You can only push images to a registry if the image tag matches the registry domain. The process for tagging and pushing is the same as with Docker Hub, but you need to explicitly include the local registry domain in the new tag. These commands pull my registry server image from Docker Hub and add a new tag, making it suitable to be pushed to the local registry:
docker image pull dockeronwindows/ch04-registry:2e
docker image tag dockeronwindows/ch04-registry:2e registry.local:5000/infrastructure/registry:v2.6.2
The docker image tag command specifies the source tag first, and then the target tag. You can change every part of the image name for the new target tag. I've used the following:
- registry.local:5000 is the registry domain. The original image name had an implied domain of docker.io.
- infrastructure is the account name. The original account name was dockeronwindows.
- registry is the repository name. The original was ch04-registry.
- v2.6.2 is the image tag. The original tag was 2e.
I can try to push the new tagged image to the local registry, but Docker won't let me use the registry yet:
> docker image push registry.local:5000/infrastructure/registry:v2.6.2
The push refers to a repository [registry.local:5000/infrastructure/registry]
Get https://registry.local:5000/v2/: http: server gave HTTP response to HTTPS client
The Docker platform is secure by default, and the same principle extends to image registries. The Docker Engine expects to use HTTPS to communicate with registries so that the traffic is encrypted. My simple registry installation uses plaintext HTTP, so I get an error saying Docker tried to use an encrypted transport for the registry but only an unencrypted transport was available.
There are two options for setting up Docker to use the local registry. The first is to extend the registry server to secure the communication – the registry server image can run over HTTPS if you supply it with an SSL certificate. That's what I would do in a production environment, but to start out I can use the other option and make an exception in the Docker configuration. The Docker Engine will allow a HTTP registry to be used if it's explicitly named in an allowed list of insecure registries.