RepoFlow
Error Knowledge Base DOCKER dial_tcp_connection_refused

ERROR: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io ... connection refused

Docker reached the target host, but the TCP connection to the registry was refused, usually because nothing is listening or a firewall blocked it.

What This Error Means

Docker reached the target host, but the TCP connection to the registry was refused, usually because nothing is listening or a firewall blocked it.

How to Fix It

Retry with debug logs:docker --debug pull <image>

Validate DNS and connectivity to the registry host from the same machine.

If you use a proxy, ensure Docker is configured to use it (daemon + CLI env).

If the registry is internal, confirm health and TLS cert validity.

Why It Happens

DNS, firewall, proxy, or VPN is blocking registry traffic.

The registry is temporarily unavailable or overloaded.

Corporate proxies are interfering with TLS or long-lived connections.

How to Verify

Re-run the original pull/push and confirm it completes.

Confirm CI runners can reach the same registry endpoint.

Examples

ERROR: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io ... connection refused
dial tcp: lookup auth.docker.io on [::1]:53: read udp ...: connection refused

Prevention Tips

Use a proxy/cache registry to reduce dependence on upstream availability.

Keep runner network configuration consistent (DNS/proxy/firewall).

Need help or found a mistake? Contact RepoFlow support for questions.

Join our mailing list