1

I created a Self-signed certificate (with IP address - SAN) for Docker Private Registry and successfully access https://[IPADDRESS]/v2/_catalog but can't access it over the HTTP connection. It says ERR_INVALID_HTTP_RESPONSE and docker logs show :

http: TLS handshake error from 192.168.1.7:58316: tls: first record does not look like a TLS handshake

I follow this instructions for self-signed IP certificate: https://nodeployfriday.com/posts/self-signed-cert/ :

[req]
default_bits = 4096
default_md = sha256
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = VA
L = SomeCity
O = MyCompany
OU = MyDivision
CN = 192.168.13.10
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
IP.1 = 192.168.1.7

I saved a conf file and run generate command:

openssl req -new -nodes -x509 -days 365 -keyout domain.key -out domain.crt -config <path/to/req/file/from/above>

then created domain.crt and domain.key, then started container:

docker run -d -p 5000:5000 --restart=always --name registry \
-v /home/dataserver/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry

How can I access it over HTTP? The registry only work with HTTPS :/ Thanks now

Noam Yizraeli
  • 4,446
  • 18
  • 35
İsmet
  • 95
  • 3
  • 12
  • Does this answer your question? [docker: "first record does not look like a TLS handshake" error when pull image](https://stackoverflow.com/questions/61907287/docker-first-record-does-not-look-like-a-tls-handshake-error-when-pull-image) – Noam Yizraeli Oct 16 '21 at 12:56
  • @NoamYizraeli thanks for the reply. I tried it but didn't solve my problem. I am not behind a proxy server. – İsmet Oct 16 '21 at 14:06
  • Did you try setting the repo as insecure in docker's daemon.json? – Noam Yizraeli Oct 16 '21 at 16:17
  • yes, I can use registry via insecure connection but want not this. Because I need secure connection but I should also be able to use the insecure channel. So both HTTP and HTTPS connection – İsmet Oct 16 '21 at 19:33
  • can you provide any reference to this method\configuration? – Noam Yizraeli Oct 16 '21 at 19:56
  • I didn't find any document or topic. I guess I can't access HTTP or HTTPS at the same time :( – İsmet Oct 16 '21 at 21:21
  • 1
    you can, just not from the same host I'm afraid, at least as far as I know – Noam Yizraeli Oct 16 '21 at 21:37

0 Answers0