Rootless edge-case: defaults to http when registry resolves to 127.0.0.1

Question

Rootless edge-case: defaults to http when registry resolves to 127.0.0.1

desnij opened this issue 3 years ago · 1 comments

desnij commented 3 years ago

Debian buster: Docker version 20.10.16, build aa7e414

Background

On a vanilla debian system

As root everything works as expected, including our in-house repo
Using rootless as a user "ubuntu", "gcr.io/myproject/alpine" etc all work
but the in-house registry fails as seen below.

this happens when the host resolves to 127.0.0.1 ( in my case, due to the use of ssh tunnels)
it happens regardless of what port is used.

$ docker pull reg.my.domain:443/alpine
Using default tag: latest
Error response from daemon: Get "http://reg.my.domain:443/v2/": dial tcp 127.0.0.1:443: connect: connection refused

Failed attempt at a work around.

I tried to tunnel the registry to the host ip ( ssh -L 0.0.0.0:443:reg.my.domain:443 myjumppoint ) but that fails because now docker wants to resolve the dns rather than read /etc/hosts as done when the ip is 127.0.0.1.

$ docker pull  reg.my.domain:443/alpine
Using default tag: latest
Error response from daemon: Get "https://reg.my.domain:443/v2/": dial tcp: lookup reg.my.domain on 10.0.2.3:53: server misbehaving

Edge-case notes

docker defaults to http when using a reg on 127/8
docker requires dns when host is not 127.0.0.1 ( this may virtualbox related )

Answer 1 · 2022-05-26T15:00:18.000Z

moving this to docker/cli