ssl – Docker：TLS握手超时

我已经创建了自己的私人注册表(私人注册表),但我无法将图像推送到它.
比我得到以下错误：

The push refers to a repository [private-registry:5000/ubuntu] (len: 1)
unable to ping registry endpoint https://private-registry:5000/v0/
v2 ping attempt failed with error: Get https://private-registry:5000/v2/: net/http: TLS handshake timeout
 v1 ping attempt failed with error: Get https://private-registry:5000/v1/_ping: net/http: TLS handshake timeout

正在运行的注册表的日志显示以下内容：

time="2015-12-14T07:59:21Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret,fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
time="2015-12-14T07:59:21Z" level=info msg="redis not configured" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
time="2015-12-14T07:59:21Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
time="2015-12-14T07:59:21Z" level=info msg="listening on [::]:5000,tls" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 
time="2015-12-14T07:59:21Z" level=info msg="Starting upload purge in 47m0s" go.version=go1.5.2 instance.id=a77e1955-3688-4fe3-a06e-0341787f8d0f version=v2.2.1 

我无法卷曲我的注册表(超时).
这是我执行的步骤：

首先,我创建了自签名证书：

mkdir -p certs && openssl req 
  -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key 
  -x509 -days 365 -out certs/domain.crt

我创建了我的注册表,它将使用此证书：

docker run -d -p 5000:5000 --restart=always --name private-registry 
  -v `pwd`/certs:/certs 
  -e REGISTRY_HTTP_TLS_CERTIFICATE=certs/domain.crt 
  -e REGISTRY_HTTP_TLS_KEY=certs/domain.key 
  registry:2

我给了正确的权限：

chcon -Rt svirt_sandbox_file_t ~certs/

我创建了：/etc/docker/etc.d/private-registry:5000/
我在其中复制了我的domain.crt.
我编辑了我的/ etc / hosts并添加了：
10.0.0.X private-registry(我的内部ip和我的注册表名称)

我还重新启动了docker和我的注册表.

编辑：

[centos@ ~]$curl -v private-registry:5000
* About to connect() to private-registry port 5000 (#0)
*   Trying 10.0.0.xx...
* Connected to private-registry (10.0.0.xx) port 5000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: private-registry:5000
> Accept: */*
> 

* Connection #0 to host private-registry left intact
[centos@~]$curl -v https://private-registry:5000
* About to connect() to private-registry port 5000 (#0)
*   Trying 10.0.0.xx...
* Connected to private-registry (10.0.0.xx) port 5000 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * NSS error -5990 (PR_IO_TIMEOUT_ERROR)
* I/O operation timed out
* Closing connection 0
curl: (35) I/O operation timed out