Comments (24)
I had to use the full uri to get the reg-server working with my basic auth registry not only the fqdn
from reg.
from reg.
Humm.. I think I followed the doc here: https://docs.docker.com/registry/deploying/#native-basic-auth
so with REGISTRY_AUTH=htpasswd, REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm, and REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd and just an apache-style unique account.
from reg.
from reg.
Those variables have been passed with the environment:
section of my docker-compose.yml
file. Isn't it the same as using the -e
flag? Besides, auth is working well for docker login and push/pull commands, but not for reg. Below is my complete docker-compose.yml
:
registry-data:
image: busybox:latest
volumes:
- /opt/registry-data:/var/lib/registry
command: /bin/echo
registry:
image: registry:2.5.1
container_name: registry
restart: always
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/wyplay.crt
REGISTRY_HTTP_TLS_KEY: /certs/wyplay.key
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
ports:
- 443:5000
volumes_from:
- registry-data
volumes:
- /etc/pki/tls/certs:/certs
- /opt/etc/auth:/auth
- /opt/etc/config.yml:/etc/docker/registry/config.yml
from reg.
Wegen you do a docker Login First, is the User/Pass args still required?
I geht the Dame error in Usingen your req docker Container
from reg.
My docker-compose looks like
` docker_frontend:
restart: always
image: r.j3ss.co/reg-server
container_name: reg-server
ports:
- 8080:8080
depends_on:
- docker_registry
networks:
- docker
- proxy
command: --debug --registry r.nitram.at --username REGUSER --password REGPWD
docker_registry:
restart: always
image: registry:2
container_name: docker_registry
ports:
- 5000:5000
volumes:
- ./certs/docker_registry:/certs
- ./docker_registry/data:/var/lib/registry
- ./docker_registry/config:/config
environment:
- REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain1.pem
- REGISTRY_HTTP_TLS_KEY=/certs/privkey1.pem
- REGISTRY_STORAGE_DELETE_ENABLED=True
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=r.nitram.at
- REGISTRY_AUTH_HTPASSWD_PATH=/config/htpasswd
networks:
- docker
- proxy
`
The pors are exposed at the moment to debug the setup - finally i want to hide them behind an already running nginx.
My reg call looks like
docker run -it --rm -v ${HOME}/.docker:/root/.docker r.j3ss.co/reg -r r.nitram.at-u $REGUSER -p $REGPWD ls
When i remove the REGISTRY_AUTH from the registry, both works - the reg-server and the reg command ....
from reg.
@jessfraz any idea how to debug this?
from reg.
I wanted to try reg
and ran into the same problem. curl -I on my registry returns:
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Www-Authenticate: Basic realm="Registry"
X-Content-Type-Options: nosniff
Date: Tue, 04 Apr 2017 10:16:15 GMT
Content-Length: 87
and that’s straight from the official Docker registry.
Browsing through the code with my feeble Go skills leads me to believe, that something confuses reg
to use tokentransport
instead of basictransport
?
from reg.
from reg.
from reg.
Sorry I was unclear! I didn’t mean Docker.com’s registry, I meant the official docker registry container. Auth is configured as:
auth:
htpasswd:
realm: Registry
path: /etc/docker/registry/htpasswd
which results in basic auth.
from reg.
from reg.
from reg.
Great workaround @mabunixda ! Thanks a lot.
reg -u ... -p ... list
-> malformed auth challenge header
but:
reg --registry https://docker.wyplay.com -u ... -p ... list
-> works!
Thanks 👍
from reg.
from reg.
Oh so it is mandatory to use the --registry
/-r
option? my mistake then, sorry about that.
It happens to find its way probably using the login credentials (in .docker/config.json
).
Is it ok for @hynek as well? If so I can close this issue.
from reg.
from reg.
Yes it works for me. I didn’t want to spam so I just pressed 👍 on the comment. I was under the impression that the https://
prefix gets regularly normalized away. 🤔
from reg.
So it was just that I forgot the --registry
option and you forgot the protocol in the uri. :)
I close this bug. Sorry about the time spent @jessfraz and thanks for the tool 😃
from reg.
I may be missing something but the README uses $ reg -r r.j3ss.co ls
as an example, so it seems totally reasonable to me to leave out the https://
prefix? ISTM that something should be fixed, or am I misunderstanding something completely?
EDIT: reg --help
says --registry value, -r value URL to the private registry (ex. r.j3ss.co)
too
from reg.
from reg.
Do you mean ~/.docker/config.json → "auths"?
Because I have both versions there (once with https://
prefix and once without):
{
"auths": {
"docker.vm.ag": {
"auth": "[redacted]"
},
"https://docker.vm.ag/": {
"auth": "[redacted]"
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/1.13.1 (darwin)"
}
}
and that gives me the behavior I mentioned before:
reg -r https://docker.vm.ag/ -d ls
works
2017/04/18 14:59:49 registry.ping url=https://docker.vm.ag/v2/
2017/04/18 14:59:49 registry.catalog url=https://docker.vm.ag/v2/_catalog
Repositories for https://docker.vm.ag/
[contents]
reg -r docker.vm.ag -d ls
gives me
2017/04/18 14:58:12 registry.ping url=https://docker.vm.ag/v2/
Get https://docker.vm.ag/v2/: malformed auth challenge header: 'Basic realm="Registry"'
NAME:
reg - Docker registry v2 client.
[usage]
So from your comment I take both should work (and therefore this bug should be re-opened)?
from reg.
from reg.
Related Issues (20)
- Tests don't pass after cloning and running make test HOT 3
- Support to pass Client CERT/Key and CA CERT HOT 2
- Manifest Lists incorrectly queried from Docker Hub HOT 1
- Can't run clean install using go modules HOT 2
- registry type HOT 2
- Reg leaving lot of openfiles on the registry HOT 1
- behavior of ping is against Docker v2 API Spec HOT 2
- reg server update interval HOT 1
- `reg rm` deletes more than just the specified tag HOT 5
- Add pagination support for tag listing
- clair.layer400 Bad Request: "vulnerability scanning for <image> failed: clair error: could not find layer" HOT 2
- vulns return invalid character '<' HOT 1
- Docs don't explain how to manage insecure private registry HOT 3
- Why this project has no documents about how to use its API (import) ?
- Add option to map digest to tag
- RSS or Atom feed for repository tags
- go install gives error
- reg dont use /etc/hosts
- `reg rm` irritatingly states "docker.io" for image deleted from GitLab registry HOT 1
- Add support for reading credential from podman's auth.json
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from reg.