Error with docker pull from insecure registry

Hi all,

I have setup rancher plus one environment with 3 nodes added to the swarm.
It all works fine as long as I use images from docker hub, but I would like to setup an own registry… starting with an insecure registry.

I spun up a registry container on node1 of my swarm cluster.

[root@worker1 ~]# curl -i 'http://localhost:5000/v2/'
HTTP/1.1 200 OK
Content-Length: 2
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
Date: Thu, 13 Apr 2017 11:39:31 GMT

A tag and push to the local registry worked:
[root@worker1 ~]# curl ‘http://localhost:5000/v2/bram/mynginx/tags/list
{“name”:“bram/mynginx”,“tags”:[“1.0”]}

A curl from node2 gives:
[root@worker2 ~]# curl http://:5000/v2/bram/mynginx/tags/list
{“name”:“bram/mynginx”,“tags”:[“1.0”]}

But when I do a pull I get:
[root@worker2 ~]# docker pull 10.0.0.11:5000/bram/mynginx:1.0
Error response from daemon: Get https://:5000/v1/_ping: http: server gave HTTP response to HTTPS client

I added DOCKER_OPTS="–insecure-registry 10.0.0.11:5000" to /etc/default/docker and restarted the docker service but didn’t help.

Anyone an idea of what I am doing wrong?
Another question is what is the best practice with spinning up a registry… should I do that on a host in the swarm cluster of an environment or should I run one on one of the rancher/server nodes?

With kind regards,

Bram

Extra info:

I am using RHEL7.3 on all machines. Docker version is the same on all machines as well:
Client:
Version: 17.04.0-ce
API version: 1.28
Go version: go1.7.5
Git commit: 4845c56
Built: Mon Apr 3 18:01:50 2017
OS/Arch: linux/amd64

Server:
Version: 17.04.0-ce
API version: 1.28 (minimum version 1.12)
Go version: go1.7.5
Git commit: 4845c56
Built: Mon Apr 3 18:01:50 2017
OS/Arch: linux/amd64
Experimental: false

I am using systemd… when checking the status I don’t see the --insecure-registry flag so it probably didn’t do anything with /etc/default/docker.
The file /etc/default/docker didn’t exist though, so I created it myself… don’t know if it does anything if it didn’t exist yet?!

I also tried below options:

add directly the --insecure flag in the systemd unit file (/lib/systemd/system/docker.service):
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry …

give the configuration file explicitly in the systemd unit file, before the ExecStart line:
EnvironmentFile=-/etc/default/docker

or add/edit /etc/default/docker.json
{
“insecure-registries”: []
}

All give the below error when restarting the docker service
Apr 13 14:27:39 worker2 systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Apr 13 14:27:39 worker2 systemd[1]: Failed to start Docker Application Container Engine.
Apr 13 14:27:39 worker2 systemd[1]: Unit docker.service entered failed state.
Apr 13 14:27:39 worker2 systemd[1]: docker.service failed.
Apr 13 14:27:39 worker2 systemd[1]: docker.service holdoff time over, scheduling restart.
Apr 13 14:27:39 worker2 systemd[1]: start request repeated too quickly for docker.service
Apr 13 14:27:39 worker2 systemd[1]: Failed to start Docker Application Container Engine.
Apr 13 14:27:39 worker2 systemd[1]: Unit docker.service entered failed state.
Apr 13 14:27:39 worker2 systemd[1]: docker.service failed.