Docker push keeps failing with 'Tunnel Connection Failed' error when not using the --insecure-registry option for the hostname. When you have trusted CA certificates for the reverse proxy endpoint, there is no need to have the '--insecure-registry' tag for the hostname.
[root@TOCWCDS2IC ~]# docker push lvappi00173.bns:5000/ubuntu
The push refers to a repository [lvappi00173.bns:5000/ubuntu]
unable to ping registry endpoint https://lvappi00173.bns:5000/v0/
v2 ping attempt failed with error: Get https://lvappi00173.bns:5000/v2/: Tunnel Connection Failed
v1 ping attempt failed with error: Get https://lvappi00173.bns:5000/v1/_ping: Tunnel Connection Failed
This error is seen in cases where proxy settings are enabled on docker service where the docker client is installed. If the docker client is running on Red hat OS, then below is the file where proxy settings are enabled:
# cat /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=<Proxy address>:8080/"
In order to resolve this issue, please disable the proxy setting in the above file or add NO_PROXY variable for the artifactory server host. Below is an example showing the NO_PROXY option
# cat /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=<Proxy address>:8080/" "NO_PROXY=<artifactory_host>"