I've created my own private registry (private-registry) but I'm unable to push images to it. Than I get the following error:
The push refers to a repository [private-registry:5000/ubuntu] (len: 1) unable to ping registry endpoint https://private-registry:5000/v0/ v2 ping attempt failed with error: Get https://private-registry:5000/v2/: net/http: TLS handshake timeout v1 ping attempt failed with error: Get https://private-registry:5000/v1/_ping: net/http: TLS handshake timeout The logs of the running registry are showing the following:
time="2015-12-14T07:59:21Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 time="2015-12-14T07:59:21Z" level=info msg="redis not configured" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 time="2015-12-14T07:59:21Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 time="2015-12-14T07:59:21Z" level=info msg="listening on [::]:5000, tls" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 time="2015-12-14T07:59:21Z" level=info msg="Starting upload purge in 47m0s" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 I'm unable to curl my registry (timeout). This are the steps I performed:
First I've created selfsigned certificates:
mkdir -p certs && openssl req \ -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ -x509 -days 365 -out certs/domain.crt I've created my registry, which will use this certificates:
docker run -d -p 5000:5000 --restart=always --name private-registry \ -v `pwd`/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=certs/domain.key \ registry:2 I gave the right permissions:
chcon -Rt svirt_sandbox_file_t ~certs/ I've created: /etc/docker/etc.d/private-registry:5000/ And I copied my domain.crt in it. I've edited my /etc/hosts and added: 10.0.0.X private-registry (my internal ip and the name of my registry)
I also restarted docker and my registry.
EDIT:
[centos@ ~]$ curl -v private-registry:5000 * About to connect() to private-registry port 5000 (#0) * Trying 10.0.0.xx... * Connected to private-registry (10.0.0.xx) port 5000 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: private-registry:5000 > Accept: */* > * Connection #0 to host private-registry left intact [centos@~]$ curl -v https://private-registry:5000 * About to connect() to private-registry port 5000 (#0) * Trying 10.0.0.xx... * Connected to private-registry (10.0.0.xx) port 5000 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -5990 (PR_IO_TIMEOUT_ERROR) * I/O operation timed out * Closing connection 0 curl: (35) I/O operation timed out