Skip to main content

Insecure Docker Registry

In case your CI/CD build needs to interact with insecure docker registry running with http protocol or self-signed certificate, docker daemon or corresponding buildx builder of OneDev server or agent (depending on where you are running the job) needs to be configured to trust the registry

Configure Insecure Registry for Docker Daemon

In most cases, docker integrates with registry via docker daemon, and you will need to configure the daemon to trust the insecure registry. On the machine running OneDev (or host machine if OneDev runs inside container):

  1. Add below entry to file /etc/docker/daemon.json:

    {
        "insecure-registries" : [ "<registry host>:<registry port>" ]
    }

  2. Restart docker daemon by running:

    sudo systemctl restart docker

Configure Insecure Registry for Buildx Builder

In case your job builds docker image via buildx builder, and the build process needs to interact with insecure registry, you will need to configure the builder to trust the insecure registry. On the machine running OneDev (or host machine if OneDev runs inside container):

  1. Create a file say /etc/buildkit/buildkitd.toml containing below content:

    [registry."<registry host>:<registry port>"]
        http = true

  2. Create the builder using above file as config file:

    docker buildx create --name onedev --config /etc/buildkit/buildkitd.toml

  3. If OneDev runs inside docker container, you also need to mount the buildx config into the container via below option so that the builder can be accessed inside container:

    -v /path/to/user-home/.docker/buildx:/root/.docker/buildx