DOCKER_OPTS in /etc/default/docker ignored



I changed /etc/default/docker to add a private docker registry, then I restarted docker service and finally tried to pull some image.

$ cat /etc/default/docker

$ service docker restart

$ docker pull
FATA[0000] Error: v1 ping attempt failed with error: Get https://mydocker- dial tcp: lookup no 
such host. If this private registry supports only HTTP or HTTPS with an 
unknown CA certificate, please add `--insecure-registry mydocker-` to the daemon's arguments. In the case of HTTPS, if 
you have access to the registry's CA certificate, no need for the flag; 
simply place the CA certificate at /etc/docker/certs.d/mydocker-

A ps output shows nothing about DOCKER_OPTS environment var.

  • Docker wordpress container with two volumes on separate domains
  • Docker container not able to access port 5432
  • Is it possible to create a docker container that contains one or more containers? [closed]
  • How to get local host IP address in docker container?
  • Meaning of docker-compose exit code?
  • Is there any way to install Docker Tooling Kit in mars on Windows
  • $ ps auxwww|grep docker
    root  6919   0.0   0.1   331076   19984 ? Ssl 10:14   0:00 /usr/bin/docker -d -H fd://


    According to docker documentation the way to use a private registry is through DOCKER_OPTS in /etc/default/docker. Why, after doing that, it does not take effect in this environment?


    • The private registry hostname is correctly resolved by the DNS.

  • PyCharm Remote Interpreter: Cannot Execute Docker's Python Binary
  • how can i check how many versions of a docker image exists?
  • Killbill on Google Flexible Environment using Java and Cloud SQL
  • Connecting docker client to remote docker daemon over TLS
  • Setting specific mac address in docker
  • How to test dockerignore file?
  • 5 Solutions collect form web for “DOCKER_OPTS in /etc/default/docker ignored”

    Recommended Way

    According to docker documentation, The recommended way to configure the daemon flags and environment variables for your Docker daemon is to use a systemd drop-in file.

    So, for this specific case, do the following:

    1. Create a file called /etc/systemd/system/docker.service.d/private-registry.conf with the following content:

      If not exists, create directory /etc/systemd/system/docker.service.d

      ExecStart=/usr/bin/dockerd --insecure-registry
    2. Flush changes:

      $ sudo systemctl daemon-reload
    3. Restart Docker:

       $ sudo systemctl restart docker


    Not recommended way

    Edit file /lib/systemd/system/docker.service

    ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS

    Then execute

    systemctl daemon-reload
    systemctl restart docker

    Verify that /etc/default/docker is loaded

    ps auxwww | grep docker
    root      4989  0.8  0.1 265540 16608 ?        Ssl  10:37   0:00 /usr/bin/docker -d -H fd:// --insecure-registry 

    That’s it.

    Things seem to have changed in Ubuntu 16.04 using docker 1.12.x. Based on the updated documentation

    Add DOCKER_OPTS="-g /mnt/somewhere/else/docker/ --storage-driver=overlay2" to /etc/default/docker

    Edit file /lib/systemd/system/docker.service

    ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS

    Then execute:

    sudo systemctl daemon-reload
    sudo systemctl restart docker

    Systemd based systems do not read /etc/default configurations, you have to put those in /etc/systemd now, see also docker bug docker bug #12926

    There is an official documentation on the Docker site now, refer to Control and configure Docker with systemd.

    You should never directly hack the service files for configuration.

    Tested and works on Arch and Debian based systems – I had to include the option to ignore any obsolete EnvironmentFile directives, though (see also linked Docker reference, but I didn’t spot it at first and thought it was not needed):

    ExecStart=/usr/bin/docker daemon ...

    Systemd is really not designed for appending options to ExecStart or Environment. The best and also most platform-independent way is to use the /etc/docker/daemon.json configuration file.


    cat > /etc/docker/daemon.json <<DOCKERCONFIG
      "labels": ["foo=bar"],
      "insecure-registries": [""]

    Ubuntu specific solution to insecure-registry via DOCKER_OPTS


    $ dpkg --list | grep -i docker
    ii                          1.12.3-0ubuntu4~16.04.2            amd64        Linux container runtime

    …ships with…

    $ cat /etc/systemd/system/
    Description=Docker Application Container Engine
    Documentation= docker.socket
    # the default is not to use systemd for cgroups because the delegate issues still
    # exists and systemd currently does not support the cgroup feature set required
    # for containers run by docker
    ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS
    ExecReload=/bin/kill -s HUP $MAINPID
    # Having non-zero Limit*s causes performance problems due to accounting overhead
    # in the kernel. We recommend using cgroups to do container-local accounting.
    # Uncomment TasksMax if your systemd version supports it.
    # Only systemd 226 and above support this version.
    # set delegate yes so that systemd does not reset the cgroups of docker containers
    # kill only the docker process, not all processes in the cgroup

    …(Specifically: ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS) you can do a hybrid approach combining the [chosen answer’s] “Recommended Way” and the use of DOCKER_OPTS to keep from blowing over the -H fd:// option if you were to redefine ExecStart

    # The package doesn't create a systemd drop-ins directory, so we will
    $ mkdir -p /etc/systemd/system/docker.service.d
    $ cat > /etc/systemd/system/docker.service.d/10-insecure-registry.conf <<EOF
    Environment="DOCKER_OPTS=--insecure-registry docker.internal:5000"
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.