allow insecure registry in host provisioned with docker-machine

Question

Is there anyway to configure --allow-insecure-ssl for docker\'s deamon created with docker-machine.

commands:

docker-ma         


        

Answer 1

edit $USER/.docker/machine/machines/default/config.json

    "EngineOptions": {
        "InsecureRegistry": [
            "XXX.XXX.virtual"
        ],
    }

Answer 2

If you are running docker-machine version v0.2 stable, you can't set docker option in light way. But in next version v0.3 this problem was resolved with the creation parameters.

At this moment this feature it's on RC1,then you can use a version v0.3.0-RC-1 or wait for delivery the next stable version v0.3.0(tentatively Jun.16).

Then use parameter --engine-insecure-registry to set --allow-insecure-ssl for docker's daemon, for example:

docker-machine create --driver virtualbox --engine-insecure-registry myregistry:5000 dev

After that you can execute:

docker run myregistry:5000/busybox:latest echo 'hello world'

Additionally you can read about it on project doc.

Answer 3

In case you want to add another registry once your docker-machine has already been created you will have to edit the configuration file: vim ~/.docker/machine/machines/dev/config.json

Explained here: https://akrambenaissi.com/2015/11/17/addingediting-insecure-registry-to-docker-machine-afterwards/

Answer 4

If you want to add insecure registries to a docker-machine that is already created you can update the profile in the running docker VM.

Steps

1. SSH into your local docker VM.
   note: if 'default' is not the name of your docker machine then substitute 'default' with your docker machine name
   $ docker-machine ssh {machineName}

2. Open Docker profile
   $ sudo vi /var/lib/boot2docker/profile

3. Add this line to the bottom of the profile file. If EXTRA_ARGS already exists, add the insecure registry flag to the EXTRA_ARGS. Substitute in the path[s] to your registries.

   EXTRA_ARGS=" --insecure-registry myserver.pathTo.registry1:5000 --insecure-registry myserver.pathTo.registry2:5000 --insecure-registry myserver.pathTo.registry3:5000 "

4. Save the profile changes and 'exit' out of the docker-machine bash back to your machine. Then Restart Docker VM substituting in your docker-machine name
   $ docker-machine restart {machineName}

5. Pull or push something from your registry to ensure it works

My Setup

docker-machine version : 0.6.0, build e27fb87
docker-machine driver : virtualbox

Answer 5

env :

• docker daemon :1.12.3
• docker client :1.12.2
• docker api :1.24
• docker-machine :0.8.2

Before create machine

you can use the args to set one or multi insecure registry and registry mirrors .eg:

one registry

docker-machine create -d virtualbox --engine-insecure-registry hostname:5000  --engine-registry-mirror http://hostname:5000 n1

multi registrys

docker-machine create -d virtualbox --engine-insecure-registry hostname:5000 --engine-insecure-registry hostname:5001  --engine-registry-mirror http://hostname:5000 n1

After create the machine

you can edit the /var/lib/boot2docker/profile to add the registrys and mirrors

docker-machine ssh [machine-name]
vi /var/lib/boot2docker/profile

add the registry and mirrors to the EXTRA_ARGS

EXTRA_ARGS='
--label provider=virtualbox
--insecure-registry hostname:5000
--insecure-registry hostname:5001
--registry-mirror   http://hostname:5000
--registry-mirror   http://hostname:5001

now you need to restart the machine and check it

docker-machine restart [machine-name] 
docker info 

this method doesn`t work after create the machine

edit $USER/.docker/machine/machines/default/config.json

"EngineOptions": {
    "InsecureRegistry": [
        "XXX.XXX.virtual"
    ],
}