+++ This bug was initially created as a clone of Bug #1664423 +++ +++ This bug was initially created as a clone of Bug #1547826 +++ Description of problem: If I configure OSP12 for TLS, or TLS everywhere, docker-distribution serves the docker registry over an unencrypted port by default on the provisioning network. This network is (mostly) routable in production instances. Version-Release number of selected component (if applicable): python-tripleoclient-7.3.3-7.el7ost.noarch How reproducible: 100% Steps to Reproduce: 1. deploy OSP12 with TLS enabled, or do TLS everywhere config and add TLS after deployment 2. Create a local container registry 3. registry is served on a (usually) routable network over HTTP Actual results: registry is served over https Expected results: encrypted registry as there is transit across wires between nodes on encrypted protocol Additional info: Adding these lines to /etc/docker-distribution/registry would fix the issue (assuming your ssl cert is in /etc/pki/instack-certs/undercloud.pem --- tls: certificate: /etc/pki/instack-certs/undercloud.pem key: /etc/pki/instack-certs/undercloud.pem ---