same problem , anyone can help?

ghost picture ghost on 6 Apr 2017
👍16
Was this page helpful?
0 / 5 - 0 ratings

Related issues

karellm picture karellm  路  3Comments
cefn picture cefn  路  3Comments
ailjushkin picture ailjushkin  路  3Comments
nisanharamati picture nisanharamati  路  3Comments
gndgnd picture gndgnd  路  3Comments