Docker push does not support url prefix


I want to create a private docker registry in my k8s environment. According to the documentation of the docker registry, it supports a url prefix.

However, according to the docker API specification, all URLs start with /, indicating they do not support a URL prefix.

I have a container registry instance with the prefix /registry/. I tag an image as When I do docker push, my router log show the request is send to /v2/registry/hello-world.

Is there anything I can do to make the docker engine to recognise the URL prefix?

The registry indeed has support for a prefix, but neither docker login nor docker push support it.
Though, I have no idea why it exists.

I know Container Registries that can manage multiple registries (like Artifactory), that require you put a reverse proxy in front that is mapping domain names to url paths before forwarded it to the registry.

Though, I have no idea why this would make sense with the registry.

Would docker push consider supporting a URL prefix in the future? I think it would be very nice. Not all companies can afford to create a separate domain for each of their container registries.

If you feel it is a bug, open an issue in the Github Repositories. Though, I am not sure if this would need to be opened in GitHub - docker/cli: The Docker CLI or GitHub - moby/moby: Moby Project - a collaborative project for the container ecosystem to assemble container-based systems.

I would probably open the issue in moby, as it would require changes on the docker api, the backend and the cli.

Why would a company need to pay for individual subdomains for their domain(s)? Most companies I work with do not even expose their registries to the internet - usually they are only reachable within private corporate networks, where they have full control about domain names and certificates. Though, none of them uses the open source registry.

The prefix is not for what you think. You could use a proxy server and forward the request to the registry

You can’t include it in the name of the image tag.

As @meyay pointed out, you don’t need a whole new domain. I agree that creating a subdomain should be possible, but even if it isn’t, you can change the port instead of the name of the image:

docker build . -t
docker push

Using a subdomain would be more user friendly, but using a port internally shouldn’t be a problem either unless company policy allows only port 443 to be open. My registry ran that way for years before I configured a proxy, but even I can configure a subdomain for free and I’m not a company :slight_smile:

1 Like

Can you show me how you configured your proxy and how you pushed images to that container register?

According to stevvooe’s bug:

The registry should not assume it’s running at the root of the server.
eg: both https://myregistry/v2/ and https://myregistry/something/v2/ should be possible.

Does he mean both docker push https://myregistry/hell-world and docker push https://myregistry/something/hell-world should be possible or something else? I am quite confused.

My registry is deployed in k8s, and I have an Istio ingress gateway. Currently, I simply match a URL prefix and reroute requests to the registry pod. But since docker push ignores the prefix, that match rule is ineffective.


No, I don’t have that (I tried to find it yesterday) but it wouldn’t help you. As I tried to explain in my previous post it is not what you need if your propblem is using another domain or subdomain. I can still give you some idea at the end of this comment.

No. That post was about the final API call not the name of your image which can’t be changed. It is your domain name or IP address, optionally the por tnumber and the rest of it is the path of the repository in the registry. You can’t prefix it without changing the name of the image in the registry.

You could still configure the ingress to handle one more subdomain, but let’s say it is really not possible. Don’t configure a registry prefix but use its already existing path to configure the ingress. For example while I was reading your message, I started to remember what I did in my proxy. I wanted to use the same domain for the webinterface of “Portus” docker registry (discontinued) and the registry itself. By default it required to use a different port for the registry. So I configured my proxy to forward all requests to the registry when the path started with “/v2”. Assuming you don’t have any other service that has a similar path, it should work. You should also check the logs (client and server) if it doesn’t work and find out what path is still not handled by the ingress. If you have other services started with “/v2”, you can try to write a more complex rule. I don’t use istio, but I guess a regex could also help:

Yeah, rerouting all /v2 to the registry pod is what I am doing right now. Thanks!