Quick Fix: Docker requires HTTPS, not HTTP. To use an HTTP repository, add it to the insecure-registries
list in the Docker daemon configuration file. Restart the Docker daemon afterwards.
The Problem:
A user is facing issues while trying to connect HTTPS client docker pull with a HTTP response server. The user has tried using Docker toolbox for windows and followed the documentation to set up a private docker registry. However, when pulling an image from a private registry, the user encounters an error stating ‘Error response from daemon: Get https://192.168.99.100:5000/v2/: http: server gave HTTP response to HTTPS client.’ The issue seems to be related to the client configuration as it works perfectly on Mac. The user’s docker info shows that the default registry URL is set to HTTPS. What modifications need to be made in the client configuration to rectify this error?
The Solutions:
Solution 1: Set up Docker Daemon Correctly
To fix the issue of “Docker repository server gave HTTP response to HTTPS client” on Windows or Linux, it’s necessary to correctly configure the Docker Daemon. Here’s how you can do it:
-
Docker Daemon Configuration:
a. Locate the Docker Daemon’s configuration file:
– For Windows:C:\ProgramData\Docker\config\daemon.json
– For Linux:/etc/docker/daemon.json
-
Add Insecure Registry:
a. Open thedaemon.json
file.
b. Look for the "insecure-registries" key. If it exists, add this line inside the array:
"192.168.99.100:5000"
c. If the key doesn’t exist, create it as follows:
"insecure-registries": ["192.168.99.100:5000"]
-
Save and Restart Docker Daemon:
a. Save the changes to thedaemon.json
file.
b. Restart the Docker Daemon using the appropriate command:
– For Windows:Restart-Service dockerd
– For Linux:sudo systemctl restart docker
After completing these steps, the Docker Daemon will accept HTTP responses from the HTTPS client, allowing you to pull images from your private registry.
Solution 2: Creating /etc/docker/daemon.json file
On CentOS 7.2.1511, create a new file /etc/docker/daemon.json with the following contents:
{ "insecure-registries":["host:port"] }
Replace host with the hostname of the server hosting your docker registry and port with the port where the docker registry is available. Restart the docker daemon using the following command:
sudo service docker restart
Solution 3: Modify Docker Engine Settings
If you are using Windows, follow these steps to modify the Docker Engine settings and allow insecure registries:
-
Right-click on the Docker Desktop icon in the startup menu and select Settings.
-
Select the Docker Engine tab and look for the Insecure Registries field.
-
In the Insecure Registries field, add the IP address and port of your private Docker registry. For example, if your registry is running on 192.168.99.1:5000, you would add the following entry:
"insecure-registries": ["192.168.99.1:5000"],
-
Click Apply & Restart.
-
After Docker restarts, open a command console and run the following command to verify that the modification was applied:
docker system info
- Check that your private registry’s IP address and port are listed in the Insecure Registries section.
Solution 4: Create /etc/default/docker file and update docker options
When adding the "insecure-registries":["host:port"]
line to /etc/docker/daemon.json
, it didn’t work. Additionally, when restarting docker with sudo systemctl restart docker
, it showed an error about trying to restart the service too quickly. To fix these problems:
- Create a new file called
/etc/default/docker
. - Add the following line to the file:
DOCKER_OPTS="--config-file=/etc/docker/daemon.json"
. - Stop the docker daemon using
sudo systemctl stop docker
. - Restart the docker daemon using
sudo systemctl start docker
.
The above steps allow the insecure-registries
setting to take effect and properly configure docker. Here are some important points to consider:
- Specify the IP address of your Docker registry when using
["host:port"]
instead of the hostname. A DNS or hosts file setup is not necessary in this case. - If restarting docker with
sudo systemctl restart docker
doesn’t work, the manual restart process (stopping and then starting the service) is necessary. - The requirement for the
/etc/default/docker
file may vary depending on the Docker version and configuration. Always refer to the current documentation to ensure you have the most up-to-date information.
Solution 5: Disable Buildkit/Configure URL as HTTP
If buildkit is enabled (in newer versions it seems to be enabled by default) and adding the insecure-registries didn’t fix it, you may need to either disable buildkit, or add the http:// to the hostnames in insecure-registries.
Disable Buildkit via environment variable:
DOCKER_BUILDKIT=0 docker build -t image_name .
Disable via docker daemon configuration file:
- On Docker Desktop go to Settings > Docker Engine
** Be very careful of typos and missing commas as breaking this file will prevent docker desktop starting up. **
{
...
"features": {
"buildkit": false << SET THIS TO FALSE
},
"insecure-registries": [
"hostname:18443",
"hostname:8083"
],
...
}
Configure URL as HTTP:
{
...
"features": {
"buildkit": true
},
"insecure-registries": [
"http://hostname:18443",
"http://hostname:8083"
],
...
}