Docker: TLS handshake timeout

I’ve created my own private registry (private-registry) but I’m unable to push images to it.
Than I get the following error:

The push refers to a repository [private-registry:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://private-registry:5000/v0/
v2 ping attempt failed with error: Get https://private-registry:5000/v2/: net/http: TLS handshake timeout
 v1 ping attempt failed with error: Get https://private-registry:5000/v1/_ping: net/http: TLS handshake timeout

The logs of the running registry are showing the following:

  • building oracle docker image on mac os x fails with “This system does not meet the minimum requirements for swap space.”
  • Linked container IP not in hosts
  • Docker containers slow after restart in Azure VM
  • Python dependency issues with Django on Docker
  • Nesting variables in Apache config
  • ERROR: Registering runner. forbidden (check registration token)
  • time="2015-12-14T07:59:21Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.5.2 version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="redis not configured" go.version=go1.5.2 version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.5.2 version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="listening on [::]:5000, tls" go.version=go1.5.2 version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="Starting upload purge in 47m0s" go.version=go1.5.2 version=v2.2.1 

    I’m unable to curl my registry (timeout).
    This are the steps I performed:

    First I’ve created selfsigned certificates:

    mkdir -p certs && openssl req \
      -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
      -x509 -days 365 -out certs/domain.crt

    I’ve created my registry, which will use this certificates:

    docker run -d -p 5000:5000 --restart=always --name private-registry \
      -v `pwd`/certs:/certs \
      -e REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt \
      -e REGISTRY_HTTP_TLS_KEY=certs/domain.key \

    I gave the right permissions:

    chcon -Rt svirt_sandbox_file_t ~certs/

    I’ve created: /etc/docker/etc.d/private-registry:5000/
    And I copied my domain.crt in it.
    I’ve edited my /etc/hosts and added:
    10.0.0.X private-registry (my internal ip and the name of my registry)

    I also restarted docker and my registry.


    [centos@ ~]$ curl -v private-registry:5000
    * About to connect() to private-registry port 5000 (#0)
    *   Trying 10.0.0.xx...
    * Connected to private-registry (10.0.0.xx) port 5000 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: private-registry:5000
    > Accept: */*
    * Connection #0 to host private-registry left intact
    [centos@~]$ curl -v https://private-registry:5000
    * About to connect() to private-registry port 5000 (#0)
    *   Trying 10.0.0.xx...
    * Connected to private-registry (10.0.0.xx) port 5000 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
          CApath: none
        * NSS error -5990 (PR_IO_TIMEOUT_ERROR)
    * I/O operation timed out
    * Closing connection 0
    curl: (35) I/O operation timed out

  • client is newer than server (client API version: 1.24, server API version: 1.21)
  • Following the Get Started: Stack server stuck loading page endlessly
  • Can not deploy custom MFP docker image on IBM Bluemix
  • 'nutc': unknown terminal type. docker
  • Docker: Error, Container command '' not found or does not exist
  • Symfony app in Docker doesn't work
  • One Solution collect form web for “Docker: TLS handshake timeout”

    You may need to place the certificate into this directory.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.