when you use http and 80,iIt has become extremely confusing #4730
Description
What is the problem you're trying to solve
When I run the login command:nerdctl login harbor.my.com:80 --username admin --insecure-registry
I have to specify port 80 and the --insecure-registry flag.
Manually prepending http://harbor.my.com:80 also doesn’t work—it still redirects to HTTPS, and I have to include the --insecure-registry flag regardless.
The problem, however, lies with the hosts.toml file under /etc/containerd/certs.d:
# You still need to specify port 80
# Because port 80 is included in your login command
[host."http://harbor.my.top:80"]
capabilities = ["pull","push","resolve"]
#skip_verify = true
#ca=""
# If port 80 is included in your login command
# Your ~/.docker/config.json will have the following content
# So you must specify port 80 in hosts.toml when running nerdctl pull
# (nerdctl retrieves authentication credentials from ~/.docker/config.json)
"auths": {
"harbor.deep-space.top:80": {
"auth": "xxxxxxx="
}
}
This situation is extremely frustrating. I understand the issue stems partly from containerd and partly from nerdctl.
With Docker, by contrast, I only need to specify the insecure registry in daemon.json and that’s it.
I spent the entire night debugging my private registry mirror accelerator. I kept thinking the issue was with Harbor, but it worked perfectly fine when I switched to Docker—until I finally figured out the problem with port 80.