I am trying to set up a private registry with authentication but I always get an “authentication required” error. Every time I try to push a repository, I get the following:
$ docker login -u username -p password docker.domain.com
Login Suceeded
$ docker tag ubuntu:16.04 docker.domain.com/username/ubuntu:16.04
$ docker push docker.domain.com/username/ubuntu:16.04
The push refers to a repository [docker.domain.com/username/ubuntu]
5eb5bd4c5014: Pushing [==================================================>] 3.072 kB
d195a7a18c70: Pushing [==================================================>] 4.608 kB
af605e724c5a: Pushing 11.78 kB
59f161c3069d: Pushing [==================================================>] 15.87 kB
4f03495a4d7d: Preparing
unauthorized: authentication required
Everything works fine if I disable the authentication.
Details on my configuration:
Versions:
$ docker --version
Docker version 1.12.6, build 78d1802
$ docker exec registry_registry_1 registry --version
registry github.com/docker/distribution v2.6.0
Password creation:
run --entrypoint htpasswd registry:2 -Bbn "username" "password" > /var/docker/registry/htpasswd
Registry configuration:
My docker-compose.yml for the registry:
version: '2'
services:
registry:
restart: always
image: registry:2
hostname: docker.domain.com
expose:
- '5000'
networks:
- proxy
- default
environment:
VIRTUAL_HOST: docker.domain.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 5000
REGISTRY_HTTP_TLS_CERTIFICATE: /etc/letsencrypt/live/docker.domain.com/fullchain.pem
REGISTRY_HTTP_TLS_KEY: /etc/letsencrypt/live/docker.domain.com/privkey.pem
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- data:/var/lib/registry
- /etc/letsencrypt:/etc/letsencrypt:ro
- /var/docker/registry/htpasswd:/auth/htpasswd:ro
volumes:
data:
networks:
proxy:
external:
name: nginxproxy
Proxy configuration:
I am using Let’s Encrypt certificates and I have a nginx proxy (dockerised). My proxy settings for this domain:
# docker.domain.com
upstream 05f14a7ef1612df49ba3c1584d37506836851ee2 {
## Can be connect with "nginxproxy" network
# registry_registry_1
server 172.20.0.8:5000;
}
server {
server_name docker.domain.com;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name docker.domain.com;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/letsencrypt/live/docker.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/docker.domain.com/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000";
include /etc/nginx/vhost.d/docker.domain.com;
location /.well-known/ {
root /var/www/docker.domain.com;
}
location / {
proxy_pass https://05f14a7ef1612df49ba3c1584d37506836851ee2;
}
}