Docker: TLS handshake timeout

I’ve created my own private registry (private-registry) but I’m unable to push images to it.
Than I get the following error:

The push refers to a repository [private-registry:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://private-registry:5000/v0/
v2 ping attempt failed with error: Get https://private-registry:5000/v2/: net/http: TLS handshake timeout
 v1 ping attempt failed with error: Get https://private-registry:5000/v1/_ping: net/http: TLS handshake timeout

The logs of the running registry are showing the following:

  • building oracle docker image on mac os x fails with “This system does not meet the minimum requirements for swap space.”
  • Linked container IP not in hosts
  • Docker containers slow after restart in Azure VM
  • Python dependency issues with Django on Docker
  • Nesting variables in Apache config
  • ERROR: Registering runner. forbidden (check registration token)
  • time="2015-12-14T07:59:21Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="redis not configured" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="listening on [::]:5000, tls" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="Starting upload purge in 47m0s" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
    

    I’m unable to curl my registry (timeout).
    This are the steps I performed:

    First I’ve created selfsigned certificates:

    mkdir -p certs && openssl req \
      -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
      -x509 -days 365 -out certs/domain.crt
    

    I’ve created my registry, which will use this certificates:

    docker run -d -p 5000:5000 --restart=always --name private-registry \
      -v `pwd`/certs:/certs \
      -e REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt \
      -e REGISTRY_HTTP_TLS_KEY=certs/domain.key \
      registry:2
    

    I gave the right permissions:

    chcon -Rt svirt_sandbox_file_t ~certs/
    

    I’ve created: /etc/docker/etc.d/private-registry:5000/
    And I copied my domain.crt in it.
    I’ve edited my /etc/hosts and added:
    10.0.0.X private-registry (my internal ip and the name of my registry)

    I also restarted docker and my registry.

    EDIT:

    [centos@ ~]$ curl -v private-registry:5000
    * About to connect() to private-registry port 5000 (#0)
    *   Trying 10.0.0.xx...
    * Connected to private-registry (10.0.0.xx) port 5000 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: private-registry:5000
    > Accept: */*
    > 
    
    * Connection #0 to host private-registry left intact
    [centos@~]$ curl -v https://private-registry:5000
    * About to connect() to private-registry port 5000 (#0)
    *   Trying 10.0.0.xx...
    * Connected to private-registry (10.0.0.xx) port 5000 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
          CApath: none
        * NSS error -5990 (PR_IO_TIMEOUT_ERROR)
    * I/O operation timed out
    * Closing connection 0
    curl: (35) I/O operation timed out
    

  • client is newer than server (client API version: 1.24, server API version: 1.21)
  • Following the Get Started: Stack server stuck loading page endlessly
  • Can not deploy custom MFP docker image on IBM Bluemix
  • 'nutc': unknown terminal type. docker
  • Docker: Error, Container command 'docker-entrypoint.sh' not found or does not exist
  • Symfony app in Docker doesn't work
  • One Solution collect form web for “Docker: TLS handshake timeout”

    You may need to place the certificate into this directory.

        /etc/docker/certs.d/private-registry.com:5000/ca.crt
    
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.