Docker: TLS handshake timeout

I’ve created my own private registry (private-registry) but I’m unable to push images to it.
Than I get the following error:

The push refers to a repository [private-registry:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://private-registry:5000/v0/
v2 ping attempt failed with error: Get https://private-registry:5000/v2/: net/http: TLS handshake timeout
 v1 ping attempt failed with error: Get https://private-registry:5000/v1/_ping: net/http: TLS handshake timeout

The logs of the running registry are showing the following:

  • docker -P not exposing ports of application started as argument
  • Minecraft Docker Image: game storage persistence
  • How to check if the restart policy works of Docker
  • Docker container won't access MySQL on host machine
  • Configure appveyor for Docker
  • Installing postgre driver in php7-fpm Docker container
  • time="2015-12-14T07:59:21Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.5.2 version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="redis not configured" go.version=go1.5.2 version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.5.2 version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="listening on [::]:5000, tls" go.version=go1.5.2 version=v2.2.1 
    time="2015-12-14T07:59:21Z" level=info msg="Starting upload purge in 47m0s" go.version=go1.5.2 version=v2.2.1 

    I’m unable to curl my registry (timeout).
    This are the steps I performed:

    First I’ve created selfsigned certificates:

    mkdir -p certs && openssl req \
      -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
      -x509 -days 365 -out certs/domain.crt

    I’ve created my registry, which will use this certificates:

    docker run -d -p 5000:5000 --restart=always --name private-registry \
      -v `pwd`/certs:/certs \
      -e REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt \
      -e REGISTRY_HTTP_TLS_KEY=certs/domain.key \

    I gave the right permissions:

    chcon -Rt svirt_sandbox_file_t ~certs/

    I’ve created: /etc/docker/etc.d/private-registry:5000/
    And I copied my domain.crt in it.
    I’ve edited my /etc/hosts and added:
    10.0.0.X private-registry (my internal ip and the name of my registry)

    I also restarted docker and my registry.


    [centos@ ~]$ curl -v private-registry:5000
    * About to connect() to private-registry port 5000 (#0)
    *   Trying 10.0.0.xx...
    * Connected to private-registry (10.0.0.xx) port 5000 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: private-registry:5000
    > Accept: */*
    * Connection #0 to host private-registry left intact
    [centos@~]$ curl -v https://private-registry:5000
    * About to connect() to private-registry port 5000 (#0)
    *   Trying 10.0.0.xx...
    * Connected to private-registry (10.0.0.xx) port 5000 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
          CApath: none
        * NSS error -5990 (PR_IO_TIMEOUT_ERROR)
    * I/O operation timed out
    * Closing connection 0
    curl: (35) I/O operation timed out

  • docker image error downloading package
  • How do I pass the host's IP address to my container in Docker
  • Best strategy for automatize a flow that need user interaction
  • How to get contents generated by a docker container on the local fileystem (minimal failing example)
  • Image Name, Container Name in Docker Syslog Tag in Docker-Compose
  • boot2docker, docker, django on mac os x
  • One Solution collect form web for “Docker: TLS handshake timeout”

    You may need to place the certificate into this directory.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.