From c83412e537880e48ebd697a5756a70e93824ee19 Mon Sep 17 00:00:00 2001
From: Wenkai Yin <yinw@vmware.com>
Date: Tue, 22 Mar 2016 18:09:03 +0800
Subject: [PATCH] add --insucure-registry option to user_guide

---
 docs/user_guide.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/user_guide.md b/docs/user_guide.md
index 5d7c40bbb..c5a075b2a 100755
--- a/docs/user_guide.md
+++ b/docs/user_guide.md
@@ -72,7 +72,17 @@ Administrator can add "SysAdmin" role to an ordinary user by toggling the switch
 ![browse project](img/set_admin_remove_user.png)
 
 ##Pulling and pushing images using Docker client
+
 **NOTE: Harbor only supports Registry V2 API. You need to use Docker client 1.6.0 or higher.**  
+
+If you encounter an error as below when you pull or push images, you need to add '--insecure-registry' option to /etc/default/docker (ubuntu) or /etc/sysconfig/docker (centos):    
+*FATA[0000] Error response from daemon: v1 ping attempt failed with error:  
+Get https://myregistrydomain.com:5000/v1/_ping: tls: oversized record received with length 20527.   
+If this private registry supports only HTTP or HTTPS with an unknown CA certificate,please add   
+`--insecure-registry myregistrydomain.com:5000` to the daemon's arguments.  
+In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag;  
+simply place the CA certificate at /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt*  
+
 ###Pulling images
 If the project that the image belongs to is private, you should sign in first: