How to create a presonal registry and allow to push by github actions.

[jeffrey-lunaon]

I created a docer registry but have no https certificate, and I don't known how to push automatic by github actions.

I can push image locally if I configer in /etc/docker/daemon.json

{
    "insecure-registries": [
        "xxxx:5000"
    ]
}

But I don't know how to push it when I use the Github Actions, I tried to edit the /etc/docker/daemon.json at the workflows, but It told me Permission denied.

Push image directly:

[jeffrey-lunaon]

Update:
I tried to create a free https certificate by acmesh.sh and access it successed on the chrome, but when I push the image, it told me http: server gave HTTP response to HTTPS client

[jeffrey-lunaon]

I'm already solved this problem, I can't use nginx proxy_pass the https to registry, it's not stable and I got some error.

[robbyawaldi]

i have same problem, how to solve it?

[andylamax]

how is this solved?

[michelkok]

To anyone coming back to this much later like I did.
It can be solved using #551.
Specifically make sure to configure Docker Buildx like so:

name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        with:
          config-inline: |
            [registry."custom-repo.net"]
              http = true
              insecure = true

[tonydawhale]

@michelkok

To anyone coming back to this much later like I did. It can be solved using #551. Specifically make sure to configure Docker Buildx like so:

name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        with:
          config-inline: |
            [registry."custom-repo.net"]
              http = true
              insecure = true

I tried using this strategy, but I had a problem once I reached the login step. Below is my workflow... Any thoughts?

  docker:
    name: deploy image to docker registry
    runs-on: ubuntu-latest
    if: |
      github.event_name != 'pull_request'
    needs: [yarn, eslint, prettier, typescript]
    steps:
      - uses: actions/checkout@v3

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          config-inline: |
            [registry."${{ secrets.DOCKER_REGISTRY_DOMAIN }}"]
              http = true
              insecure = true

      - name: Login to Docker
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.DOCKER_REGISTRY_DOMAIN }}
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Build and push to Docker Registry
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ secrets.DOCKER_REGISTRY_DOMAIN }}/sbm-v3:latest

[michelkok]

I'm using it in a similar way except my registry does not require a login (and I use v2 of the repo's, but I doubt that's really anything). Are you sure your credentials are right?

[tonydawhale]

Yes, when I log in via the CLI with the registry URL in the insecure-registries section of the docker engine settings tab in Docker Desktop, I can log in with my creds with no problem. Without putting the registry URL in that config, I encounter the same exact error when trying to log in. It seems as if the config isn't being passed along or something.

❯ docker login my-domain
Username: my-user
Password:
Error response from daemon: Get "https://my-domain/v2/": http: server gave HTTP response to HTTPS client

Also, if your registry does not require a login, then how do you keep it secure?

[michelkok]

Okay, sorry, then I don't know but I doubt it's the config as for me (and I suppose for someone else liking my post) that usually the config should be passed.
I keep it relatively safe by keeping it in an internal network, but definitely will add credentials at some point. There has not really been a need up to now.

[PhoenixNazarov]

I was unable to do this using the suggested solution docker/setup-buildx-action@v3. I did this using the usual docker commands. Perhaps truncate is too much here.

    - name: Insecure Docker Repository
      run: |
        sudo truncate -s-2 /etc/docker/daemon.json
        echo ", \"insecure-registries\": [\"${{ vars.DOCKER_HOST }}\"]}" | sudo tee -a /etc/docker/daemon.json
        sudo systemctl restart docker
    - name: Docker Auth
      run: docker login ${{ vars.DOCKER_HOST }} --username=${{ vars.DOCKER_USERNAME }} --password=${{ secrets.DOCKER_PASSWORD }}

[onursedef]

I was unable to do this using the suggested solution docker/setup-buildx-action@v3. I did this using the usual docker commands. Perhaps truncate is too much here.

    - name: Insecure Docker Repository
      run: |
        sudo truncate -s-2 /etc/docker/daemon.json
        echo ", \"insecure-registries\": [\"${{ vars.DOCKER_HOST }}\"]}" | sudo tee -a /etc/docker/daemon.json
        sudo systemctl restart docker
    - name: Docker Auth
      run: docker login ${{ vars.DOCKER_HOST }} --username=${{ vars.DOCKER_USERNAME }} --password=${{ secrets.DOCKER_PASSWORD }}

This was a perfect solution for me. Thanks for the work!

[tonydawhale]

I was unable to do this using the suggested solution docker/setup-buildx-action@v3. I did this using the usual docker commands. Perhaps truncate is too much here.

    - name: Insecure Docker Repository
      run: |
        sudo truncate -s-2 /etc/docker/daemon.json
        echo ", \"insecure-registries\": [\"${{ vars.DOCKER_HOST }}\"]}" | sudo tee -a /etc/docker/daemon.json
        sudo systemctl restart docker
    - name: Docker Auth
      run: docker login ${{ vars.DOCKER_HOST }} --username=${{ vars.DOCKER_USERNAME }} --password=${{ secrets.DOCKER_PASSWORD }}

@PhoenixNazarov Were you still able to push to that registry? I am encountering a new, yet similar issue in my build-push action:

Error: buildx failed with: ERROR: failed to solve: failed to push ***/***-v3:latest: failed to do request: Head "https://***/v2/***-v3/blobs/sha256:2ac50195915c3fbb68a8083db890ef3a0bc6c4f2b9917961f7bcb24fa41ee707": http: server gave HTTP response to HTTPS client

[andream7]

• name: Docker Auth
  run: docker login ${{ vars.DOCKER_HOST }} --username=${{ vars.DOCKER_USERNAME }} --password=${{ secrets.DOCKER_PASSWORD }}

I've encountered the same issue as well.

[stevenlafl]

To anyone coming back to this much later like I did. It can be solved using #551. Specifically make sure to configure Docker Buildx like so:

name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        with:
          config-inline: |
            [registry."custom-repo.net"]
              http = true
              insecure = true

Thanks. This works. It tripped me up at first, because of the [registry.. If your registry is accessible at registry.domain.com, and you push to registry.domain.com, you still need [registry."registry.domain.com"] - it looks weird, but it isn't like other docker configuration where you -would- do it this way: ["registry.domain.com"], like your local docker engine config.

Essentially, to make it clear, comparing the above to this:

name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
  config-inline: |
    [registry."registry.domain.com"]
      http = true
      insecure = true