malformed auth challenge header error about reg HOT 24 CLOSED

I had to use the full uri to get the reg-server working with my basic auth registry not only the fqdn

from reg.

from reg.

Humm.. I think I followed the doc here: https://docs.docker.com/registry/deploying/#native-basic-auth
so with REGISTRY_AUTH=htpasswd, REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm, and REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd and just an apache-style unique account.

from reg.

from reg.

Those variables have been passed with the environment: section of my docker-compose.yml file. Isn't it the same as using the -e flag? Besides, auth is working well for docker login and push/pull commands, but not for reg. Below is my complete docker-compose.yml:

registry-data:
  image: busybox:latest
  volumes:
    - /opt/registry-data:/var/lib/registry
  command: /bin/echo

registry:
  image: registry:2.5.1
  container_name: registry
  restart: always
  environment:
    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/wyplay.crt
    REGISTRY_HTTP_TLS_KEY: /certs/wyplay.key
    REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
    REGISTRY_AUTH: htpasswd
    REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
  ports:
    - 443:5000
  volumes_from:
    - registry-data
  volumes:
    - /etc/pki/tls/certs:/certs
    - /opt/etc/auth:/auth
    - /opt/etc/config.yml:/etc/docker/registry/config.yml

from reg.

Wegen you do a docker Login First, is the User/Pass args still required?

I geht the Dame error in Usingen your req docker Container

from reg.

My docker-compose looks like
` docker_frontend:
restart: always
image: r.j3ss.co/reg-server
container_name: reg-server
ports:
- 8080:8080
depends_on:
- docker_registry
networks:
- docker
- proxy
command: --debug --registry r.nitram.at --username REGUSER --password REGPWD

docker_registry:
    restart: always
    image: registry:2
    container_name: docker_registry
   ports:
      - 5000:5000
    volumes:
        - ./certs/docker_registry:/certs
        - ./docker_registry/data:/var/lib/registry
        - ./docker_registry/config:/config
    environment:
        - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain1.pem
        - REGISTRY_HTTP_TLS_KEY=/certs/privkey1.pem
        - REGISTRY_STORAGE_DELETE_ENABLED=True
        - REGISTRY_AUTH=htpasswd
        - REGISTRY_AUTH_HTPASSWD_REALM=r.nitram.at
        - REGISTRY_AUTH_HTPASSWD_PATH=/config/htpasswd
    networks:
        - docker
        - proxy            

`

The pors are exposed at the moment to debug the setup - finally i want to hide them behind an already running nginx.

My reg call looks like
docker run -it --rm -v ${HOME}/.docker:/root/.docker r.j3ss.co/reg -r r.nitram.at-u $REGUSER -p $REGPWD ls

When i remove the REGISTRY_AUTH from the registry, both works - the reg-server and the reg command ....

from reg.

@jessfraz any idea how to debug this?

from reg.

I wanted to try reg and ran into the same problem. curl -I on my registry returns:

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Www-Authenticate: Basic realm="Registry"
X-Content-Type-Options: nosniff
Date: Tue, 04 Apr 2017 10:16:15 GMT
Content-Length: 87

and that’s straight from the official Docker registry.

Browsing through the code with my feeble Go skills leads me to believe, that something confuses reg to use tokentransport instead of basictransport?

from reg.

from reg.

from reg.

Sorry I was unclear! I didn’t mean Docker.com’s registry, I meant the official docker registry container. Auth is configured as:

auth:
  htpasswd:
    realm: Registry
    path: /etc/docker/registry/htpasswd

which results in basic auth.

from reg.

from reg.

from reg.

Great workaround @mabunixda ! Thanks a lot.
reg -u ... -p ... list -> malformed auth challenge header
but:
reg --registry https://docker.wyplay.com -u ... -p ... list -> works!

Thanks 👍

from reg.

from reg.

Oh so it is mandatory to use the --registry/-r option? my mistake then, sorry about that.
It happens to find its way probably using the login credentials (in .docker/config.json).
Is it ok for @hynek as well? If so I can close this issue.

from reg.

from reg.

Yes it works for me. I didn’t want to spam so I just pressed 👍 on the comment. I was under the impression that the https:// prefix gets regularly normalized away. 🤔

from reg.

So it was just that I forgot the --registry option and you forgot the protocol in the uri. :)
I close this bug. Sorry about the time spent @jessfraz and thanks for the tool 😃

from reg.

I may be missing something but the README uses $ reg -r r.j3ss.co ls as an example, so it seems totally reasonable to me to leave out the https:// prefix? ISTM that something should be fixed, or am I misunderstanding something completely?

EDIT: reg --help says --registry value, -r value URL to the private registry (ex. r.j3ss.co) too

from reg.

from reg.

Do you mean ~/.docker/config.json → "auths"?

Because I have both versions there (once with https:// prefix and once without):

{
	"auths": {
		"docker.vm.ag": {
			"auth": "[redacted]"
		},
                "https://docker.vm.ag/": {
			"auth": "[redacted]"
		}
	},
	"HttpHeaders": {
		"User-Agent": "Docker-Client/1.13.1 (darwin)"
	}
}

and that gives me the behavior I mentioned before:

reg -r https://docker.vm.ag/ -d ls works

2017/04/18 14:59:49 registry.ping url=https://docker.vm.ag/v2/
2017/04/18 14:59:49 registry.catalog url=https://docker.vm.ag/v2/_catalog
Repositories for https://docker.vm.ag/
[contents]

reg -r docker.vm.ag -d ls gives me

2017/04/18 14:58:12 registry.ping url=https://docker.vm.ag/v2/
Get https://docker.vm.ag/v2/: malformed auth challenge header: 'Basic realm="Registry"'

NAME:
   reg - Docker registry v2 client.
[usage]

So from your comment I take both should work (and therefore this bug should be re-opened)?

from reg.

from reg.