Hello,
I have been trying to run the Docker Registry on my VPS but I have had no luck. I have been reading the docs here, as well as Googling and following other tutorials and posts. I spent the better half of yesterday trying to triage this.
I am running a real simple docker registry. This is my docker-compose.yml file:
version: '3.3'
services:
registry:
image: registry:latest
ports:
- "5017:5000"
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry
REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
volumes:
- ./auth:/auth
- ./data:/data
I originally had this
version: '3'
services:
registry:
image: registry:2
ports:
- "5000:5000"
environment:
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
volumes:
- ./data:/data
I even tried running it without compose docker run p 5017:5000 --restart=always --name registry registry:2 and every time I run curl http://localhost:5017/v2/_catalog I get Recv failure: Connection reset by peer. I don’t get it. I have a ton of other Docker containers running just fine. I don’t see what the issue is.
The port is open
# lsof -i:5017
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 20836 root 4u IPv4 88933941 0t0 TCP *:5017 (LISTEN)
docker-pr 20840 root 4u IPv6 88933946 0t0 TCP *:5017 (LISTEN)
Container is up
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fcb3c6320c44 registry:2 "/entrypoint.sh /etc…" 5 seconds ago Up 3 seconds 0.0.0.0:5017->5000/tcp, :::5017->5000/tcp registry
Originally I started by just trying to connect from outside my VPS. I kept getting 502 and 403 errors. I am running httpd Apache on CentOS 7.
# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Mar 24 2022 14:57:57
My Virtual Host:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName docker.domain.com
ServerAlias www.docker.domain.com
ErrorLog /var/www/Docker.domain.com/prod/Logs/httpd/error.log
CustomLog /var/www/Docker.domain.com/prod/Logs/httpd/requests.log combined
ProxyPreserveHost on
# ProxyRequests off
# ProxyVia On
ProxyPass / http://127.0.0.1:5017/
ProxyPassReverse / http://127.0.0.1:5017/
Header always set "Docker-Distribution-Api-Version" "registry/2.0"
Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
RequestHeader set X-Forwarded-Proto "https"
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/letsencrypt/live/docker.domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/docker.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/docker.domain.com/chain.pem
</VirtualHost>
</IfModule>
I even stopped apache and tried installing and using nginx:
server {
listen 80;
server_name docker.domain.com www.docker.domain.com;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/moby/moby/issues/1486)
chunked_transfer_encoding on;
location / {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
# To add basic authentication to v2 use auth_basic setting.
# auth_basic "Registry realm";
# auth_basic_user_file /etc/nginx/conf.d/nginx.htpasswd;
## If $docker_distribution_api_version is empty, the header is not added.
## See the map directive above where this variable is defined.
# add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
proxy_pass http://localhost:5017;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
Then accessing it via https://docker.domain.com/v2 gives me either a 502 or 403 depending on the settings in my VH.
I would really appreciate any guidance. Thank you!