As described here How to setup docker private registry on ubuntu 16.04,
I changed /etc/hosts like this:
192.168.1.154 registry-server
192.168.1.90 registry-client
Then I pulled the registry image:
docker pull registry
Then I made certificate files
mkdir /etc/certs
cd /etc/certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
I copied the ca.crt to these pathes in client host:
/etc/certs/
/etc/docker/certs.d/registry-server:5000/
Then I ran the container on the server host:
docker run -d -p 5000:5000 --restart=always --name registry -v /etc/certs:/etc/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/certs/ca.crt -e REGISTRY_HTTP_TLS_KEY=/etc/certs/ca.key registry
I tagged the image
docker tag phpmyadmin/phpmyadmin:latest registry-server:5000/pma-test
But when I want to push the image registry-server:5000/pma-test to the server:
docker push registry-server:5000/pma-test:latest
The following error occurs:
Error response from daemon: open /etc/docker/certs.d/registry-server:5000: permission denied
======================================
Update:
I ran journalctl -xe, and found these errors:
Sep 30 13:58:37 docker.dockerd[926]: time="2019-09-30T13:58:37.229097561Z" level=debug msg="Calling GET /_ping"
Sep 30 13:58:37 docker.dockerd[926]: time="2019-09-30T13:58:37.238248010Z" level=debug msg="Calling POST /v1.38/images/registry-server:5000/pma-test/push?tag="
Sep 30 13:58:37 docker.dockerd[926]: time="2019-09-30T13:58:37.238670117Z" level=debug msg="hostDir: /etc/docker/certs.d/registry-server:5000"
Sep 30 13:58:37 docker.dockerd[926]: time="2019-09-30T13:58:37.238797277Z" level=debug msg="FIXME: Got an API for which error does not match any expected type!!!: open /etc/docker/certs.d/registry-server:5000: permission denied" error_type="*os.PathError" module=api
Sep 30 13:58:37 docker.dockerd[926]: time="2019-09-30T13:58:37.238831133Z" level=error msg="Handler for POST /v1.38/images/registry-server:5000/pma-test/push returned error: open /etc/docker/certs.d/registry-server:5000: permission denied"
Sep 30 13:58:37 docker.dockerd[926]: time="2019-09-30T13:58:37.238861895Z" level=debug msg="FIXME: Got an API for which error does not match any expected type!!!: open /etc/docker/certs.d/registry-server:5000: permission denied" error_type="*os.PathError" module=api
Sep 30 13:58:37 audit[926]: AVC apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/etc/docker/certs.d/registry-server:5000/" pid=926 comm="dockerd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Sep 30 13:58:37 kernel: audit: type=1400 audit(1569851917.234:53): apparmor="DENIED" operation="open" profile="snap.docker.dockerd" name="/etc/docker/certs.d/registry-server:5000/" pid=926 comm="dockerd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Why did this error happen?
Docker version 19.03.2, build 6a30dfc
docker-compose version 1.24.0, build 0aa59064
Server and client host: Ubuntu 18.04
Dockerafter setting up the Cert – LinPy