Docker Tip #50: Running an Insecure Docker Registry
Running an insecure registry isn't recommended but sometimes it's the easiest and most reasonable solution. Here's how to do it.
You should attempt to protect your registry with SSL certificates but I get it, the real world happens and sometimes you’re in a pinch to get something to work.
But before we continue, please understand that anyone can sniff your traffic in between your registry and your box(es) if it’s not secured by TLS.
Basic idea for setting it up:
You’ll need to configure both the Docker daemon running your registry and any Docker daemons that plan to interact with that registry by white listing your insecure registry.
On Ubuntu 14.x:
You’ll need to edit the DOCKER_OPTS in your /etc/default/docker file.
For example, you’ll want to make it look similar to this:DOCKER_OPTS="--insecure-registry registry.example.com -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock"
for a registry running on port 80 on example.com.
Then restart Docker with sudo service docker restart.
On Ubuntu 16.x and CentOS:
You’ll need to edit or create /etc/docker/daemon.json and add this to the file:
{
"insecure-registries" : ["registry.example.com"]
}
Then restart Docker with sudo systemctl restart docker.
On Docker for Windows / Mac:
You’ll want to open the settings, goto the daemon tab and then pop in your registry’s URL in the “Insecure registries” text field.
Now you should be able to pull / push to your insecure registry. Good luck and be careful!