Open
Description
Description
Pushing a manifest to a Docker registry that uses a self-signed certificate and is marked as insecure in the Docker daemon does not work. The request being sent always uses HTTP instead of HTTPS.
Steps to reproduce the issue:
- Start a Docker registry using a self-signed certificate. Mine is running at
127.0.0.1:52854. - Use
docker manifest createto create a new manifest - Attempt to push to the registry, e.g.
docker manifest push 127.0.0.1:52854/debian:stretch-slim-latest
Describe the results you received:
$ docker manifest push 127.0.0.1:52854/debian:stretch-slim-latest
failed to put manifest 127.0.0.1:52854/debian:stretch-slim-latest: Put http://127.0.0.1:52854/v2/debian/manifests/stretch-slim-latest: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
Specifying --insecure does not help:
$ docker manifest push --insecure 127.0.0.1:52854/debian:stretch-slim-latest
failed to put manifest 127.0.0.1:52854/debian:stretch-slim-latest: Put http://127.0.0.1:52854/v2/debian/manifests/stretch-slim-latest: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
Describe the results you expected:
The command succeeds.
Additional information you deem important (e.g. issue happens only occasionally):
Output of docker version:
Client: Docker Engine - Community
Version: 18.09.2
API version: 1.39
Go version: go1.10.8
Git commit: 6247962
Built: Sun Feb 10 04:12:39 2019
OS/Arch: darwin/amd64
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 18.09.2
API version: 1.39 (minimum version 1.12)
Go version: go1.10.6
Git commit: 6247962
Built: Sun Feb 10 04:13:06 2019
OS/Arch: linux/amd64
Experimental: false
Output of docker info:
Containers: 2
Running: 1
Paused: 0
Stopped: 1
Images: 20
Server Version: 18.09.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9754871865f7fe2f4e74d43e2fc7ccd237edcbce
runc version: 09c8266bf2fcf9519a651b04ae54c967b9ab86ec
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.9.125-linuxkit
Operating System: Docker for Mac
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.952GiB
Name: linuxkit-025000000001
ID: V77B:IE2R:BLRN:2R6I:6MGE:3AXQ:7ZXS:FKID:NYMZ:6R7H:QBHJ:2WE6
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
HTTP Proxy: gateway.docker.internal:3128
HTTPS Proxy: gateway.docker.internal:3129
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
192.168.178.20:52854
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
Additional environment details (AWS, VirtualBox, physical, etc.):
Docker registry is running in Docker and started from the image registry:2.7.1.