1

I came across the following errors as running docker push docker push myregistry.com/testexpose command.

The push refers to a repository [myregistry.com/testexpose]

Put http://myregistry.com/v1/repositories/testexpose/: malformed HTTP response "\x15\x03\x01\x00\x02\x02"

The certificates has been built by following the docker offical guide.

I could see the docker running correctly.

[root@ip-10-1-1-229 docker]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                          NAMES
b28c6a3be012        registry:2          "/entrypoint.sh /e..."   35 minutes ago      Up 19 minutes       0.0.0.0:80->80/tcp, 5000/tcp   registry

Docker container logs could be seen as follows:

2017/07/02 01:56:12 http: TLS handshake error from 172.17.0.1:42218: tls: first record does not look like a TLS handshake
2017/07/02 01:56:12 http: TLS handshake error from 172.17.0.1:42224: tls: first record does not look like a TLS handshake
2017/07/02 01:56:13 http: TLS handshake error from 172.17.0.1:42230: tls: first record does not look like a TLS handshake
2017/07/02 01:56:13 http: TLS handshake error from 172.17.0.1:42236: tls: first record does not look like a TLS handshake
2017/07/02 01:56:14 http: TLS handshake error from 172.17.0.1:42242: tls: first record does not look like a TLS handshake
2017/07/02 01:56:14 http: TLS handshake error from 172.17.0.1:42248: tls: first record does not look like a TLS handshake
2017/07/02 01:56:15 http: TLS handshake error from 172.17.0.1:42254: tls: first record does not look like a TLS handshake
2017/07/02 01:56:15 http: TLS handshake error from 172.17.0.1:42260: tls: first record does not look like a TLS handshake
2017/07/02 01:56:15 http: TLS handshake error from 172.17.0.1:42266: tls: first record does not look like a TLS handshake
2017/07/02 01:56:15 http: TLS handshake error from 172.17.0.1:42272: tls: first record does not look like a TLS handshake

It seems to be an authentication error, but the CN was set as myregistry.com during the creation of the x.509 certificate. Would any one figure out what is going on? Thanks.

Halfgaar
  • 7,921
  • 5
  • 42
  • 81
Jepsenwan
  • 160
  • 3
  • 11

1 Answers1

1

You seem to be using HTTP to connect to HTTPS. Instead of port 80, you need to map port 443, and then use https://myregistry.com...

Halfgaar
  • 7,921
  • 5
  • 42
  • 81
  • Could you say more? I have what I think is the same problem (can make my own question if desired) where a registry is using tls and it isn't valid to `docker pull https://` since the pull syntax expects the raw domain and no protocol prefix. – TomMD Oct 10 '18 at 16:23
  • 1
    I retract the question. It turns out you must `docker login` for TLS endpoints. Subsequent `docker pull` commands will use https and not try to use http. – TomMD Oct 10 '18 at 16:43