Skip to content

The configuration of "insecure-registries" in daemon.json does not take effect. #5931

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bububear opened this issue Mar 14, 2025 · 0 comments
Open

The configuration of "insecure-registries" in daemon.json does not take effect. #5931

bububear opened this issue Mar 14, 2025 · 0 comments
Labels
kind/bug status/0-triage

Comments

@bububear
Copy link

Description

I configured insecure-registries in /etc/docker/daemon.json, then executed systemctl daemon-reload and systemctl restart docker. On another server that can communicate with this one, when I use the command docker login 192.168.8.197, it returns an error:
docker login 192.168.8.197 Username: bububear Password: Error response from daemon: Get "https://192.168.8.197/v2/": dial tcp 192.168.8.197:443: connect: connection refused

Reproduce

docker login http://192.168.8.197
Username: bububear
Password:
Error response from daemon: Get "https://192.168.8.197/v2/": dial tcp 192.168.8.197:443: connect: connection refused

Expected behavior

When insecure-registries is correctly configured, it supports accessing the registry via HTTP.

docker version

Client: Docker Engine - Community
 Version:           28.0.1
 API version:       1.48
 Go version:        go1.23.6
 Git commit:        068a01e
 Built:             Wed Feb 26 10:41:12 2025
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          28.0.1
  API version:      1.48 (minimum version 1.24)
  Go version:       go1.23.6
  Git commit:       bbd0a17
  Built:            Wed Feb 26 10:41:12 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.25
  GitCommit:        bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
 runc:
  Version:          1.2.4
  GitCommit:        v1.2.4-0-g6c52b3f
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client: Docker Engine - Community
 Version:    28.0.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.21.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.33.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 12
  Running: 9
  Paused: 0
  Stopped: 3
 Images: 28
 Server Version: 28.0.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
 runc version: v1.2.4-0-g6c52b3f
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.8.0-55-generic
 Operating System: Ubuntu 24.04.2 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.39GiB
 Name: sunshine
 ID: 505a143d-141b-4591-9985-6a3fcffdeaee
 Docker Root Dir: /var/lib/docker
 Debug Mode: true
  File Descriptors: 107
  Goroutines: 117
  System Time: 2025-03-14T18:01:32.172392303+08:00
  EventsListeners: 0
 HTTP Proxy: http://127.0.0.1:7890
 HTTPS Proxy: http://127.0.0.1:7890
 No Proxy: localhost,127.0.0.1,::1,registry.cluster.local
 Experimental: false
 Insecure Registries:
  192.168.8.197:80
  ::1/128
  127.0.0.0/8
 Registry Mirrors:
  https://docker.registry.cyou/
  https://docker-cf.registry.cyou/
  http://192.168.8.197/
  https://dockercf.jsdelivr.fyi/
  https://docker.jsdelivr.fyi/
  https://dockertest.jsdelivr.fyi/
  https://mirror.aliyuncs.com/
  https://dockerproxy.com/
  https://mirror.baidubce.com/
  https://docker.m.daocloud.io/
  https://docker.nju.edu.cn/
  https://docker.mirrors.sjtug.sjtu.edu.cn/
  https://docker.mirrors.ustc.edu.cn/
  https://mirror.iscas.ac.cn/
  https://docker.rainbond.cc/
  https://do.nark.eu.org/
  https://dc.j8.work/
  https://gst6rzl9.mirror.aliyuncs.com/
  https://registry.docker-cn.com/
  http://hub-mirror.c.163.com/
  http://mirrors.ustc.edu.cn/
  https://mirrors.tuna.tsinghua.edu.cn/
  http://mirrors.sohu.com/
 Live Restore Enabled: false

[DEPRECATION NOTICE]: API is accessible on http://0.0.0.0:2375 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/go/attack-surface/
In future versions this will be a hard failure preventing the daemon from starting! Learn more at: https://docs.docker.com/go/api-security/

Additional Info

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug status/0-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bububear