I've an issue pushing my docker image to artifactory [Artifactory Pro Power Pack 3.5.2.1 (rev. 30160)] (which is used as a docker registry).
I have docker version:
$ sudo docker version
Client version: 1.5.0  
Client API version: 1.17  
Go version (client): go1.3.3  
Git commit (client): a8a31ef/1.5.0  
OS/Arch (client): linux/amd64  
Server version: 1.5.0  
Server API version: 1.17  
Go version (server): go1.3.3  
Git commit (server): a8a31ef/1.5.0  
I've followed this link http://www.jfrog.com/confluence/display/RTF/Docker+Repositories and this one artifactory as docker registry
I create a docker registry in artifactory called docker-local and enable docker support for it.
My artifactory doesn't have an option where I can say docker v1 or v2 like in this document so I'm assuming it uses docker v1. 
Artifactory generated these for me:
<distributionManagement>
    <repository>
        <id>sdpvvrwm812</id>
        <name>sdpvvrwm812-releases</name>
        <url>http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/docker-local</url>
    </repository>
    <snapshotRepository>
        <id>sdpvvrwm812</id>
        <name>sdpvvrwm812-snapshots</name>
        <url>http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/docker-local</url>
    </snapshotRepository>
</distributionManagement>
Though something's not working with these settings.
I installed the reverse proxy nginx and copied these settings into its /etc/nginx/nginx.conf:  
http {
## # Basic Settings ## [...] server { listen 443; server_name sdpvvrwm812.ib.tor.company.com; ssl on; ssl_certificate /etc/ssl/certs/sdpvvrwm812.ib.tor.company.com.crt; ssl_certificate_key /etc/ssl/private/sdpvvrwm812.ib.tor.company.com.key; access_log /var/log/nginx/sdpvvrwm812.ib.tor.company.com.access.log; error_log /var/log/nginx/sdpvvrwm812.ib.tor.company.com.error.log; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Original-URI $request_uri; proxy_read_timeout 900; client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on; location /v1 { proxy_pass http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/api/docker/docker-local/v1; } } }
I generated my ssl key as shown at http://www.akadia.com/services/ssh_test_certificate.html and placed in the 2 directories
/etc/ssl/certs/sdpvvrwm812.ib.tor.company.com.crt;
/etc/ssl/private/sdpvvrwm812.ib.tor.company.com.key;
I'm not sure how to ping the new docker registry, but doing
 sudo docker login -u adrianus -p AT65UTJpXEFBHaXrzrdUdCS -e [email protected] http://sdpvvrwm812.ib.tor.company.com
gives this error:
FATA[0000] Error response from daemon: v1 ping attempt failed with error: Get https://sdpvvrwm812.ib.tor.company.com/v1/_ping: dial tcp 172.25.10.44:443: connection refused. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add
--insecure-registry sdpvvrwm812.ib.tor.company.comto the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/sdpvvrwm812.ib.tor.company.com/ca.crt
BUT the certificate /etc/docker/certs.d/sdpvvrwm812.ib.tor.company.com/ca.crt exists so what's going on?
sudo curl -k -uadrianus:AP2pKojAeMSpXEFBHaXrzrdUdCS "https://sdpvvrwm812.ib.tor.company.com"
gives this error:
curl: (35) SSL connect error
I do start docker client with:
sudo docker -d --insecure-registry https://sdpvvrwm812.ib.tor.company.com
Could it be that since my docker registry is http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/docker-local and docker and nginx are looking for http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/docker-local/v1?
Any clues how to get docker to push images to artifactory?
The <distributionManagement/> part is for maven. It's a bit facepalm that Artifactory 3 shows maven snippet for Docker repos (fixed in Artifactory 4, you're welcome to upgrade), so please disregard it. 
Generally with Docker you can't use /artifactory/repoName. It's Docker limitation, your registry must be hostname:port, without any additional path.
That's exactly why you have to configure the reverse proxy. What you are doing in your nginx config is forwarding all the requests to sdpvvrwm812.ib.tor.company.com:443/v1 to http://sdpvvrwm812.ib.tor.company.com:8081/artifactory/api/docker/docker-local/v1, which is correct thing to do.
Please note that the location for certificates should be /etc/docker/certs.d/sdpvvrwm812.ib.tor.company.com/, not /etc/ssl/certs/.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With