Docker repository server gave HTTP response to HTTPS client – Docker

Photo of author
Written By M Ibrahim
boot2docker docker-for-windows docker-toolbox

Quick Fix: Docker requires HTTPS, not HTTP. To use an HTTP repository, add it to the insecure-registries list in the Docker daemon configuration file. Restart the Docker daemon afterwards.

The Problem:

A user is facing issues while trying to connect HTTPS client docker pull with a HTTP response server. The user has tried using Docker toolbox for windows and followed the documentation to set up a private docker registry. However, when pulling an image from a private registry, the user encounters an error stating ‘Error response from daemon: Get https://192.168.99.100:5000/v2/: http: server gave HTTP response to HTTPS client.’ The issue seems to be related to the client configuration as it works perfectly on Mac. The user’s docker info shows that the default registry URL is set to HTTPS. What modifications need to be made in the client configuration to rectify this error?

The Solutions:

Solution 1: Set up Docker Daemon Correctly

To fix the issue of “Docker repository server gave HTTP response to HTTPS client” on Windows or Linux, it’s necessary to correctly configure the Docker Daemon. Here’s how you can do it:

  1. Docker Daemon Configuration:
        a. Locate the Docker Daemon’s configuration file:
           – For Windows: C:\ProgramData\Docker\config\daemon.json
           – For Linux: /etc/docker/daemon.json

  2. Add Insecure Registry:
        a. Open the daemon.json file.
        b. Look for the "insecure-registries" key. If it exists, add this line inside the array:
           "192.168.99.100:5000"
        c. If the key doesn’t exist, create it as follows:
           "insecure-registries": ["192.168.99.100:5000"]

  3. Save and Restart Docker Daemon:
        a. Save the changes to the daemon.json file.
        b. Restart the Docker Daemon using the appropriate command:
           – For Windows: Restart-Service dockerd
           – For Linux: sudo systemctl restart docker

After completing these steps, the Docker Daemon will accept HTTP responses from the HTTPS client, allowing you to pull images from your private registry.

Solution 2: Creating /etc/docker/daemon.json file

On CentOS 7.2.1511, create a new file /etc/docker/daemon.json with the following contents:

{ "insecure-registries":["host:port"] }

Replace host with the hostname of the server hosting your docker registry and port with the port where the docker registry is available. Restart the docker daemon using the following command:

sudo service docker restart

Solution 3: Modify Docker Engine Settings

If you are using Windows, follow these steps to modify the Docker Engine settings and allow insecure registries:

  1. Right-click on the Docker Desktop icon in the startup menu and select Settings.

  2. Select the Docker Engine tab and look for the Insecure Registries field.

  3. In the Insecure Registries field, add the IP address and port of your private Docker registry. For example, if your registry is running on 192.168.99.1:5000, you would add the following entry:

"insecure-registries": ["192.168.99.1:5000"],

  1. Click Apply & Restart.

  2. After Docker restarts, open a command console and run the following command to verify that the modification was applied:

docker system info
  1. Check that your private registry’s IP address and port are listed in the Insecure Registries section.

Solution 4: Create /etc/default/docker file and update docker options

When adding the "insecure-registries":["host:port"] line to /etc/docker/daemon.json, it didn’t work. Additionally, when restarting docker with sudo systemctl restart docker, it showed an error about trying to restart the service too quickly. To fix these problems:

  1. Create a new file called /etc/default/docker.
  2. Add the following line to the file: DOCKER_OPTS="--config-file=/etc/docker/daemon.json".
  3. Stop the docker daemon using sudo systemctl stop docker.
  4. Restart the docker daemon using sudo systemctl start docker.

The above steps allow the insecure-registries setting to take effect and properly configure docker. Here are some important points to consider:

  1. Specify the IP address of your Docker registry when using ["host:port"] instead of the hostname. A DNS or hosts file setup is not necessary in this case.
  2. If restarting docker with sudo systemctl restart docker doesn’t work, the manual restart process (stopping and then starting the service) is necessary.
  3. The requirement for the /etc/default/docker file may vary depending on the Docker version and configuration. Always refer to the current documentation to ensure you have the most up-to-date information.

Solution 5: Disable Buildkit/Configure URL as HTTP

If buildkit is enabled (in newer versions it seems to be enabled by default) and adding the insecure-registries didn’t fix it, you may need to either disable buildkit, or add the http:// to the hostnames in insecure-registries.

Disable Buildkit via environment variable:
DOCKER_BUILDKIT=0 docker build -t image_name .
Disable via docker daemon configuration file:
  • On Docker Desktop go to Settings > Docker Engine

** Be very careful of typos and missing commas as breaking this file will prevent docker desktop starting up. **

{
  ...
  "features": {
    "buildkit": false << SET THIS TO FALSE
  },
  "insecure-registries": [
    "hostname:18443",
    "hostname:8083"
  ],
  ...
}
Configure URL as HTTP:
{
  ...
  "features": {
    "buildkit": true
  },
  "insecure-registries": [
    "http://hostname:18443",
    "http://hostname:8083"
  ],
  ...
}
Documentation of the known issue:

https://github.com/docker/docker.github.io/blob/62adddbb6b1f8d861c72f6ade2c50977fd57f481/registry/insecure.md#known-issue-on-buildkit

Moment.js transform to date object – Javascript

How can I use window.scrollby with react? – Css

© 2024 deycode.com

About Contact Terms Privacy Policy