I have a remote Docker registry setup. It has a go-daddy SSL cert installed.
If I curl it I get an 'unknown authority' error:
curl https://example.com:5000/v2/
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
...
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
So I then use the 'insecure' curl:
curl -k https://example.com:5000/v2
and I get
{} //which I guess is because there is nothing in the registry?
to check, I curl a non-existent endpoint:
curl -k https://example.com:5000/moo
404 page not found //which is positive, as it means the -k flag is suppressing the 'unknown authority' correctly
So, now I know that it is possible to connect to the registry by curl I try using Docker client to push an image:
docker push example.com:5000/my-image
The push refers to a repository [example.com:5000/my-image]
unable to ping registry endpoint https://example.com:5000/v0/
v2 ping attempt failed with error: Get https://example.com:5000/v2/: x509: certificate signed by unknown authority
v1 ping attempt failed with error: Get https://example.com:5000/v1/_ping: x509: certificate signed by unknown authority
So I then try to suppress the error by adding 'insecure-registry' to DOCKER_OPTS (as explained here):
DOCKER_OPTS="--insecure-registry example.com:5000"
[restart docker daemon]
And it does not work. I get the same 'unknown authority' warning.
Firstly, why is a certificate from Go Daddy not trusted? I have it setup on an nginx server and it is working fine with the 'green bar' on the browser.
Secondly, how can I get the 'insecure-registry' to work with Docker? Thanks
