We have a private docker registry at work (based on portus, but whatever) and I try to push an image to this registry but it doesn't work. It fails with the following error message:
$ sudo docker login archive.docker-registry.mycompany.com Username: mylogin Password: Error response from daemon: Get https://archive.docker-registry.mycompany.com/v1/users/: net/http: TLS handshake timeout $
I already configured the proxy in /etc/systemd/system/docker.service.d/http-proxy.conf (my docker is on centos 7):
[Service] Environment="HTTP_PROXY=http://proxy.mycompany.com:8000/" "NO_PROXY=localhost,127.0.0.1,archive.docker-registry.mycompany.com"
but it still fails.
I tried to use HTTPS_PROXY instead of HTTP_PROXY using either http or https in url, I tried to download certificate manually and configure them in system (update-ca-certs) but it keeps failing.
When I changed this configuration file, as root, I executed:
# systemctl daemon-reload # systemctl restart dockerAnswer1:
actually, I found that if I comment out the full Environment line it works for the private registry but not for docker hub anymore (of course, no more proxy). And here is the final solution that works for both private registry and docker hub public registry:
In the NO_PROXY environment variable, only the domain name should be used, not the FQDN (including "archive." hostname prefix):
Here is my config file now:
[Service] Environment="HTTP_PROXY=http://proxy.mycompany.com:8000/" "NO_PROXY=localhost,127.0.0.1,docker-registry.mycompany.com"
Note that there is no more "archive." nor "portus." prefix in NO_PROXY anymore, just the domain name starting from "docker-registry".
As I saw the docker login command line including "archive." prefix, it was misleading and I thought it had to be in the NO_PROXY environment variable... but no, it should not.
Hope it helps someone. I wish I found the answer on google before, but I didn't so I'm just posting it here, it might help someone.Answer2:
If you are using a private registry, you need to place the certificate for that under /etc/docker/certs.d/<strong><em>registryname</em></strong>/ca.crt
<strong>registryname</strong> will change accordingly
Also, please change your <strong>MTU</strong> size to 1300, this was also one thing I did to resolve the error. Registry one I believe you might have already done. Command for MTU change
ip link set dev eth0 mtu 1300
MTU size is important to checkAnswer3:
The latest stable version I installed (18.xx) had this issue and after downgrading to 17.12.0-ce, it works fine for me.