Not able to login in docker private repositry

3
votes

I configured insecure registry by self singed certificate.After providing user name and password , getting error message as " Error response from daemon: Get https://ip address:5000/v1/users/: x509: certificate signed by unknown authority".

2
dockerdocker-registry
Did you also add the certificate to the daemon? See here for details: docs.docker.com/docker-trusted-registry/configure/… - Henry
Yes, we added certificate to daemon. - Vaibhav Kumar

2 Answers

3
votes

Execute following steps to docker registry with private certificates:

  1. Generate private SSL Certificate with following command. This will create certs folder with two file domain.crt, domain.key 
    openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key  -x509 -days 365 -out certs/domain.crt
  2. Start docker registry with following command: 
    docker run -d -p 5000:5000 --restart=always --name registry \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2

  3. On another machine where you want to pull the images, copy 

    certs/domain.crt
    file to 
    /etc/docker/certs.d/<<DockerRegistryServerHostname>>:<<DockerRegistryPort>>/ca.crt
    Make sure the name of certificate file is ca.crt (not domain.crt).

    For example, if docker registry IP address is docker.registry and port is 5000 then folder name will be

    /etc/docker/certs.d/docker.registry:5000/

  4. Now run docker pull command. You should not face any issue.

0
votes

For CentOS7

nano /etc/pki/tls/openssl.cnf

and add

subjectAltName = IP:10.0.1.111

to Your [ v3_ca ] section

where IP is DockerRepositoryIP machine, then generate SSL key's again and send ca.crt to remote host that push image to repo..