How to use PhotonOS with an insecure registry

If you have installed a local docker registry without signed SSL certificates, the docker daemon will need to be started in a way to allow connection in insecure mode. For details see this note from Docker. In this guide I will show you how to configure VMware Photon OS to connect to a registry in insecure mode. Please note this is only advised for Development and testing environments. For added security you should always setup you clients and registry in secure mode.

Pre-Reqs

  • Local insecure docker Registry installed see my guide here for VMware Harbor.
  • Photon OS with at least 1 vCPU 2GB RAM and 5GB storage to test the local registry
  • Internet Access from Photon OS to the internet
  • A quite place where you will not get interrupted – See my guide here.

Open an SSH session and login to your Photon OS VM. We will configure Docker to allow connecting to an insecure registry since we used HTTP for our registry server and did not setup signed certs, use vi editor to create a file /etc/default/docker

vi /etc/default/docker

Click i and then enter the following to point to the host name or ip and port (if other than port 80) then click the esc key, then hold shift and pres ZZ to save the file

DOCKER_OPTS="--insecure-registry reg.corp.local"
Note: If you are using the registry from Docker it may be something like this:
DOCKER_OPTS="--insecure-registry registry.corp.local:5000"

Now start Docker with the following command

Note: If docker was already running just type systemctl restart docker

Now login to the registry with the following and use the user and password you setup in your registry

Now pull an image from the Public DockerHub registry

docker pull vmwarecna/nginx

Now tag the image with the following

docker tag vmwarecna/nginx reg.corp.local/library/myimage

Now push it to your registry with the following

docker push reg.corp.local/library/myimage

You are now setup to push and pull images to your local registry in insecure mode. Enjoy!

Remember sharing is caring!

2 Replies to “How to use PhotonOS with an insecure registry”

  1. Hi Ryan,

    I followed your guide but when I run the login command I get the following error :
    “certificate signed by unknown authority”

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.