diff --git a/registry/client_factory.go b/registry/client_factory.go
index 53b7acca2..12265298d 100644
--- a/registry/client_factory.go
+++ b/registry/client_factory.go
@@ -3,6 +3,7 @@ package registry
 import (
 	"context"
 	"crypto/tls"
+	"net"
 	"net/http"
 	"net/url"
 	"sync"
@@ -92,11 +93,21 @@ attemptChallenge:
 }
 
 func (f *RemoteClientFactory) ClientFor(repo image.CanonicalName, creds Credentials) (Client, error) {
+	repoHosts := []string{repo.Domain}
+	// allow the insecure hosts list to contain hosts with or without the port
+	repoHostWithoutPort, _, err := net.SplitHostPort(repo.Domain)
+	if err == nil {
+		// parsing fails if no port is present
+		repoHosts = append(repoHosts, repoHostWithoutPort)
+	}
 	insecure := false
+insecureCheckLoop:
 	for _, h := range f.InsecureHosts {
-		if repo.Domain == h {
-			insecure = true
-			break
+		for _, repoHost := range repoHosts {
+			if h == repoHost {
+				insecure = true
+				break insecureCheckLoop
+			}
 		}
 	}