January-31st-2019, 06:47 PM
I recheck my registry running on my Raspberry Pi 3 again. (used for the registry example in this thread by the way). It works like it should under the hostname myregistry. Both pi and netPI are in the same office network, same switch, same DHCP server.
So my settings in portainer are name: any, registry url: myregistry.local.
But let me explain you what here at hilscher happens. We have domains like you e.g. hilscher. But in the registry I never succeeded using "myregistry.hilscher.local" as registry. I always have to use "myregistry.local" as registry URL only. Maybe this helps in your case too.
The only thing I see to analyse the problem is hooking a managed switch to you netPI with a mirror port and listen to its outgoing network traffic and have a look what is really happening. We could check the same tomorrow in the office with wireshark using my netPI.
If nothing helps in the end you need to enter the ip address in the registry url finally till the problem is found why this happens. I know you did that, but one more word to your problem about {"message":"Get https://x.x.10.21/v2/: x509: cannot validate certificate for x.x.10.21 because it doesn't contain any IP SANs"}. The time you have created the certificate you had to fill out the alt names table and you have to add the ip address additionally
[ alt_names ]
DNS.1 = myregistry
DNS.2 = myregistry.local
DNS.3 = myregistry.domain
IP.1 = 127.0.0.1
IP.2 = <your servers IP address>
and then regenerate the certificate
So my settings in portainer are name: any, registry url: myregistry.local.
But let me explain you what here at hilscher happens. We have domains like you e.g. hilscher. But in the registry I never succeeded using "myregistry.hilscher.local" as registry. I always have to use "myregistry.local" as registry URL only. Maybe this helps in your case too.
The only thing I see to analyse the problem is hooking a managed switch to you netPI with a mirror port and listen to its outgoing network traffic and have a look what is really happening. We could check the same tomorrow in the office with wireshark using my netPI.
If nothing helps in the end you need to enter the ip address in the registry url finally till the problem is found why this happens. I know you did that, but one more word to your problem about {"message":"Get https://x.x.10.21/v2/: x509: cannot validate certificate for x.x.10.21 because it doesn't contain any IP SANs"}. The time you have created the certificate you had to fill out the alt names table and you have to add the ip address additionally
[ alt_names ]
DNS.1 = myregistry
DNS.2 = myregistry.local
DNS.3 = myregistry.domain
IP.1 = 127.0.0.1
IP.2 = <your servers IP address>
and then regenerate the certificate
„You never fail until you stop trying.“, Albert Einstein (1879 - 1955)