How to Add an Insecure Registry Entry in Docker
While securing your registry using a Transport Layer Security (TLS) certificate issued by a known Certificate Authority (CA) is highly recommended, we can choose to use our insecure registry over an unencrypted Hypertext Transfer Protocol (HTTP) connection. This article will discuss how to add insecure registries in Docker.
Add an Insecure Registry Entry in Docker
This process sets up Docker to completely disregard registry security. Therefore, it is not advised to introduce vulnerable registry entries to Docker.
Your registry is vulnerable to simple man-in-the-middle (MITM) attacks. Use this solution exclusively for solitary testing or in an area that is strictly regulated and airtight.
Edit the daemon.json
file on the following locations:
- Linux:
/etc/docker/daemon.json
- Windows:
C:\ProgramData\docker\config\daemon.json
Whether we are using Docker Desktop for Mac or Docker Desktop for Windows, we should click the Docker icon, select Preferences
for Mac or Settings
for Windows, and then select Docker Engine
.
We can create the daemon.json
file inside the directory if it doesn’t already exist. The file should contain the following mandatory information if no additional settings are present.
{
"insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}
Replace the example address with the one for the container of your insecure registry.
For testing via HTTPS with insecure registries enabled, Docker follows these steps:
- If HTTPS is available, but the certificate is invalid, ignore the error about the certificate.
- If HTTPS is not available, use HTTP.
Restart the Docker container for the changes to take effect.
Keep in mind that simply following these procedures, basic authentication makes it impossible to access an unsecured registry. Therefore, every container engine host that tries to access your registry must go through the above steps again.
Marion specializes in anything Microsoft-related and always tries to work and apply code in an IT infrastructure.
LinkedIn