Adding/setting insecure-registry to docker machine afterwards

Running docker on non-Linux based environment became very convenient and easy with docker-machine which is the successor of docker-boot.

Basically, docker-machine allows you to manage multiple virtual machines running Linux to host your docker installation and then allows you to run your containers.
More than a fantastic tool for OSX and Windows, it is also a very clever and practical way to develop multiple container images or several applications (for different project for examples) using containers.

If you want your docker-machine to use an your own in-house registry or any other, it is not a big issue, until the registry uses HTTPS, and in most of the cases you will get the following error:

docker tag -f my-app/my-app-server:v1.0.14-25-gfefb196 dockerhub.rnd.mycompany.net:5000/my-app/my-app-server:v1.0.14-25-gfefb196
docker push dockerhub.rnd.mycompany.net:5000/my-app/my-app-server:v1.0.14-25-gfefb196
The push refers to a repository [dockerhub.rnd.mycompany.net:5000/my-app/my-app-server] (len: 1)
unable to ping registry endpoint https://dockerhub.rnd.mycompany.net:5000/v0/
v2 ping attempt failed with error: Get https://dockerhub.rnd.mycompany.net:5000/v2/: x509: certificate signed by unknown authority
 v1 ping attempt failed
 with error: Get https://dockerhub.rnd.mycompany.net:5000/v1/_ping: x509: certificate signed by unknown authority

For this case, docker-machine has a fantastic option which is available on creation of a machine:

docker-machine create --driver virtualbox --engine-insecure-registry myregistry:5000 mycompany

But, suppose that you want to add another registry once your docker-machine is created: Unfortunately, I can’t find an option yet to edit the existing configuration of a VM.
You will have to edit your configuration file which is located on your host system (your OSX or Windows home) and add it manually:

vim  ~/.docker/machine/machines/mycompany/config.json

Then, you’ll have to edit the config.json file and locate the array named:InsecureRegistry and simply append an element on it.
It should looks like this:

{
  "ConfigVersion": 1,
 // Truncated for readability 
  "DriverName": "virtualbox",
  "HostOptions": {
    "Driver": "",
    "Memory": 0,
    "Disk": 0,
    "EngineOptions": {
      "ArbitraryFlags": [],
      "Dns": null,
      "GraphDir": "",
      "Env": [],
      "Ipv6": false,
      "InsecureRegistry": [
        "dockerhub.rnd.mycompany.net:5002",
        "dockerhub.rnd.mycompany.net:5000",
        "dockerhub.rnd.mycompany.net:5001"
      ],
      // Truncated for readability 
  },
  "StorePath": "/Users/Akram/.docker/machine/machines/mycompany"
}

7 thoughts on “Adding/setting insecure-registry to docker machine afterwards

  1. It doesn’t work for me (at least with docker 1.9.1). The issue is that docker-machine places ‘–insecure-registry’ option into ‘/var/lib/boot2docker/profile’ file which is never updated after machine created.

  2. Thanks! It is a very useful post. I had a confusion that adding an insecure registry is not possible after a docker-machine is created and one has to create a new one.

  3. It didnt’ work for me with the following version
    docker version:
    Client:
    Version: 1.10.3
    API version: 1.22
    I stopped the docker-machine and started again but the change in the configuration seemed not to have any effect. (I changed one letter to lower case in the insecureRegistry host name)

  4. It doesn’t work for me either:
    “`
    ○ → docker version
    Client:
    Version: 1.10.2
    API version: 1.22
    Version: 1.10.2
    “`

    Restartet the machine. When I look at the config.json it the registry is added. When I look at the PS I don’t see the flag.

  5. Doesn’t work. Read on for the fix..

    Here’s what I tried:
    If I create a fresh docker-machine with something like this:
    docker-machine create –driver virtualbox –engine-insecure-registry some.reg.com my-machine
    .. the new machine works with the insecure registry. I diffed the config.json from the existing machine I changed and the new “my-machine” which was set up from the start, and the InsecureRegistry section is the exact same.

    So, something must be cached somewhere else… and it was!

    Log directly into the docker-machine vm with this command: docker-machine ssh
    Edit /var/lib/boot2docker/profile; you’ll have to edit as root.

    Add –insecure-registry some.reg.com in the EXTRA_ARGS section.
    Logout and restart your docker-machine. Now you can login and push to your insecure registry.

Leave a Reply

Your email address will not be published. Required fields are marked *