7

I'm currently on a development environment, so there aren't certificates everywhere, or they're not compliant (using myrepo.dev.corp.fr where the certificate is *.corp.fr).

I'm trying to docker push on an insecure docker repository, but I'm getting multiple errors:

Get https://repo.dev.corp.fr/v2/: x509: certificate is valid for *.corp.fr, not repo.dev.corp.fr

Or

Get https://anotherrepo.corp.fr/v2/: x509: certificate signed by unknown authority

I'm trying to tell docker that the repository is not secure, to not use TLS or anything, but I can't.

I'm on docker version 18.09.6. I don't have root acces on /etc/ so I can't modify daemon.json or anything under there. And I also can't restart the docker service. However I do have write/read access to ~/.docker/.

What I've tried:

  • Setting another file as conf with docker --config-file mufile.json push etc., but it seems it's not meant to be used that way ( unknown flag: --config-file )

  • Using --inscure-registry repo.dev.corp.fr in my docker cli. I've tried a few things explained on the website ( https://docs.docker.com/engine/reference/commandline/cli/ ). Setting the environment variables as Linux env var doesn't seems to work, does it needs to be set in a file ? For example export DOCKER_CONTENT_TRUST=1 still gets me a "certificate signed by unknown authority". Shouldn't docker stop checking certificate at this point ?

  • here ( Add Insecure Registry to Docker ) they're using DOCKER_EXTRA_REGISTRIES='--insecure-registry b.example.com' but it's in a file under /etc/. So I can't change it.

  • I can make my own certificate and tell docker to use it, but I would need to change it on the repo I'm trying to join right ? And there would still be certificate signed by unknown authority I guess. Also, it seems a little bit complicated for what I'm trying to achieve.

Questions:

With all the stuff I've tried, I might have done a few thing incorrectly, so mayube there's something to retry here ...

  • How does docker uses it's environment variable like DOCKER_TLS : Is it in a file ? Or can I set it myself as an environment variable ? How do I check if docker is using them ?
  • Is there any way to tell docker not to check certificates without modifying any file under /etc/ ?
Improve this question
Related questions
3
How to fix insecure-registry error on clients by updating the docker registry server
2
Docker daemon not starting after adding --insecure-registry option
15
docker --insecure-registry flag not working as expected
Load 7 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.