Using a private Docker repository
In enterprise environments, it is not uncommon to use private repositories for distribution, and Docker images are no exception. If these repositories use certificates from an internal certificate authority, trust in those certificates must be established before the repositories can be used.
When I recently tried to run docker-compose
on an enterprise codebase, it failed with the following error message:
ERROR: Get "https://nexus.company.com:18443/v2/": x509: certificate signed by unknown authority
The reason was that an image in the docker-compose.yml
file pointed to this internal repository:
image: nexus.company.com:18443/pg-backups
The certificate mentioned in the error message was issued by their own certificate authority, and therefore my Docker instance did not trust it. I quickly found documentation on how to establish trust on Linux, but it took me much longer to figure out that Docker on Windows gets its trusted root certificate authorities from the operating system. So to fix the problem, I had to install the certificate in the Trusted Root Authorities Store by double-clicking the .crt
file and selecting the correct store.
After doing this and restarting the Docker service, I received a different error message:
ERROR: Head "https://nexus.company.com:18443/v2/pg-backups/manifests/latest": no basic auth credentials
The repository was not publicly accessible, so I had to log in with my credentials using the following command:
docker login nexus.company.com:18443
After I successfully logged in, the docker-compose
command finally worked without error.
If you are using a private Docker repository, you need to establish trust in its certificate before you can use it. On Windows, you accomplish this by installing the certificate in the system certificate store. Once you have done this, you may also need to log in to the repository before you can finally retrieve images from it.