colima icon indicating copy to clipboard operation
colima copied to clipboard
verified publisher icon abiosoft

'docker push' send 'client hello' packet to insecure registry

Open xiaooloong opened this issue 3 months ago • 0 comments

Description

~ docker info
Client: Docker Engine - Community
 Version:    29.0.2
 Context:    colima
 Debug Mode: false

Server:
 Server Version: 28.4.0
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
 runc version: v1.2.5-0-g59923ef
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.8.0-64-generic
 Operating System: Ubuntu 24.04.2 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 1.919GiB
 Name: colima
 ID: 884ea862-03cb-4cd2-97bb-70d0f37aebe2
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: 192.168.5.2:8001
 HTTPS Proxy: 192.168.5.2:8001
 Experimental: false
 Insecure Registries:
  192.1.250.60:8083
  ::1/128
  127.0.0.0/8



~ docker push 192.1.250.60:8083/jetstack/cert-manager-acmesolver:v1.16.4
The push refers to repository [192.1.250.60:8083/jetstack/cert-manager-acmesolver]
38f4a9ccb8d6: Unavailable
......
d557676654e5: Unavailable
failed to do request: Post "https://192.1.250.60:8083/v2/jetstack/cert-manager-acmesolver/blobs/uploads/": http: server closed idle connection

tcpdump shows docker send 'client hello' pcakge to '192.1.250.60:8083' while this registry is configured as a plain http registry both in daemon.json of docker daemon and colima.yaml of colima.

Version

colima version 0.9.1
git commit: 0cbf719f5409ce04b9f0607b681c005d2ff7d94a

runtime: docker
arch: x86_64
client: v29.0.2
server: v28.4.0
limactl version 2.0.1
qemu-img version 10.1.2

Operating System

  • [ ] macOS Intel <= 13 (Ventura)
  • [x] macOS Intel >= 14 (Sonoma)
  • [ ] Apple Silicon <= 13 (Ventura)
  • [ ] Apple Silicon >= 14 (Sonoma)
  • [ ] Linux

Output of colima status

colima status
INFO[0001] colima is running using macOS Virtualization.Framework
INFO[0001] arch: x86_64
INFO[0001] runtime: docker
INFO[0001] mountType: virtiofs
INFO[0001] docker socket: unix:///Users/user/.colima/default/docker.sock
INFO[0001] containerd socket: unix:///Users/user/.colima/default/containerd.sock

Reproduction Steps

  1. configure a insecure registry in colima.yaml
  2. (re)start colima
  3. docker tag a image to that http registry and push

Expected behaviour

No response

Additional context

No response

xiaooloong avatar Nov 19 '25 07:11 xiaooloong