My favorite use of this is peer-to-peer transfer of Docker images. The Docker CLI only allows you to use registries authenticated with HTTPS but there's an exception where it allows HTTP transfers over localhost.
So, if you use SSH tunneling to forward a port from localhost to a remote, then Docker unwittingly pushes to a remote. This is super useful "off the grid" with robotics/embedded applications where you don't want to bother with a registry and a good Internet connection.
Example, docker pussh: https://github.com/psviderski/unregistry
That's not quite true, you just need to add the `insecure-registries`[1] option with a list of either IP (or ip ranges) or hostnames that you want to allow without TLS.
```/etc/docker/daemon.json
```[1] https://docs.docker.com/reference/cli/dockerd/#insecure-regi...
Yes this is true. I should caveat that we distributed the tool among a team and we didn't want to ask them to all edit their daemon.json with an ever-expanding list of IP addresses.
This is really useful as you don't have to add an entry under insecure-registries for local registries that don't have valid certificates.
You might as well handover the images to hackers.
iirc there's a setting to allow docker to trust and use http registries
i set it up a few years ago for my homelab
Which makes me think that I have never heard of signed images/artefacts