0

I am running a docker registry service in a locally-hosted docker-machine VM in a docker 1.13 swarm on OSX via:

docker service create --name registry --with-registry-auth --publish
5000:5000 registry:2

The service is running and I can push/pull images on a swarm manager however when I try to push images to the service from the machine hosting the swarm VM using port 5000:

Get https://<IP of swarm manager>:5000/v1/_ping: http: server gave HTTP response to HTTPS client

Does anyone know how to securely access a docker registry service from outside the swarm? Possibly a FAQ, but I haven't found an article addressing it on the docker site. They all seem to deal with container TLS settings or accessing the server from within the swarm (which is rather nice).

thanks!

James Fremen
  • 2,170
  • 2
  • 20
  • 29

1 Answers1

1

The documentation on securing the registry socket deal with TLS settings because that's exactly what you need to configure. The registry documentation discusses this at a high level. The same steps to create a TLS CA, key, and certificate for the docker socket can be used for the registry socket and are documented on docker's site.

Note that if you generate your own certificates from your own CA, you'll need to trust your CA. There are various ways to do this just for docker, but the easier (and possibly less secure) solution is to add it to the list of root CA's on your host. This procedure varies per linux distribution.

BMitch
  • 231,797
  • 42
  • 475
  • 450
  • Mitch looks like he might have a British accent btw :). – James Fremen Jan 30 '17 at 02:13
  • One of the posts in the Docker Forums seems to be along the same lines: https://forums.docker.com/t/how-can-i-push-to-a-1-13-registry-service-from-outside-swarm/27722/3 – James Fremen Feb 01 '17 at 06:23
  • If you're still having trouble, please update your question to include the steps you've taken that you believe should work. – BMitch Feb 01 '17 at 10:42